diff options
| author | Matt Mastracci <matthew@mastracci.com> | 2023-11-23 15:30:26 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-23 15:30:26 -0700 |
| commit | 778e4c971077e38bf8f7d03b8b299d3dd111ba22 (patch) | |
| tree | caea4ddf5233e616f17df0ee19d4016ce300a8b0 /.github/workflows/ci.generate.ts | |
| parent | 6f22d2424a30eebaaa1a2d518d4c79d7e0c21a47 (diff) | |
chore: start codesigning mac release builds (#21303)
- Adds a codesigning step to all mac targets
- Adds a new ci-full label to the build to force aarch64 builds on any
PR
Diffstat (limited to '.github/workflows/ci.generate.ts')
| -rwxr-xr-x | .github/workflows/ci.generate.ts | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/.github/workflows/ci.generate.ts b/.github/workflows/ci.generate.ts index be71828e3..10bf59521 100755 --- a/.github/workflows/ci.generate.ts +++ b/.github/workflows/ci.generate.ts @@ -275,14 +275,18 @@ function handleMatrixItems(items: { } if (typeof item.skip === "string") { - let text = "${{ ("; - text += removeSurroundingExpression(item.skip.toString()) + ") && "; + let text = + "${{ (!contains(github.event.pull_request.labels.*.name, 'ci-full') && ("; + text += removeSurroundingExpression(item.skip.toString()) + ")) && "; text += `'${Runners.ubuntu}' || ${ removeSurroundingExpression(item.os) } }}`; // deno-lint-ignore no-explicit-any (item as any).runner = text; + item.skip = + "${{ !contains(github.event.pull_request.labels.*.name, 'ci-full') && (" + + removeSurroundingExpression(item.skip.toString()) + ") }}"; } return { @@ -526,11 +530,19 @@ const ci = { name: "Install aarch64 lld", run: [ "./tools/install_prebuilt.js ld64.lld", - "echo $GITHUB_WORKSPACE/third_party/prebuilt/mac >> $GITHUB_PATH", ].join("\n"), if: `matrix.os == '${macosArmRunner}'`, }, { + name: "Install rust-codesign", + run: [ + "./tools/install_prebuilt.js rcodesign", + "echo $GITHUB_WORKSPACE/third_party/prebuilt/mac >> $GITHUB_PATH", + ].join("\n"), + if: + `(matrix.os == '${macosArmRunner}' || matrix.os == '${macosX86Runner}')`, + }, + { name: "Log versions", run: [ "python --version", @@ -680,7 +692,17 @@ const ci = { "matrix.profile == 'release' &&", "github.repository == 'denoland/deno'", ].join("\n"), + env: { + "APPLE_CODESIGN_KEY": "${{ secrets.APPLE_CODESIGN_KEY }}", + "APPLE_CODESIGN_PASSWORD": "${{ secrets.APPLE_CODESIGN_PASSWORD }}", + }, run: [ + 'echo "Key is $(echo $APPLE_CODESIGN_KEY | base64 -d | wc -c) bytes"', + "rcodesign sign target/release/deno " + + "--code-signature-flags=runtime " + + '--p12-password="$APPLE_CODESIGN_PASSWORD" ' + + "--p12-file=<(echo $APPLE_CODESIGN_KEY | base64 -d) " + + "--entitlements-xml-file=cli/entitlements.plist", "cd target/release", "zip -r deno-x86_64-apple-darwin.zip deno", ] @@ -694,7 +716,17 @@ const ci = { "matrix.profile == 'release' &&", "github.repository == 'denoland/deno'", ].join("\n"), + env: { + "APPLE_CODESIGN_KEY": "${{ secrets.APPLE_CODESIGN_KEY }}", + "APPLE_CODESIGN_PASSWORD": "${{ secrets.APPLE_CODESIGN_PASSWORD }}", + }, run: [ + 'echo "Key is $(echo $APPLE_CODESIGN_KEY | base64 -d | wc -c) bytes"', + "rcodesign sign target/release/deno " + + "--code-signature-flags=runtime " + + '--p12-password="$APPLE_CODESIGN_PASSWORD" ' + + "--p12-file=<(echo $APPLE_CODESIGN_KEY | base64 -d) " + + "--entitlements-xml-file=cli/entitlements.plist", "cd target/release", "zip -r deno-aarch64-apple-darwin.zip deno", ] |