diff --git a/.circleci/config.yml b/.circleci/config.yml index 6befc9a..51f787e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -29,10 +29,9 @@ aliases: jobs: build_for_macos: macos: - # CircleCI's Xcode 11.1.0 image is the last of their images to be based on macOS 10.14 - # I've had trouble building for earlier versions of macOS on Catalina but it's unclear whether that was due to - # Catalina or the version of Xcode. We should investigate this further. - xcode: 11.1.0 + # CircleCI's Xcode 12.4.0 image is the last of their images to be based on macOS 10.15 + # CircleCI no longer supports Xcode 11+ on macOS 10.14 + xcode: 12.4.0 steps: - checkout - npm_install: @@ -44,37 +43,12 @@ jobs: condition: *should_sign steps: + - add_ssh_keys - run: name: Import CI context command: | set -e - function decodeToFile () { - if [ -z "$1" ]; then - echo "Missing or invalid filename" - return 1 - fi - if [ -z "$2" ]; then - echo "Missing environment variable contents for file: $1" - return 2 - fi - echo "$2" | base64 --decode > "$1" - } - decodeToFile embedded.provisionprofile "${MAC_PROVISION_PROFILE}" - decodeToFile mas-dev.provisionprofile "${MAC_DEV_PROVISION_PROFILE}" - decodeToFile macos-certs-scratch-foundation.p12.gz "${CSC_MACOS_GZ}" - decodeToFile apple-dev-cert.p12 "${MAC_DEV_CERT}" - gunzip macos-certs-scratch-foundation.p12.gz - security -v create-keychain -p circleci circleci.keychain - security -v default-keychain -s circleci.keychain - security -v import macos-certs-scratch-foundation.p12 -k circleci.keychain -P "${CSC_MACOS_PASSWORD}" -T /usr/bin/codesign -T /usr/bin/productbuild - security -v import apple-dev-cert.p12 -k circleci.keychain -P "${MAC_DEV_CERT_PASSWORD}" -T /usr/bin/codesign -T /usr/bin/productbuild - security -v unlock-keychain -p circleci circleci.keychain - # "set-key-partition-list" prints extensive not-so-useful output and adding "-q" (even multiple times) doesn't suppress it. - # The "grep -v" at the end of this line suppresses all of that so any errors or warnings might be more visible. - security -v set-key-partition-list -S apple-tool:,apple:,codesign: -s -k circleci circleci.keychain | grep -v '^ 0x' - security -v set-keychain-settings -lut 600 circleci.keychain - security -v find-identity circleci.keychain - rm macos-certs-scratch-foundation.p12 apple-dev-cert.p12 + fastlane circleci - restore_cache: # Caching Homebrew's files (see the save_cache step below) means that Homebrew doesn't have to update as # much. The Homebrew update can take several minutes without this, but with the cache it tends to take less @@ -90,9 +64,6 @@ jobs: git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db make --directory=~/app-builder build ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/ - - run: - name: Upgrade to Node 14 - command: brew install node@14 - save_cache: name: Save Homebrew cache paths: diff --git a/.gitignore b/.gitignore index e248d68..b9e2be3 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,10 @@ npm-* # generated translation files /translations /locale + +# Fastlane +**/fastlane/Matchfile +**/fastlane/report.xml +**/fastlane/Preview.html +**/fastlane/screenshots +**/fastlane/test_output diff --git a/electron-builder.yaml b/electron-builder.yaml index 1197423..7daa58d 100644 --- a/electron-builder.yaml +++ b/electron-builder.yaml @@ -15,7 +15,7 @@ mac: gatekeeperAssess: true hardenedRuntime: true icon: buildResources/ScratchDesktop.icns - provisioningProfile: embedded.provisionprofile + provisioningProfile: build/AppStore_edu.mit.scratch.scratch-desktop.provisionprofile artifactName: "Scratch ${version}.${ext}" target: - dmg @@ -30,7 +30,7 @@ mas: icon: buildResources/ScratchDesktop.icns masDev: type: development - provisioningProfile: mas-dev.provisionprofile + provisioningProfile: build/Development_edu.mit.scratch.scratch-desktop.provisionprofile win: icon: buildResources/ScratchDesktop.ico target: diff --git a/fastlane/Appfile b/fastlane/Appfile new file mode 100644 index 0000000..72de007 --- /dev/null +++ b/fastlane/Appfile @@ -0,0 +1,3 @@ +app_identifier "edu.mit.scratch.scratch-desktop" # The bundle identifier of your app +apple_id "bot-apple@scratch.mit.edu" # Your Apple email address +team_id "W7AR3WMP87" diff --git a/fastlane/Fastfile b/fastlane/Fastfile new file mode 100644 index 0000000..b9bb030 --- /dev/null +++ b/fastlane/Fastfile @@ -0,0 +1,36 @@ +# This file contains the fastlane.tools configuration +# You can find the documentation at https://docs.fastlane.tools +# +# For a list of all available actions, check out +# +# https://docs.fastlane.tools/actions +# +# For a list of all available plugins, check out +# +# https://docs.fastlane.tools/plugins/available-plugins +# + +# Uncomment the line if you want fastlane to automatically update itself +# update_fastlane + +default_platform(:mac) + +platform :mac do + desc "Use Fastlane Match to install development certificates" + lane :match_dev do + match(type: "development", platform: "macos", output_path: "build", readonly: is_ci) + end + + desc "Use Fastlane Match to install distribution certificates" + lane :match_dist do + match(type: "appstore", platform: "macos", output_path: "build", readonly: is_ci, additional_cert_types: "mac_installer_distribution") + match(type: "developer_id", platform: "macos", output_path: "build", readonly: is_ci, additional_cert_types: "developer_id_installer") + end + + desc "Prepare for a CircleCI signed build" + lane :circleci do + setup_circle_ci + match_dev + match_dist + end +end diff --git a/fastlane/README-match.md b/fastlane/README-match.md new file mode 100644 index 0000000..848a909 --- /dev/null +++ b/fastlane/README-match.md @@ -0,0 +1,31 @@ +# Fastlane Match setup + +## You might not need to do this! + +If you don't plan to build this application, you don't need Fastlane Match. + +If you don't plan to build this application for macOS, you don't need Fastlane Match. + +If you plan to only run your builds locally for your own debug purposes, you don't need Fastlane Match. + +If you don't have access to a Fastlane Match storage repository or bucket, you don't need Fastlane Match. + +## Initial Configuration + +The `Matchfile` containing settings for Fastlane Match includes private information about our storage, so it's set to be ignored by `git`. + +This means that you'll need to initialize Fastlane Match yourself when you clone this repository in a new place. + +To initialize Fastlane Match: + +1. Enter this repository's base directory (not the `fastlane` subdirectory) +2. Run `fastlane match init` and answer the questions + +...yep, that's it. + +## Obtaining & Updating Certs + +1. If you plan to make and internally share development builds for testing purposes, run: + * `fastlane match_dev` +2. If you plan to make builds for release, run: + * `fastlane match_dist` diff --git a/fastlane/README.md b/fastlane/README.md new file mode 100644 index 0000000..960c06c --- /dev/null +++ b/fastlane/README.md @@ -0,0 +1,48 @@ +fastlane documentation +---- + +# Installation + +Make sure you have the latest version of the Xcode command line tools installed: + +```sh +xcode-select --install +``` + +For _fastlane_ installation instructions, see [Installing _fastlane_](https://docs.fastlane.tools/#installing-fastlane) + +# Available Actions + +## Mac + +### mac match_dev + +```sh +[bundle exec] fastlane mac match_dev +``` + +Use Fastlane Match to install development certificates + +### mac match_dist + +```sh +[bundle exec] fastlane mac match_dist +``` + +Use Fastlane Match to install distribution certificates + +### mac circleci + +```sh +[bundle exec] fastlane mac circleci +``` + +Prepare for a CircleCI signed build + +---- + +This README.md is auto-generated and will be re-generated every time [_fastlane_](https://fastlane.tools) is run. + +More information about _fastlane_ can be found on [fastlane.tools](https://fastlane.tools). + +The documentation of _fastlane_ can be found on [docs.fastlane.tools](https://docs.fastlane.tools). diff --git a/scripts/electron-builder-wrapper.js b/scripts/electron-builder-wrapper.js index 9d4f615..303a374 100644 --- a/scripts/electron-builder-wrapper.js +++ b/scripts/electron-builder-wrapper.js @@ -9,6 +9,8 @@ const {spawnSync} = require('child_process'); const fs = require('fs'); +const masDevProfile = 'build/Development_edu.mit.scratch.scratch-desktop.provisionprofile'; + /** * Strip any code signing configuration (CSC) from a set of environment variables. * @param {object} environment - a collection of environment variables which might include code signing configuration. @@ -58,7 +60,7 @@ const runBuilder = function (wrapperConfig, target) { if (target.platform === 'darwin') { allArgs.push(`--c.mac.type=${wrapperConfig.mode === 'dist' ? 'distribution' : 'development'}`); if (target.name === 'mas-dev') { - allArgs.push('--c.mac.provisioningProfile=mas-dev.provisionprofile'); + allArgs.push(`--c.mac.provisioningProfile=${masDevProfile}`); } if (wrapperConfig.doSign) { // really this is "notarize only if we also sign" @@ -95,7 +97,6 @@ const runBuilder = function (wrapperConfig, target) { * same time but doing so limits has unwanted side effects on both macOS and Windows (see function body). */ const calculateTargets = function (wrapperConfig) { - const masDevProfile = 'mas-dev.provisionprofile'; const availableTargets = { macAppStore: { name: 'mas',