Compare commits
6 Commits
master
...
build-sign
| Author | SHA1 | Date |
|---|---|---|
Ivan Dyachkov
|
f4c23bbad8 | |
|
Ivan Dyachkov
|
4a192adf3d | |
|
Ivan Dyachkov
|
53480ef3ef | |
|
Ivan Dyachkov
|
b3ec89de47 | |
|
Ivan Dyachkov
|
f5690919fb | |
|
Ivan Dyachkov
|
63b21c1188 |
|
|
@ -178,6 +178,10 @@ jobs:
|
|||
working-directory: source
|
||||
env:
|
||||
AUTO_INSTALL_BUILD_DEPS: 1
|
||||
APPLE_SIGN_BINARIES: 1
|
||||
APPLE_DEVELOPER_IDENTITY: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
|
||||
APPLE_DEVELOPER_ID_BUNDLE: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
|
||||
APPLE_DEVELOPER_ID_BUNDLE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
|
||||
run: |
|
||||
. $HOME/.kerl/${{ matrix.otp }}/activate
|
||||
make ensure-rebar3
|
||||
|
|
|
|||
|
|
@ -141,7 +141,7 @@ jobs:
|
|||
- name: prepare
|
||||
run: |
|
||||
brew update
|
||||
brew install curl zip unzip kerl coreutils
|
||||
brew install curl zip unzip kerl coreutils openssl@1.1
|
||||
echo "/usr/local/opt/bison/bin" >> $GITHUB_PATH
|
||||
echo "/usr/local/bin" >> $GITHUB_PATH
|
||||
echo "EMQX_NAME=${{ matrix.profile }}" >> $GITHUB_ENV
|
||||
|
|
@ -150,13 +150,14 @@ jobs:
|
|||
id: cache
|
||||
with:
|
||||
path: ~/.kerl/${{ matrix.otp }}
|
||||
key: otp-install-${{ matrix.otp }}-${{ matrix.macos }}
|
||||
key: otp-install-${{ matrix.otp }}-${{ matrix.macos }}-static-ssl
|
||||
- name: build erlang
|
||||
if: steps.cache.outputs.cache-hit != 'true'
|
||||
timeout-minutes: 60
|
||||
env:
|
||||
KERL_BUILD_BACKEND: git
|
||||
OTP_GITHUB_URL: https://github.com/emqx/otp
|
||||
KERL_CONFIGURE_OPTIONS: --disable-dynamic-ssl-lib --with-ssl=/usr/local/opt/openssl@1.1
|
||||
run: |
|
||||
kerl update releases
|
||||
kerl build ${{ matrix.otp }}
|
||||
|
|
@ -164,6 +165,10 @@ jobs:
|
|||
- name: build ${{ matrix.profile }}
|
||||
env:
|
||||
AUTO_INSTALL_BUILD_DEPS: 1
|
||||
APPLE_SIGN_BINARIES: 1
|
||||
APPLE_DEVELOPER_IDENTITY: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
|
||||
APPLE_DEVELOPER_ID_BUNDLE: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
|
||||
APPLE_DEVELOPER_ID_BUNDLE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
|
||||
run: |
|
||||
. $HOME/.kerl/${{ matrix.otp }}/activate
|
||||
make ensure-rebar3
|
||||
|
|
@ -171,6 +176,11 @@ jobs:
|
|||
make ${{ matrix.profile }}-tgz
|
||||
- name: test
|
||||
run: |
|
||||
# cleanup build-related packages to simulate clean environment
|
||||
for f in $(brew list); do
|
||||
brew uninstall --force --ignore-dependencies --zap --quiet $f
|
||||
done
|
||||
brew install curl
|
||||
pkg_name=$(find _packages/${{ matrix.profile }} -mindepth 1 -maxdepth 1 -iname \*.tar.gz)
|
||||
mkdir -p emqx
|
||||
tar -C emqx -zxf $pkg_name
|
||||
|
|
|
|||
2
bin/emqx
2
bin/emqx
|
|
@ -7,7 +7,7 @@ set -euo pipefail
|
|||
DEBUG="${DEBUG:-0}"
|
||||
[ "$DEBUG" -eq 1 ] && set -x
|
||||
|
||||
RUNNER_ROOT_DIR="$(cd "$(dirname "$(realpath "$0" || echo "$0")")"/..; pwd -P)"
|
||||
RUNNER_ROOT_DIR="$(cd "$(dirname "$(readlink "$0" || echo "$0")")"/..; pwd -P)"
|
||||
|
||||
# shellcheck disable=SC1090,SC1091
|
||||
. "$RUNNER_ROOT_DIR"/releases/emqx_vars
|
||||
|
|
|
|||
3
build
3
build
|
|
@ -242,6 +242,9 @@ make_tgz() {
|
|||
## try to be portable for tar.gz packages.
|
||||
## for DEB and RPM packages the dependencies are resoved by yum and apt
|
||||
cp_dyn_libs "${tard}/emqx"
|
||||
if [[ "${APPLE_SIGN_BINARIES:-0}" == 1 && "$SYSTEM" == macos* ]]; then
|
||||
./scripts/macos-sign-binaries.sh "${tard}/emqx"
|
||||
fi
|
||||
## create tar after change dir
|
||||
## to avoid creating an extra level of 'emqx' dir in the .tar.gz file
|
||||
pushd "${tard}/emqx" >/dev/null
|
||||
|
|
|
|||
|
|
@ -0,0 +1,42 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# intended to run on MacOS only
|
||||
# signs all executable files in a given folder (as $1) with developer certificate
|
||||
|
||||
# required variables:
|
||||
# APPLE_DEVELOPER_IDENTITY: "Developer ID Application: <company name> (<hex id>)"
|
||||
# APPLE_DEVELOPER_ID_BUNDLE: base64-encoded content of apple developer id certificate bundle in pksc12 format
|
||||
# APPLE_DEVELOPER_ID_BUNDLE_PASSWORD: password used when exporting the bundle
|
||||
|
||||
# note: 'bundle' in apple terminology is 'identity'
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
PKSC12_FILE="$HOME/developer-id-application.p12"
|
||||
base64 --decode > "${PKSC12_FILE}" <<<"${APPLE_DEVELOPER_ID_BUNDLE}"
|
||||
|
||||
KEYCHAIN='emqx.keychain-db'
|
||||
KEYCHAIN_PASSWORD="$(openssl rand -base64 32)"
|
||||
|
||||
security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}"
|
||||
security set-keychain-settings -lut 21600 "${KEYCHAIN}"
|
||||
security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}"
|
||||
security import "${PKSC12_FILE}" -P "${APPLE_DEVELOPER_ID_BUNDLE_PASSWORD}" -t cert -f pkcs12 -k "${KEYCHAIN}" -T /usr/bin/codesign
|
||||
security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}"
|
||||
security verify-cert -k "${KEYCHAIN}" -c "${PKSC12_FILE}"
|
||||
security find-identity -p codesigning "${KEYCHAIN}"
|
||||
|
||||
# add new keychain into the search path for codesign, otherwise the stuff does not work
|
||||
keychains=$(security list-keychains -d user)
|
||||
keychain_names=();
|
||||
for keychain in ${keychains}
|
||||
do
|
||||
basename=$(basename "${keychain}")
|
||||
keychain_name=${basename::${#basename}-4}
|
||||
keychain_names+=("${keychain_name}")
|
||||
done
|
||||
security -v list-keychains -s "${keychain_names[@]}" "${KEYCHAIN}"
|
||||
|
||||
set -x
|
||||
REL_DIR="${1}"
|
||||
codesign -s "${APPLE_DEVELOPER_IDENTITY}" -f --verbose=4 --options runtime --timestamp=none "${REL_DIR}"/erts-*/bin/{erlexec,erl}
|
||||
Loading…
Reference in New Issue