diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2024-08-18 21:45:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-18 22:45:54 +0200 |
| commit | a3bd9fa52926ced606bb0682435b1ecadddd7e37 (patch) | |
| tree | 1502c1326f8263af32302f8c0842c844c5259ec4 /tools | |
| parent | 558d2a098bd20b3031139e37b088345c766e0b4e (diff) | |
ci: fix 'promote_to_rc' workflow by adding codesigning (#25074)
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/release/promote_to_rc.ts | 46 |
1 files changed, 41 insertions, 5 deletions
diff --git a/tools/release/promote_to_rc.ts b/tools/release/promote_to_rc.ts index 6d7375385..eb4933678 100644 --- a/tools/release/promote_to_rc.ts +++ b/tools/release/promote_to_rc.ts @@ -120,7 +120,42 @@ async function runPatchver( } } -async function promoteBinaryToRc(binary: string, target: string) { +async function runRcodesign( + target: string, + rcBinaryName: string, + commitHash: string, +) { + if (!target.includes("apple") || rcBinaryName.includes("denort")) { + return; + } + $.logStep(`Codesign ${rcBinaryName}`); + const tempFile = $.path("temp.p12"); + let output; + try { + await $`echo $APPLE_CODESIGN_KEY | base64 -d`.stdout(tempFile); + output = + await $`rcodesign sign ./${rcBinaryName} --binary-identifier=deno-${commitHash} --code-signature-flags=runtime --code-signature-flags=runtime --p12-password="$APPLE_CODESIGN_PASSWORD" --p12-file=${tempFile} --entitlements-xml-file=cli/entitlements.plist`; + } finally { + try { + tempFile.removeSync(); + } catch { + // pass + } + } + if (output.code !== 0) { + $.logError( + `Failed to codesign ${rcBinaryName} (error code ${output.code})`, + ); + Deno.exit(1); + } + await $`codesign -dv --verbose=4 ./deno`; +} + +async function promoteBinaryToRc( + binary: string, + target: string, + commitHash: string, +) { const unzippedName = getUnzippedFilename(binary, target); const rcBinaryName = getRcBinaryName(binary, target); const archiveName = getArchiveName(binary, target); @@ -149,6 +184,7 @@ async function promoteBinaryToRc(binary: string, target: string) { // Remove the unpatched binary and rename patched one. await remove(unzippedName); await Deno.rename(rcBinaryName, unzippedName); + await runRcodesign(target, unzippedName, commitHash); // Set executable permission if (!target.includes("windows")) { Deno.chmod(unzippedName, 0o777); @@ -158,7 +194,7 @@ async function promoteBinaryToRc(binary: string, target: string) { await remove(unzippedName); } -async function promoteBinariesToRc() { +async function promoteBinariesToRc(commitHash: string) { const totalCanaries = SUPPORTED_TARGETS.length * DENO_BINARIES.length; for (let targetIdx = 0; targetIdx < SUPPORTED_TARGETS.length; targetIdx++) { @@ -173,7 +209,7 @@ async function promoteBinariesToRc() { target, "to RC...", ); - await promoteBinaryToRc(binaryName, target); + await promoteBinaryToRc(binaryName, target, commitHash); $.logLight( `[${currentIdx}/${totalCanaries}]`, "Promoted", @@ -191,7 +227,7 @@ async function dumpRcVersion() { const output = await $`./deno -V`.stdout("piped"); const denoVersion = output.stdout.slice(5).split("+")[0]; $.logStep("Computed version", denoVersion); - await Deno.writeTextFile("./release-rc-latest.txt", denoVersion); + await Deno.writeTextFile("./release-rc-latest.txt", `v${denoVersion}`); } async function main() { @@ -203,7 +239,7 @@ async function main() { await fetchLatestCanaryBinaries(commitHash); console.log("All canary binaries ready"); $.logStep("Promote canary binaries to RC..."); - await promoteBinariesToRc(); + await promoteBinariesToRc(commitHash); // Finally dump the version name to a `release.txt` file for uploading to GCP await dumpRcVersion(); |