mirror of
https://github.com/atom/atom.git
synced 2026-04-06 03:02:13 -04:00
Download and import certificate in build script instead of circle.yml
This will make it possible to run the build on Circle instances that don’t define the required environment variables for code signing. We could do some crazy shell scripting in the circle.yml, but this is easier overall.
This commit is contained in:
@@ -7,13 +7,6 @@ machine:
|
||||
xcode:
|
||||
version: 7.3
|
||||
|
||||
post:
|
||||
- |- # this weird literal syntax allows a : on the next line
|
||||
curl --header 'Accept: application/vnd.github.v3.raw' --output /tmp/mac.p12 $ATOM_MAC_CODE_SIGNING_CERT_DOWNLOAD_URL
|
||||
- security unlock-keychain -p $ATOM_MAC_CODE_SIGNING_KEYCHAIN_PASSWORD $ATOM_MAC_CODE_SIGNING_KEYCHAIN
|
||||
- security import /tmp/mac.p12 -P $ATOM_MAC_CODE_SIGNING_CERT_PASSWORD -k $ATOM_MAC_CODE_SIGNING_KEYCHAIN -T /usr/bin/codesign
|
||||
- security find-identity -p codesigning
|
||||
|
||||
general:
|
||||
artifacts:
|
||||
- out/atom-mac.zip
|
||||
|
||||
@@ -1,21 +1,45 @@
|
||||
const childProcess = require('child_process')
|
||||
const fs = require('fs')
|
||||
const os = require('os')
|
||||
const path = require('path')
|
||||
const syncRequest = require('sync-request')
|
||||
|
||||
module.exports = function (packagedAppPath) {
|
||||
if (process.platform === 'darwin') {
|
||||
console.log(`Unlocking keychain ${process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN}`)
|
||||
childProcess.spawnSync('security', [
|
||||
'unlock-keychain',
|
||||
'-p', process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN_PASSWORD,
|
||||
process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN
|
||||
], {stdio: 'inherit'})
|
||||
if (!process.env.ATOM_MAC_CODE_SIGNING_CERT_DOWNLOAD_URL) {
|
||||
console.log('Skipping code signing because the ATOM_MAC_CODE_SIGNING_CERT_DOWNLOAD_URL environment variable is not defined'.gray)
|
||||
return
|
||||
}
|
||||
|
||||
console.log(`Code-signing application at ${packagedAppPath}`)
|
||||
childProcess.spawnSync('codesign', [
|
||||
'--deep', '--force', '--verbose',
|
||||
'--keychain', process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN,
|
||||
'--sign', 'Developer ID Application: GitHub', packagedAppPath
|
||||
], {stdio: 'inherit'})
|
||||
const certPath = path.join(os.tmpdir(), 'mac.p12')
|
||||
downloadCertificate(process.env.ATOM_MAC_CODE_SIGNING_CERT_DOWNLOAD_URL, certPath)
|
||||
|
||||
try {
|
||||
console.log(`Unlocking keychain ${process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN}`)
|
||||
childProcess.spawnSync('security', [
|
||||
'unlock-keychain',
|
||||
'-p', process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN_PASSWORD,
|
||||
process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN
|
||||
], {stdio: 'inherit'})
|
||||
|
||||
console.log(`Importing certificate at ${certPath} into ${process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN} keychain`)
|
||||
childProcess.spawnSync('security', [
|
||||
'import', certPath,
|
||||
'-P', process.env.ATOM_MAC_CODE_SIGNING_CERT_PASSWORD,
|
||||
'-k', process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN,
|
||||
'-T', '/usr/bin/codesign'
|
||||
])
|
||||
|
||||
console.log(`Code-signing application at ${packagedAppPath}`)
|
||||
childProcess.spawnSync('codesign', [
|
||||
'--deep', '--force', '--verbose',
|
||||
'--keychain', process.env.ATOM_MAC_CODE_SIGNING_KEYCHAIN,
|
||||
'--sign', 'Developer ID Application: GitHub', packagedAppPath
|
||||
], {stdio: 'inherit'})
|
||||
} finally {
|
||||
console.log(`Deleting certificate at ${certPath}`);
|
||||
fs.removeSync(certPath)
|
||||
}
|
||||
} else if (process.platform === 'win32') {
|
||||
const signtoolPath = path.join('C:', 'Program Files (x86)', 'Microsoft SDKs', 'Windows', 'v7.1A', 'bin', 'signtool.exe')
|
||||
|
||||
@@ -40,3 +64,16 @@ module.exports = function (packagedAppPath) {
|
||||
throw new Error(`Code-signing is not supported for platform ${process.platform}!`)
|
||||
}
|
||||
}
|
||||
|
||||
function downloadCertificate (downloadURL, certificatePath) {
|
||||
console.log(`Dowloading certificate to ${certificatePath}`)
|
||||
const response = syncRequest('GET', downloadURL, {
|
||||
'headers': {'Accept': 'application/vnd.github.v3.raw', 'User-Agent': 'Atom Build'}
|
||||
})
|
||||
|
||||
if (response.statusCode === 200) {
|
||||
fs.writeFileSync(certificatePath, response.body)
|
||||
} else {
|
||||
throw new Error('Error downloading certificate. HTTP Status ' + response.statusCode + '.')
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,6 +19,7 @@
|
||||
"pegjs": "0.9.0",
|
||||
"season": "5.3.0",
|
||||
"semver": "5.3.0",
|
||||
"sync-request": "^3.0.1",
|
||||
"tello": "1.0.5",
|
||||
"yargs": "4.8.1"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user