fix(macos): signing

2022-09-12 12:14:30 +02:00 · 2022-09-12 12:14:30 +02:00 · 6567a25215
commit 6567a25215
parent 53cb71df89
2 changed files with 16 additions and 6 deletions
--- a/prepare_artifacts.sh
+++ b/prepare_artifacts.sh
@ -23,22 +23,24 @@ if [[ "${OS_NAME}" == "osx" ]]; then
    DEFAULT_KEYCHAIN="$(security default-keychain | sed -E 's|^.*/([^/]+)\-db"$|\1|')"

    echo "${CERTIFICATE_OSX_P12}" | base64 --decode > "${CERTIFICATE_P12}"
+    security default-keychain
    security create-keychain -p mysecretpassword "${CODIUM_KEYCHAIN}"
-    security default-keychain -s "${CODIUM_KEYCHAIN}"
+    # security default-keychain -s "${CODIUM_KEYCHAIN}"
    security unlock-keychain -p mysecretpassword "${CODIUM_KEYCHAIN}"
+
+    echo "import"
    security import "${CERTIFICATE_P12}" -k "${CODIUM_KEYCHAIN}" -P "${CERTIFICATE_OSX_PASSWORD}" -T /usr/bin/codesign
+
+    echo "set-key-partition-list"
    security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword "${CODIUM_KEYCHAIN}"

+    echo "codesign"
    if [[ "${VSCODE_QUALITY}" == "insider" ]]; then
      codesign --deep --force --verbose --sign "${CERTIFICATE_OSX_ID}" "VSCodium - Insiders.app"
    else
      codesign --deep --force --verbose --sign "${CERTIFICATE_OSX_ID}" "VSCodium.app"
    fi

-    # put back old keychain
-    security delete-keychain "${CODIUM_KEYCHAIN}"
-    security default-keychain -s "${DEFAULT_KEYCHAIN}"
-
    cd ..
  fi

@ -57,6 +59,12 @@ if [[ "${OS_NAME}" == "osx" ]]; then
    popd
  fi

+  if [[ "${CI_BUILD}" != "no" ]]; then
+    # put back old keychain
+    security delete-keychain "${CODIUM_KEYCHAIN}"
+    security default-keychain -s "${DEFAULT_KEYCHAIN}"
+  fi
+
  VSCODE_PLATFORM="darwin"
 elif [[ "${OS_NAME}" == "windows" ]]; then
  cd vscode || { echo "'vscode' dir not found"; exit 1; }
--- a/release.sh
+++ b/release.sh
@ -13,16 +13,18 @@ REPO_NAME="${GITHUB_REPOSITORY:(${#OWNER}+1)}"
 if [[ "${VSCODE_QUALITY}" == "insider" ]]; then
  REPOSITORY="${REPO_NAME:-"vscodium"}-insiders"
  NOTES="update vscode to [${MS_COMMIT}](https://github.com/microsoft/vscode/tree/${MS_COMMIT})"
+  CREATE_OPTIONS=""
 else
  REPOSITORY="${REPO_NAME:-"vscodium"}"
  NOTES="update vscode to [${MS_TAG}](https://code.visualstudio.com/updates/v$( echo ${MS_TAG//./_} | cut -d'_' -f 1,2 ))"
+  CREATE_OPTIONS="--generate-notes"
 fi

 npm install -g github-release-cli

 if [[ $( gh release view --repo "${OWNER}/${REPOSITORY}" "${RELEASE_VERSION}" 2>&1 ) =~ "release not found" ]]; then
  echo "Creating release '${RELEASE_VERSION}'"
-  gh release create "${RELEASE_VERSION}" --repo "${OWNER}/${REPOSITORY}" --notes "${NOTES}" --generate-notes
+  gh release create "${RELEASE_VERSION}" --repo "${OWNER}/${REPOSITORY}" --notes "${NOTES}" ${CREATE_OPTIONS}
 fi

 cd artifacts