timamsk/vscodium
1
0
Fork 0
mirror of https://github.com/VSCodium/vscodium.git synced 2026-04-23 19:40:14 +10:00
Code Issues Packages Projects Releases Wiki Activity

fix(macos): add keychain to available keychains [skip ci]

Browse Source
This commit is contained in:
Baptiste Augrain
2024-06-02 03:03:55 +02:00
parent 8e077dc483
commit 3860f2832c
3 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/insider-macos.yml vendored
View File

@@ -88,6 +88,7 @@ jobs:
CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_NEW_ID }} CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_NEW_ID }}
CERTIFICATE_OSX_P12_DATA: ${{ secrets.CERTIFICATE_OSX_NEW_P12_DATA }} CERTIFICATE_OSX_P12_DATA: ${{ secrets.CERTIFICATE_OSX_NEW_P12_DATA }}
CERTIFICATE_OSX_P12_PASSWORD: ${{ secrets.CERTIFICATE_OSX_NEW_P12_PASSWORD }} CERTIFICATE_OSX_P12_PASSWORD: ${{ secrets.CERTIFICATE_OSX_NEW_P12_PASSWORD }}
CERTIFICATE_OSX_TEAM_ID: ${{ secrets.CERTIFICATE_OSX_NEW_TEAM_ID }}
run: ./prepare_assets.sh run: ./prepare_assets.sh
if: env.SHOULD_BUILD == 'yes' && (env.SHOULD_DEPLOY == 'yes' || github.event.inputs.generate_assets == 'true') if: env.SHOULD_BUILD == 'yes' && (env.SHOULD_DEPLOY == 'yes' || github.event.inputs.generate_assets == 'true')

1
.github/workflows/stable-macos.yml vendored
View File

@@ -87,6 +87,7 @@ jobs:
CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_NEW_ID }} CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_NEW_ID }}
CERTIFICATE_OSX_P12_DATA: ${{ secrets.CERTIFICATE_OSX_NEW_P12_DATA }} CERTIFICATE_OSX_P12_DATA: ${{ secrets.CERTIFICATE_OSX_NEW_P12_DATA }}
CERTIFICATE_OSX_P12_PASSWORD: ${{ secrets.CERTIFICATE_OSX_NEW_P12_PASSWORD }} CERTIFICATE_OSX_P12_PASSWORD: ${{ secrets.CERTIFICATE_OSX_NEW_P12_PASSWORD }}
CERTIFICATE_OSX_TEAM_ID: ${{ secrets.CERTIFICATE_OSX_NEW_TEAM_ID }}
run: ./prepare_assets.sh run: ./prepare_assets.sh
if: env.SHOULD_BUILD == 'yes' && (env.SHOULD_DEPLOY == 'yes' || github.event.inputs.generate_assets == 'true') if: env.SHOULD_BUILD == 'yes' && (env.SHOULD_DEPLOY == 'yes' || github.event.inputs.generate_assets == 'true')

23
prepare_assets.sh
View File

@@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=SC1091,2016 # shellcheck disable=SC1091
set -e set -e
@@ -21,12 +21,11 @@ mkdir -p assets
if [[ "${OS_NAME}" == "osx" ]]; then if [[ "${OS_NAME}" == "osx" ]]; then
if [[ "${CI_BUILD}" != "no" ]]; then if [[ "${CI_BUILD}" != "no" ]]; then
# By default, electron-osx-sign don't support app name with spaces ("VSCodium - Insiders")
replace 's|opts.app|"${opts.app}"|' vscode/build/node_modules/electron-osx-sign/sign.js
CERTIFICATE_P12="${APP_NAME}.p12" CERTIFICATE_P12="${APP_NAME}.p12"
KEYCHAIN="${RUNNER_TEMP}/buildagent.keychain" KEYCHAIN="${RUNNER_TEMP}/buildagent.keychain"
AGENT_TEMPDIRECTORY="${RUNNER_TEMP}" AGENT_TEMPDIRECTORY="${RUNNER_TEMP}"
# shellcheck disable=SC2006
KEYCHAINS=`security list-keychains | xargs`
echo "${CERTIFICATE_OSX_P12_DATA}" | base64 --decode > "${CERTIFICATE_P12}" echo "${CERTIFICATE_OSX_P12_DATA}" | base64 --decode > "${CERTIFICATE_P12}"
@@ -34,12 +33,14 @@ if [[ "${OS_NAME}" == "osx" ]]; then
security create-keychain -p pwd "${KEYCHAIN}" security create-keychain -p pwd "${KEYCHAIN}"
security set-keychain-settings -lut 21600 "${KEYCHAIN}" security set-keychain-settings -lut 21600 "${KEYCHAIN}"
security unlock-keychain -p pwd "${KEYCHAIN}" security unlock-keychain -p pwd "${KEYCHAIN}"
security show-keychain-info "${KEYCHAIN}" # shellcheck disable=SC2086
security list-keychains -s $KEYCHAINS "${KEYCHAIN}"
# security show-keychain-info "${KEYCHAIN}"
echo "+ import certificate to keychain" echo "+ import certificate to keychain"
security import "${CERTIFICATE_P12}" -k "${KEYCHAIN}" -P "${CERTIFICATE_OSX_P12_PASSWORD}" -T /usr/bin/codesign security import "${CERTIFICATE_P12}" -k "${KEYCHAIN}" -P "${CERTIFICATE_OSX_P12_PASSWORD}" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k pwd "${KEYCHAIN}" > /dev/null security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k pwd "${KEYCHAIN}" > /dev/null
security find-identity "${KEYCHAIN}" # security find-identity "${KEYCHAIN}"
CODESIGN_IDENTITY="$( security find-identity -v -p codesigning "${KEYCHAIN}" | grep -oEi "([0-9A-F]{40})" | head -n 1 )" CODESIGN_IDENTITY="$( security find-identity -v -p codesigning "${KEYCHAIN}" | grep -oEi "([0-9A-F]{40})" | head -n 1 )"
@@ -55,12 +56,18 @@ if [[ "${OS_NAME}" == "osx" ]]; then
zip -r -X -y "${ZIP_FILE}" ./*.app zip -r -X -y "${ZIP_FILE}" ./*.app
xcrun notarytool store-credentials "notarytool-profile" --apple-id "${CERTIFICATE_OSX_ID}" --password "${CERTIFICATE_OSX_APP_PASSWORD}" xcrun notarytool store-credentials "${APP_NAME}" --apple-id "${CERTIFICATE_OSX_ID}" --team-id "${CERTIFICATE_OSX_TEAM_ID}" --password "${CERTIFICATE_OSX_APP_PASSWORD}" --keychain "${KEYCHAIN}"
xcrun notarytool submit "${ZIP_FILE}" ---keychain-profile "notarytool-profile" --wait xcrun notarytool submit "${ZIP_FILE}" --keychain-profile "${APP_NAME}" --wait --keychain "${KEYCHAIN}"
echo "+ attach staple" echo "+ attach staple"
xcrun stapler staple ./*.app xcrun stapler staple ./*.app
# spctl --assess -vv --type install ./*.app
echo "+ clean"
security delete-keychain "${KEYCHAIN}"
# shellcheck disable=SC2086
security list-keychains -s $KEYCHAINS
rm "${ZIP_FILE}" rm "${ZIP_FILE}"
cd .. cd ..