mirror of
https://github.com/scratchfoundation/scratch-desktop.git
synced 2024-12-22 21:52:31 -05:00
Merge pull request #220 from LLK/fastlane
Use Fastlane Match to help with signed builds
This commit is contained in:
commit
032619ce60
8 changed files with 135 additions and 38 deletions
|
@ -29,10 +29,9 @@ aliases:
|
||||||
jobs:
|
jobs:
|
||||||
build_for_macos:
|
build_for_macos:
|
||||||
macos:
|
macos:
|
||||||
# CircleCI's Xcode 11.1.0 image is the last of their images to be based on macOS 10.14
|
# CircleCI's Xcode 12.4.0 image is the last of their images to be based on macOS 10.15
|
||||||
# I've had trouble building for earlier versions of macOS on Catalina but it's unclear whether that was due to
|
# CircleCI no longer supports Xcode 11+ on macOS 10.14
|
||||||
# Catalina or the version of Xcode. We should investigate this further.
|
xcode: 12.4.0
|
||||||
xcode: 11.1.0
|
|
||||||
steps:
|
steps:
|
||||||
- checkout
|
- checkout
|
||||||
- npm_install:
|
- npm_install:
|
||||||
|
@ -44,37 +43,12 @@ jobs:
|
||||||
condition:
|
condition:
|
||||||
*should_sign
|
*should_sign
|
||||||
steps:
|
steps:
|
||||||
|
- add_ssh_keys
|
||||||
- run:
|
- run:
|
||||||
name: Import CI context
|
name: Import CI context
|
||||||
command: |
|
command: |
|
||||||
set -e
|
set -e
|
||||||
function decodeToFile () {
|
fastlane circleci
|
||||||
if [ -z "$1" ]; then
|
|
||||||
echo "Missing or invalid filename"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if [ -z "$2" ]; then
|
|
||||||
echo "Missing environment variable contents for file: $1"
|
|
||||||
return 2
|
|
||||||
fi
|
|
||||||
echo "$2" | base64 --decode > "$1"
|
|
||||||
}
|
|
||||||
decodeToFile embedded.provisionprofile "${MAC_PROVISION_PROFILE}"
|
|
||||||
decodeToFile mas-dev.provisionprofile "${MAC_DEV_PROVISION_PROFILE}"
|
|
||||||
decodeToFile macos-certs-scratch-foundation.p12.gz "${CSC_MACOS_GZ}"
|
|
||||||
decodeToFile apple-dev-cert.p12 "${MAC_DEV_CERT}"
|
|
||||||
gunzip macos-certs-scratch-foundation.p12.gz
|
|
||||||
security -v create-keychain -p circleci circleci.keychain
|
|
||||||
security -v default-keychain -s circleci.keychain
|
|
||||||
security -v import macos-certs-scratch-foundation.p12 -k circleci.keychain -P "${CSC_MACOS_PASSWORD}" -T /usr/bin/codesign -T /usr/bin/productbuild
|
|
||||||
security -v import apple-dev-cert.p12 -k circleci.keychain -P "${MAC_DEV_CERT_PASSWORD}" -T /usr/bin/codesign -T /usr/bin/productbuild
|
|
||||||
security -v unlock-keychain -p circleci circleci.keychain
|
|
||||||
# "set-key-partition-list" prints extensive not-so-useful output and adding "-q" (even multiple times) doesn't suppress it.
|
|
||||||
# The "grep -v" at the end of this line suppresses all of that so any errors or warnings might be more visible.
|
|
||||||
security -v set-key-partition-list -S apple-tool:,apple:,codesign: -s -k circleci circleci.keychain | grep -v '^ 0x'
|
|
||||||
security -v set-keychain-settings -lut 600 circleci.keychain
|
|
||||||
security -v find-identity circleci.keychain
|
|
||||||
rm macos-certs-scratch-foundation.p12 apple-dev-cert.p12
|
|
||||||
- restore_cache:
|
- restore_cache:
|
||||||
# Caching Homebrew's files (see the save_cache step below) means that Homebrew doesn't have to update as
|
# Caching Homebrew's files (see the save_cache step below) means that Homebrew doesn't have to update as
|
||||||
# much. The Homebrew update can take several minutes without this, but with the cache it tends to take less
|
# much. The Homebrew update can take several minutes without this, but with the cache it tends to take less
|
||||||
|
@ -90,9 +64,6 @@ jobs:
|
||||||
git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db
|
git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db
|
||||||
make --directory=~/app-builder build
|
make --directory=~/app-builder build
|
||||||
ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/
|
ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/
|
||||||
- run:
|
|
||||||
name: Upgrade to Node 14
|
|
||||||
command: brew install node@14
|
|
||||||
- save_cache:
|
- save_cache:
|
||||||
name: Save Homebrew cache
|
name: Save Homebrew cache
|
||||||
paths:
|
paths:
|
||||||
|
|
7
.gitignore
vendored
7
.gitignore
vendored
|
@ -25,3 +25,10 @@ npm-*
|
||||||
# generated translation files
|
# generated translation files
|
||||||
/translations
|
/translations
|
||||||
/locale
|
/locale
|
||||||
|
|
||||||
|
# Fastlane
|
||||||
|
**/fastlane/Matchfile
|
||||||
|
**/fastlane/report.xml
|
||||||
|
**/fastlane/Preview.html
|
||||||
|
**/fastlane/screenshots
|
||||||
|
**/fastlane/test_output
|
||||||
|
|
|
@ -15,7 +15,7 @@ mac:
|
||||||
gatekeeperAssess: true
|
gatekeeperAssess: true
|
||||||
hardenedRuntime: true
|
hardenedRuntime: true
|
||||||
icon: buildResources/ScratchDesktop.icns
|
icon: buildResources/ScratchDesktop.icns
|
||||||
provisioningProfile: embedded.provisionprofile
|
provisioningProfile: build/AppStore_edu.mit.scratch.scratch-desktop.provisionprofile
|
||||||
artifactName: "Scratch ${version}.${ext}"
|
artifactName: "Scratch ${version}.${ext}"
|
||||||
target:
|
target:
|
||||||
- dmg
|
- dmg
|
||||||
|
@ -30,7 +30,7 @@ mas:
|
||||||
icon: buildResources/ScratchDesktop.icns
|
icon: buildResources/ScratchDesktop.icns
|
||||||
masDev:
|
masDev:
|
||||||
type: development
|
type: development
|
||||||
provisioningProfile: mas-dev.provisionprofile
|
provisioningProfile: build/Development_edu.mit.scratch.scratch-desktop.provisionprofile
|
||||||
win:
|
win:
|
||||||
icon: buildResources/ScratchDesktop.ico
|
icon: buildResources/ScratchDesktop.ico
|
||||||
target:
|
target:
|
||||||
|
|
3
fastlane/Appfile
Normal file
3
fastlane/Appfile
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
app_identifier "edu.mit.scratch.scratch-desktop" # The bundle identifier of your app
|
||||||
|
apple_id "bot-apple@scratch.mit.edu" # Your Apple email address
|
||||||
|
team_id "W7AR3WMP87"
|
36
fastlane/Fastfile
Normal file
36
fastlane/Fastfile
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# This file contains the fastlane.tools configuration
|
||||||
|
# You can find the documentation at https://docs.fastlane.tools
|
||||||
|
#
|
||||||
|
# For a list of all available actions, check out
|
||||||
|
#
|
||||||
|
# https://docs.fastlane.tools/actions
|
||||||
|
#
|
||||||
|
# For a list of all available plugins, check out
|
||||||
|
#
|
||||||
|
# https://docs.fastlane.tools/plugins/available-plugins
|
||||||
|
#
|
||||||
|
|
||||||
|
# Uncomment the line if you want fastlane to automatically update itself
|
||||||
|
# update_fastlane
|
||||||
|
|
||||||
|
default_platform(:mac)
|
||||||
|
|
||||||
|
platform :mac do
|
||||||
|
desc "Use Fastlane Match to install development certificates"
|
||||||
|
lane :match_dev do
|
||||||
|
match(type: "development", platform: "macos", output_path: "build", readonly: is_ci)
|
||||||
|
end
|
||||||
|
|
||||||
|
desc "Use Fastlane Match to install distribution certificates"
|
||||||
|
lane :match_dist do
|
||||||
|
match(type: "appstore", platform: "macos", output_path: "build", readonly: is_ci, additional_cert_types: "mac_installer_distribution")
|
||||||
|
match(type: "developer_id", platform: "macos", output_path: "build", readonly: is_ci, additional_cert_types: "developer_id_installer")
|
||||||
|
end
|
||||||
|
|
||||||
|
desc "Prepare for a CircleCI signed build"
|
||||||
|
lane :circleci do
|
||||||
|
setup_circle_ci
|
||||||
|
match_dev
|
||||||
|
match_dist
|
||||||
|
end
|
||||||
|
end
|
31
fastlane/README-match.md
Normal file
31
fastlane/README-match.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# Fastlane Match setup
|
||||||
|
|
||||||
|
## You might not need to do this!
|
||||||
|
|
||||||
|
If you don't plan to build this application, you don't need Fastlane Match.
|
||||||
|
|
||||||
|
If you don't plan to build this application for macOS, you don't need Fastlane Match.
|
||||||
|
|
||||||
|
If you plan to only run your builds locally for your own debug purposes, you don't need Fastlane Match.
|
||||||
|
|
||||||
|
If you don't have access to a Fastlane Match storage repository or bucket, you don't need Fastlane Match.
|
||||||
|
|
||||||
|
## Initial Configuration
|
||||||
|
|
||||||
|
The `Matchfile` containing settings for Fastlane Match includes private information about our storage, so it's set to be ignored by `git`.
|
||||||
|
|
||||||
|
This means that you'll need to initialize Fastlane Match yourself when you clone this repository in a new place.
|
||||||
|
|
||||||
|
To initialize Fastlane Match:
|
||||||
|
|
||||||
|
1. Enter this repository's base directory (not the `fastlane` subdirectory)
|
||||||
|
2. Run `fastlane match init` and answer the questions
|
||||||
|
|
||||||
|
...yep, that's it.
|
||||||
|
|
||||||
|
## Obtaining & Updating Certs
|
||||||
|
|
||||||
|
1. If you plan to make and internally share development builds for testing purposes, run:
|
||||||
|
* `fastlane match_dev`
|
||||||
|
2. If you plan to make builds for release, run:
|
||||||
|
* `fastlane match_dist`
|
48
fastlane/README.md
Normal file
48
fastlane/README.md
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
fastlane documentation
|
||||||
|
----
|
||||||
|
|
||||||
|
# Installation
|
||||||
|
|
||||||
|
Make sure you have the latest version of the Xcode command line tools installed:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
xcode-select --install
|
||||||
|
```
|
||||||
|
|
||||||
|
For _fastlane_ installation instructions, see [Installing _fastlane_](https://docs.fastlane.tools/#installing-fastlane)
|
||||||
|
|
||||||
|
# Available Actions
|
||||||
|
|
||||||
|
## Mac
|
||||||
|
|
||||||
|
### mac match_dev
|
||||||
|
|
||||||
|
```sh
|
||||||
|
[bundle exec] fastlane mac match_dev
|
||||||
|
```
|
||||||
|
|
||||||
|
Use Fastlane Match to install development certificates
|
||||||
|
|
||||||
|
### mac match_dist
|
||||||
|
|
||||||
|
```sh
|
||||||
|
[bundle exec] fastlane mac match_dist
|
||||||
|
```
|
||||||
|
|
||||||
|
Use Fastlane Match to install distribution certificates
|
||||||
|
|
||||||
|
### mac circleci
|
||||||
|
|
||||||
|
```sh
|
||||||
|
[bundle exec] fastlane mac circleci
|
||||||
|
```
|
||||||
|
|
||||||
|
Prepare for a CircleCI signed build
|
||||||
|
|
||||||
|
----
|
||||||
|
|
||||||
|
This README.md is auto-generated and will be re-generated every time [_fastlane_](https://fastlane.tools) is run.
|
||||||
|
|
||||||
|
More information about _fastlane_ can be found on [fastlane.tools](https://fastlane.tools).
|
||||||
|
|
||||||
|
The documentation of _fastlane_ can be found on [docs.fastlane.tools](https://docs.fastlane.tools).
|
|
@ -9,6 +9,8 @@
|
||||||
const {spawnSync} = require('child_process');
|
const {spawnSync} = require('child_process');
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
|
|
||||||
|
const masDevProfile = 'build/Development_edu.mit.scratch.scratch-desktop.provisionprofile';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Strip any code signing configuration (CSC) from a set of environment variables.
|
* Strip any code signing configuration (CSC) from a set of environment variables.
|
||||||
* @param {object} environment - a collection of environment variables which might include code signing configuration.
|
* @param {object} environment - a collection of environment variables which might include code signing configuration.
|
||||||
|
@ -58,7 +60,7 @@ const runBuilder = function (wrapperConfig, target) {
|
||||||
if (target.platform === 'darwin') {
|
if (target.platform === 'darwin') {
|
||||||
allArgs.push(`--c.mac.type=${wrapperConfig.mode === 'dist' ? 'distribution' : 'development'}`);
|
allArgs.push(`--c.mac.type=${wrapperConfig.mode === 'dist' ? 'distribution' : 'development'}`);
|
||||||
if (target.name === 'mas-dev') {
|
if (target.name === 'mas-dev') {
|
||||||
allArgs.push('--c.mac.provisioningProfile=mas-dev.provisionprofile');
|
allArgs.push(`--c.mac.provisioningProfile=${masDevProfile}`);
|
||||||
}
|
}
|
||||||
if (wrapperConfig.doSign) {
|
if (wrapperConfig.doSign) {
|
||||||
// really this is "notarize only if we also sign"
|
// really this is "notarize only if we also sign"
|
||||||
|
@ -95,7 +97,6 @@ const runBuilder = function (wrapperConfig, target) {
|
||||||
* same time but doing so limits has unwanted side effects on both macOS and Windows (see function body).
|
* same time but doing so limits has unwanted side effects on both macOS and Windows (see function body).
|
||||||
*/
|
*/
|
||||||
const calculateTargets = function (wrapperConfig) {
|
const calculateTargets = function (wrapperConfig) {
|
||||||
const masDevProfile = 'mas-dev.provisionprofile';
|
|
||||||
const availableTargets = {
|
const availableTargets = {
|
||||||
macAppStore: {
|
macAppStore: {
|
||||||
name: 'mas',
|
name: 'mas',
|
||||||
|
|
Loading…
Reference in a new issue