mirror of
https://github.com/scratchfoundation/scratch-desktop.git
synced 2024-12-22 21:52:31 -05:00
Merge pull request #220 from LLK/fastlane
Use Fastlane Match to help with signed builds
This commit is contained in:
commit
032619ce60
8 changed files with 135 additions and 38 deletions
|
@ -29,10 +29,9 @@ aliases:
|
|||
jobs:
|
||||
build_for_macos:
|
||||
macos:
|
||||
# CircleCI's Xcode 11.1.0 image is the last of their images to be based on macOS 10.14
|
||||
# I've had trouble building for earlier versions of macOS on Catalina but it's unclear whether that was due to
|
||||
# Catalina or the version of Xcode. We should investigate this further.
|
||||
xcode: 11.1.0
|
||||
# CircleCI's Xcode 12.4.0 image is the last of their images to be based on macOS 10.15
|
||||
# CircleCI no longer supports Xcode 11+ on macOS 10.14
|
||||
xcode: 12.4.0
|
||||
steps:
|
||||
- checkout
|
||||
- npm_install:
|
||||
|
@ -44,37 +43,12 @@ jobs:
|
|||
condition:
|
||||
*should_sign
|
||||
steps:
|
||||
- add_ssh_keys
|
||||
- run:
|
||||
name: Import CI context
|
||||
command: |
|
||||
set -e
|
||||
function decodeToFile () {
|
||||
if [ -z "$1" ]; then
|
||||
echo "Missing or invalid filename"
|
||||
return 1
|
||||
fi
|
||||
if [ -z "$2" ]; then
|
||||
echo "Missing environment variable contents for file: $1"
|
||||
return 2
|
||||
fi
|
||||
echo "$2" | base64 --decode > "$1"
|
||||
}
|
||||
decodeToFile embedded.provisionprofile "${MAC_PROVISION_PROFILE}"
|
||||
decodeToFile mas-dev.provisionprofile "${MAC_DEV_PROVISION_PROFILE}"
|
||||
decodeToFile macos-certs-scratch-foundation.p12.gz "${CSC_MACOS_GZ}"
|
||||
decodeToFile apple-dev-cert.p12 "${MAC_DEV_CERT}"
|
||||
gunzip macos-certs-scratch-foundation.p12.gz
|
||||
security -v create-keychain -p circleci circleci.keychain
|
||||
security -v default-keychain -s circleci.keychain
|
||||
security -v import macos-certs-scratch-foundation.p12 -k circleci.keychain -P "${CSC_MACOS_PASSWORD}" -T /usr/bin/codesign -T /usr/bin/productbuild
|
||||
security -v import apple-dev-cert.p12 -k circleci.keychain -P "${MAC_DEV_CERT_PASSWORD}" -T /usr/bin/codesign -T /usr/bin/productbuild
|
||||
security -v unlock-keychain -p circleci circleci.keychain
|
||||
# "set-key-partition-list" prints extensive not-so-useful output and adding "-q" (even multiple times) doesn't suppress it.
|
||||
# The "grep -v" at the end of this line suppresses all of that so any errors or warnings might be more visible.
|
||||
security -v set-key-partition-list -S apple-tool:,apple:,codesign: -s -k circleci circleci.keychain | grep -v '^ 0x'
|
||||
security -v set-keychain-settings -lut 600 circleci.keychain
|
||||
security -v find-identity circleci.keychain
|
||||
rm macos-certs-scratch-foundation.p12 apple-dev-cert.p12
|
||||
fastlane circleci
|
||||
- restore_cache:
|
||||
# Caching Homebrew's files (see the save_cache step below) means that Homebrew doesn't have to update as
|
||||
# much. The Homebrew update can take several minutes without this, but with the cache it tends to take less
|
||||
|
@ -90,9 +64,6 @@ jobs:
|
|||
git -C ~/app-builder checkout b85740334fec875f5dd8dcd22eb1f729599109db
|
||||
make --directory=~/app-builder build
|
||||
ln -sfv ~/app-builder/dist/app-builder_darwin_amd64/app-builder ./node_modules/app-builder-bin/mac/
|
||||
- run:
|
||||
name: Upgrade to Node 14
|
||||
command: brew install node@14
|
||||
- save_cache:
|
||||
name: Save Homebrew cache
|
||||
paths:
|
||||
|
|
7
.gitignore
vendored
7
.gitignore
vendored
|
@ -25,3 +25,10 @@ npm-*
|
|||
# generated translation files
|
||||
/translations
|
||||
/locale
|
||||
|
||||
# Fastlane
|
||||
**/fastlane/Matchfile
|
||||
**/fastlane/report.xml
|
||||
**/fastlane/Preview.html
|
||||
**/fastlane/screenshots
|
||||
**/fastlane/test_output
|
||||
|
|
|
@ -15,7 +15,7 @@ mac:
|
|||
gatekeeperAssess: true
|
||||
hardenedRuntime: true
|
||||
icon: buildResources/ScratchDesktop.icns
|
||||
provisioningProfile: embedded.provisionprofile
|
||||
provisioningProfile: build/AppStore_edu.mit.scratch.scratch-desktop.provisionprofile
|
||||
artifactName: "Scratch ${version}.${ext}"
|
||||
target:
|
||||
- dmg
|
||||
|
@ -30,7 +30,7 @@ mas:
|
|||
icon: buildResources/ScratchDesktop.icns
|
||||
masDev:
|
||||
type: development
|
||||
provisioningProfile: mas-dev.provisionprofile
|
||||
provisioningProfile: build/Development_edu.mit.scratch.scratch-desktop.provisionprofile
|
||||
win:
|
||||
icon: buildResources/ScratchDesktop.ico
|
||||
target:
|
||||
|
|
3
fastlane/Appfile
Normal file
3
fastlane/Appfile
Normal file
|
@ -0,0 +1,3 @@
|
|||
app_identifier "edu.mit.scratch.scratch-desktop" # The bundle identifier of your app
|
||||
apple_id "bot-apple@scratch.mit.edu" # Your Apple email address
|
||||
team_id "W7AR3WMP87"
|
36
fastlane/Fastfile
Normal file
36
fastlane/Fastfile
Normal file
|
@ -0,0 +1,36 @@
|
|||
# This file contains the fastlane.tools configuration
|
||||
# You can find the documentation at https://docs.fastlane.tools
|
||||
#
|
||||
# For a list of all available actions, check out
|
||||
#
|
||||
# https://docs.fastlane.tools/actions
|
||||
#
|
||||
# For a list of all available plugins, check out
|
||||
#
|
||||
# https://docs.fastlane.tools/plugins/available-plugins
|
||||
#
|
||||
|
||||
# Uncomment the line if you want fastlane to automatically update itself
|
||||
# update_fastlane
|
||||
|
||||
default_platform(:mac)
|
||||
|
||||
platform :mac do
|
||||
desc "Use Fastlane Match to install development certificates"
|
||||
lane :match_dev do
|
||||
match(type: "development", platform: "macos", output_path: "build", readonly: is_ci)
|
||||
end
|
||||
|
||||
desc "Use Fastlane Match to install distribution certificates"
|
||||
lane :match_dist do
|
||||
match(type: "appstore", platform: "macos", output_path: "build", readonly: is_ci, additional_cert_types: "mac_installer_distribution")
|
||||
match(type: "developer_id", platform: "macos", output_path: "build", readonly: is_ci, additional_cert_types: "developer_id_installer")
|
||||
end
|
||||
|
||||
desc "Prepare for a CircleCI signed build"
|
||||
lane :circleci do
|
||||
setup_circle_ci
|
||||
match_dev
|
||||
match_dist
|
||||
end
|
||||
end
|
31
fastlane/README-match.md
Normal file
31
fastlane/README-match.md
Normal file
|
@ -0,0 +1,31 @@
|
|||
# Fastlane Match setup
|
||||
|
||||
## You might not need to do this!
|
||||
|
||||
If you don't plan to build this application, you don't need Fastlane Match.
|
||||
|
||||
If you don't plan to build this application for macOS, you don't need Fastlane Match.
|
||||
|
||||
If you plan to only run your builds locally for your own debug purposes, you don't need Fastlane Match.
|
||||
|
||||
If you don't have access to a Fastlane Match storage repository or bucket, you don't need Fastlane Match.
|
||||
|
||||
## Initial Configuration
|
||||
|
||||
The `Matchfile` containing settings for Fastlane Match includes private information about our storage, so it's set to be ignored by `git`.
|
||||
|
||||
This means that you'll need to initialize Fastlane Match yourself when you clone this repository in a new place.
|
||||
|
||||
To initialize Fastlane Match:
|
||||
|
||||
1. Enter this repository's base directory (not the `fastlane` subdirectory)
|
||||
2. Run `fastlane match init` and answer the questions
|
||||
|
||||
...yep, that's it.
|
||||
|
||||
## Obtaining & Updating Certs
|
||||
|
||||
1. If you plan to make and internally share development builds for testing purposes, run:
|
||||
* `fastlane match_dev`
|
||||
2. If you plan to make builds for release, run:
|
||||
* `fastlane match_dist`
|
48
fastlane/README.md
Normal file
48
fastlane/README.md
Normal file
|
@ -0,0 +1,48 @@
|
|||
fastlane documentation
|
||||
----
|
||||
|
||||
# Installation
|
||||
|
||||
Make sure you have the latest version of the Xcode command line tools installed:
|
||||
|
||||
```sh
|
||||
xcode-select --install
|
||||
```
|
||||
|
||||
For _fastlane_ installation instructions, see [Installing _fastlane_](https://docs.fastlane.tools/#installing-fastlane)
|
||||
|
||||
# Available Actions
|
||||
|
||||
## Mac
|
||||
|
||||
### mac match_dev
|
||||
|
||||
```sh
|
||||
[bundle exec] fastlane mac match_dev
|
||||
```
|
||||
|
||||
Use Fastlane Match to install development certificates
|
||||
|
||||
### mac match_dist
|
||||
|
||||
```sh
|
||||
[bundle exec] fastlane mac match_dist
|
||||
```
|
||||
|
||||
Use Fastlane Match to install distribution certificates
|
||||
|
||||
### mac circleci
|
||||
|
||||
```sh
|
||||
[bundle exec] fastlane mac circleci
|
||||
```
|
||||
|
||||
Prepare for a CircleCI signed build
|
||||
|
||||
----
|
||||
|
||||
This README.md is auto-generated and will be re-generated every time [_fastlane_](https://fastlane.tools) is run.
|
||||
|
||||
More information about _fastlane_ can be found on [fastlane.tools](https://fastlane.tools).
|
||||
|
||||
The documentation of _fastlane_ can be found on [docs.fastlane.tools](https://docs.fastlane.tools).
|
|
@ -9,6 +9,8 @@
|
|||
const {spawnSync} = require('child_process');
|
||||
const fs = require('fs');
|
||||
|
||||
const masDevProfile = 'build/Development_edu.mit.scratch.scratch-desktop.provisionprofile';
|
||||
|
||||
/**
|
||||
* Strip any code signing configuration (CSC) from a set of environment variables.
|
||||
* @param {object} environment - a collection of environment variables which might include code signing configuration.
|
||||
|
@ -58,7 +60,7 @@ const runBuilder = function (wrapperConfig, target) {
|
|||
if (target.platform === 'darwin') {
|
||||
allArgs.push(`--c.mac.type=${wrapperConfig.mode === 'dist' ? 'distribution' : 'development'}`);
|
||||
if (target.name === 'mas-dev') {
|
||||
allArgs.push('--c.mac.provisioningProfile=mas-dev.provisionprofile');
|
||||
allArgs.push(`--c.mac.provisioningProfile=${masDevProfile}`);
|
||||
}
|
||||
if (wrapperConfig.doSign) {
|
||||
// really this is "notarize only if we also sign"
|
||||
|
@ -95,7 +97,6 @@ const runBuilder = function (wrapperConfig, target) {
|
|||
* same time but doing so limits has unwanted side effects on both macOS and Windows (see function body).
|
||||
*/
|
||||
const calculateTargets = function (wrapperConfig) {
|
||||
const masDevProfile = 'mas-dev.provisionprofile';
|
||||
const availableTargets = {
|
||||
macAppStore: {
|
||||
name: 'mas',
|
||||
|
|
Loading…
Reference in a new issue