Skip to content

Commit 1c35039

Browse files
ethanndicksonethanndickson
committed
ci: sign builds for distribution via sparkle
1 parent 117d8fd commit 1c35039

File tree

5 files changed

+22
-7
lines changed

5 files changed

+22
-7
lines changed

.env

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,5 @@ APPLE_ID_PASSWORD="op://Apple/3apcadvvcojjbpxnd7m5fgh5wm/password"
1010

1111
APP_PROF="op://Apple/Provisioning Profiles/profiles/application_base64"
1212
EXT_PROF="op://Apple/Provisioning Profiles/profiles/extension_base64"
13+
14+
SPARKLE_PRIVATE_KEY="op://Apple/Private key for signing Sparkle updates/notesPlain"

.github/workflows/release.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ jobs:
5656
APPLE_ID_PASSWORD: ${{ secrets.APPLE_NOTARYTOOL_PASSWORD }}
5757
APP_PROF: ${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }}
5858
EXT_PROF: ${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }}
59+
SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
5960
run: make release
6061

6162
# Upload as artifact in dry-run mode

Coder-Desktop/Coder-Desktop/Info.plist

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,5 +31,7 @@
3131
<key>NEMachServiceName</key>
3232
<string>$(TeamIdentifierPrefix)com.coder.Coder-Desktop.VPN</string>
3333
</dict>
34+
<key>SUPublicEDKey</key>
35+
<string>Ae2oQLTcx89/a73XrpOt+IVvqdo+fMTjo3UKEm77VdA=</string>
3436
</dict>
3537
</plist>

Makefile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,8 @@ release: $(KEYCHAIN_FILE) ## Create a release build of Coder Desktop
106106
--app-prof-path "$$APP_PROF_PATH" \
107107
--ext-prof-path "$$EXT_PROF_PATH" \
108108
--version $(MARKETING_VERSION) \
109-
--keychain "$(APP_SIGNING_KEYCHAIN)"; \
109+
--keychain "$(APP_SIGNING_KEYCHAIN)" \
110+
--sparkle-private-key "$$SPARKLE_PRIVATE_KEY"; \
110111
rm "$$APP_PROF_PATH" "$$EXT_PROF_PATH"
111112

112113
.PHONY: fmt

scripts/build.sh

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,17 @@ APP_PROF_PATH=${APP_PROF_PATH:-""}
1616
EXT_PROF_PATH=${EXT_PROF_PATH:-""}
1717
KEYCHAIN=${KEYCHAIN:-""}
1818
VERSION=${VERSION:-""}
19+
SPARKLE_PRIVATE_KEY=${SPARKLE_PRIVATE_KEY:-""}
1920

2021
# Function to display usage
2122
usage() {
2223
echo "Usage: $0 [--app-prof-path <path>] [--ext-prof-path <path>] [--keychain <path>]"
23-
echo " --app-prof-path <path> Set the APP_PROF_PATH variable"
24-
echo " --ext-prof-path <path> Set the EXT_PROF_PATH variable"
25-
echo " --keychain <path> Set the KEYCHAIN variable"
26-
echo " --version <version> Set the VERSION variable to fetch and generate the cask file for"
27-
echo " -h, --help Display this help message"
24+
echo " --app-prof-path <path> Set the APP_PROF_PATH variable"
25+
echo " --ext-prof-path <path> Set the EXT_PROF_PATH variable"
26+
echo " --keychain <path> Set the KEYCHAIN variable"
27+
echo " --sparkle-private-key <path> Set the SPARKLE_PRIVATE_KEY variable"
28+
echo " --version <version> Set the VERSION variable to fetch and generate the cask file for"
29+
echo " -h, --help Display this help message"
2830
}
2931

3032
# Parse command line arguments
@@ -42,6 +44,10 @@ while [[ "$#" -gt 0 ]]; do
4244
KEYCHAIN="$2"
4345
shift 2
4446
;;
47+
--sparkle-private-key)
48+
SPARKLE_PRIVATE_KEY="$2"
49+
shift 2
50+
;;
4551
--version)
4652
VERSION="$2"
4753
shift 2
@@ -59,7 +65,7 @@ while [[ "$#" -gt 0 ]]; do
5965
done
6066

6167
# Check if required variables are set
62-
if [[ -z "$APP_PROF_PATH" || -z "$EXT_PROF_PATH" || -z "$KEYCHAIN" ]]; then
68+
if [[ -z "$APP_PROF_PATH" || -z "$EXT_PROF_PATH" || -z "$KEYCHAIN" || -z "$SPARKLE_PRIVATE_KEY" ]]; then
6369
echo "Missing required values"
6470
echo "APP_PROF_PATH: $APP_PROF_PATH"
6571
echo "EXT_PROF_PATH: $EXT_PROF_PATH"
@@ -195,6 +201,9 @@ xcrun notarytool submit "$PKG_PATH" \
195201
xcrun stapler staple "$PKG_PATH"
196202
xcrun stapler staple "$BUILT_APP_PATH"
197203

204+
signature=$(echo "$SPARKLE_PRIVATE_KEY" | ~/Library/Developer/Xcode/DerivedData/Coder-Desktop-*/SourcePackages/artifacts/sparkle/Sparkle/bin/sign_update "$PKG_PATH" -ed-key-file -)
205+
echo "$signature" >"$PKG_PATH.sig"
206+
198207
# Add dsym to build artifacts
199208
(cd "$ARCHIVE_PATH/dSYMs" && zip -9 -r --symlinks "$DSYM_ZIPPED_PATH" ./*)
200209

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy