Skip to content

Commit

Permalink
Merge pull request #2700 from SasView/night_build_sigining_fix
Browse files Browse the repository at this point in the history 
Nightly builds fix
  • Loading branch information
Wojciech Potrzebowski authored Jan 15, 2024
2 parents 296221b + c658162 commit bf0f05d
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 53 deletions.
33 changes: 20 additions & 13 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,17 +226,31 @@ jobs:
iscc installers/installer.iss
mv installers/Output/setupSasView.exe installers/dist
- name: Build sasview installer dmg file (OSX)
- name: Sign executable and create dmg (OSX)
if: ${{ matrix.installer && startsWith(matrix.os, 'macos') }}
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p DloaAcYP build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p DloaAcYP build.keychain
security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k DloaAcYP build.keychain
cd installers/dist
hdiutil create SasView5.dmg -srcfolder SasView5.app -ov -format UDZO
python ../../build_tools/fix_qt_folder_names_for_codesign.py SasView6.app
python ../../build_tools/code_sign_osx.py
codesign --verify --options=runtime --entitlements ../../build_tools/entitlements.plist --timestamp --deep --verbose=4 --force --sign "Developer ID Application: European Spallation Source Eric (W2AG9MPZ43)" SasView6.app
hdiutil create SasView6.dmg -srcfolder SasView6.app -ov -format UDZO
codesign -s "Developer ID Application: European Spallation Source Eric (W2AG9MPZ43)" SasView6.dmg
- name: Build sasview installer tarball (Linux)
if: ${{ matrix.installer && startsWith(matrix.os, 'ubuntu') }}
run: |
cd installers/dist
tar zcf sasview5.tar.gz sasview
tar zcf sasview6.tar.gz sasview
- name: Collect a debug tarball of the installer package
if: ${{ matrix.installer }}
Expand All @@ -247,22 +261,15 @@ jobs:
installers/dist/sasview-pyinstaller-dist.tar.gz
if-no-files-found: ignore

- name: Fix qt folders and create dmg (OSX)
if: ${{ matrix.installer && startsWith(matrix.os, 'macos') }}
run: |
cd installers/dist
python ../../build_tools/fix_qt_folder_names_for_codesign.py SasView5.app
hdiutil create SasView5.dmg -srcfolder SasView5.app -ov -format UDZO
- name: Publish installer package
if: ${{ matrix.installer }}
uses: actions/upload-artifact@v3
with:
name: SasView-Installer-${{ matrix.os }}-${{ matrix.python-version }}
path: |
installers/dist/setupSasView.exe
installers/dist/SasView5.dmg
installers/dist/sasview5.tar.gz
installers/dist/SasView6.dmg
installers/dist/sasview6.tar.gz
if-no-files-found: error


Expand Down Expand Up @@ -372,7 +379,7 @@ jobs:
if: ${{ startsWith(matrix.os, 'ubuntu') }}
run: |
# $INSTALL_PATH is already the base directory
tar xf "$DL_PATH/sasview5.tar.gz"
tar xf "$DL_PATH/sasview6.tar.gz"
- name: Check installation files
run: |
Expand Down
41 changes: 9 additions & 32 deletions .github/workflows/nightly-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,49 +34,26 @@ jobs:
run: ls -R
working-directory: installers/dist

- name: Set up Python
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}

- name: Sign executable and create dmg (OSX)
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
- name: Rename remaining artifacts artifacts
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p DloaAcYP build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p DloaAcYP build.keychain
security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k DloaAcYP build.keychain
cd installers/dist
python ../../build_tools/code_sign_osx.py
codesign --verify --options=runtime --entitlements ../../build_tools/entitlements.plist --timestamp --deep --verbose=4 --force --sign "Developer ID Application: European Spallation Source Eric (W2AG9MPZ43)" SasView5.app
hdiutil create SasView5.dmg -srcfolder SasView5.app -ov -format UDZO
codesign -s "Developer ID Application: European Spallation Source Eric (W2AG9MPZ43)" SasView5.dmg
mv installers/dist/SasView-Installer-windows-*/setupSasView.exe installers/dist/setupSasView-nightly-Win64.exe
mv installers/dist/SasView-Installer-macos-*/SasView6.dmg installers/dist/SasView-nightly-MacOSX.dmg
mv installers/dist/SasView-Installer-ubuntu-*/sasview6.tar.gz installers/dist/SasView-nightly-Linux.tar.gz
#This GH action will need to be replaced soon as altool will be deprecated late 2023
- name: Notarize Release Build (OSX)
uses: GuillaumeFalourd/xcode-notarize@v1
uses: lando/notarize-action@v2
with:
product-path: "installers/dist/SasView5.dmg"
primary-bundle-id: "org.sasview.SasView5"
product-path: "installers/dist/SasView-nightly-MacOSX.dmg"
primary-bundle-id: "org.sasview.SasView6"
appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }}
appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }}
appstore-connect-team-id: W2AG9MPZ43
verbose: True

- name: Staple Release Build (OSX)
uses: BoundfoxStudios/action-xcode-staple@v1
with:
product-path: "installers/dist/SasView5.dmg"

- name: Rename artifacts
run: |
mv installers/dist/SasView-Installer-windows-*/setupSasView.exe installers/dist/setupSasView-nightly-Win64.exe
mv installers/dist/SasView-Installer-macos-*/SasView5.dmg installers/dist/SasView-nightly-MacOSX.dmg
mv installers/dist/SasView-Installer-ubuntu-*/sasview5.tar.gz installers/dist/SasView-nightly-Linux.tar.gz
product-path: "installers/dist/SasView-nightly-MacOSX.dmg"

- name: Upload Nightly Build Installer to GitHub releases
uses: ncipollo/release-action@v1
Expand Down
12 changes: 6 additions & 6 deletions build_tools/code_sign_osx.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,22 +6,22 @@
import subprocess
import itertools

so_list = glob.glob("SasView5.app/Contents/MacOS/**/*.so", recursive=True)
dylib_list = glob.glob("SasView5.app/Contents/MacOS/**/*.dylib", recursive=True)
so_list = glob.glob("SasView*.app/Contents/MacOS/**/*.so", recursive=True)
dylib_list = glob.glob("SasView*.app/Contents/MacOS/**/*.dylib", recursive=True)
dylib_list_resources = glob.glob(
"SasView5.app/Contents/Resources/.dylibs/*.dylib", recursive=True
"SasView*.app/Contents/Resources/.dylibs/*.dylib", recursive=True
)
zmq_dylib_list_resources = glob.glob(
"SasView5.app/Contents/Resources/zmq/.dylibs/*.dylib", recursive=True
"SasView*.app/Contents/Resources/zmq/.dylibs/*.dylib", recursive=True
)

sign_command = ['codesign', '--timestamp', '--options=runtime', '--verify', '--verbose=4', '--force',
'--sign', 'Developer ID Application: European Spallation Source Eric (W2AG9MPZ43)']


#TODO: Check if it is necesarry to do it per file (one long list maybe enough)
for sfile in itertools.chain(so_list, dylib_list, dylib_list_resources, zmq_dylib_list_resources):
for sfile in itertools.chain(so_list, dylib_list, dylib_list_resources,
zmq_dylib_list_resources):
sign_command.append(sfile)
subprocess.check_call(sign_command)
sign_command.pop()

4 changes: 2 additions & 2 deletions installers/sasview.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ coll = COLLECT(

if platform.system() == 'Darwin':
app = BUNDLE(coll,
name='SasView5.app',
name='SasView6.app',
icon='../src/sas/qtgui/images/ball.icns',
bundle_identifier='org.sasview.SasView5',
bundle_identifier='org.sasview.SasView6',
info_plist={'NSHighResolutionCapable': 'True'})

0 comments on commit bf0f05d

Please sign in to comment.