all: sign windows
This commit is contained in:
parent
6fe4b9440d
commit
f61af53a70
4
Makefile
4
Makefile
|
@ -23,6 +23,7 @@ VERBOSE.MACRO = $${VERBOSE:-0}
|
|||
CHANNEL = development
|
||||
CLIENT_DIR = client
|
||||
COMMIT = $$( git rev-parse --short HEAD )
|
||||
DEPLOY_SCRIPT_PATH = not/a/real/path
|
||||
DIST_DIR = dist
|
||||
GOAMD64 = v1
|
||||
GOPROXY = https://proxy.golang.org|direct
|
||||
|
@ -37,6 +38,7 @@ NPM_INSTALL_FLAGS = $(NPM_FLAGS) --quiet --no-progress --ignore-engines\
|
|||
--ignore-optional --ignore-platform --ignore-scripts
|
||||
RACE = 0
|
||||
SIGN = 1
|
||||
SIGNER_API_KEY = not-a-real-key
|
||||
VERSION = v0.0.0
|
||||
YARN = yarn
|
||||
|
||||
|
@ -60,6 +62,7 @@ BUILD_RELEASE_DEPS_1 = go-deps
|
|||
ENV = env\
|
||||
CHANNEL='$(CHANNEL)'\
|
||||
COMMIT='$(COMMIT)'\
|
||||
DEPLOY_SCRIPT_PATH='$(DEPLOY_SCRIPT_PATH)' \
|
||||
DIST_DIR='$(DIST_DIR)'\
|
||||
GO="$(GO.MACRO)"\
|
||||
GOAMD64='$(GOAMD64)'\
|
||||
|
@ -72,6 +75,7 @@ ENV = env\
|
|||
PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
|
||||
RACE='$(RACE)'\
|
||||
SIGN='$(SIGN)'\
|
||||
SIGNER_API_KEY='$(SIGNER_API_KEY)' \
|
||||
NEXTAPI='$(NEXTAPI)'\
|
||||
VERBOSE="$(VERBOSE.MACRO)"\
|
||||
VERSION="$(VERSION)"\
|
||||
|
|
|
@ -89,6 +89,11 @@
|
|||
'other':
|
||||
'clean-working-dir': true
|
||||
'tasks':
|
||||
- 'checkout':
|
||||
'repository': 'bamboo-deploy-publisher'
|
||||
# The paths are always relative to the working directory.
|
||||
'path': 'bamboo-deploy-publisher'
|
||||
'force-clean-build': true
|
||||
- 'checkout':
|
||||
'force-clean-build': true
|
||||
- 'script':
|
||||
|
@ -99,6 +104,12 @@
|
|||
|
||||
set -e -f -u -x
|
||||
|
||||
# Follow the working repository path.
|
||||
cd "${bamboo.name}"
|
||||
|
||||
# Explicitly checkout the revision that we need.
|
||||
git checkout "${bamboo.repository.revision.number}"
|
||||
|
||||
# Run the build with the specified channel.
|
||||
echo "${bamboo.gpgSecretKeyPart1}${bamboo.gpgSecretKeyPart2}"\
|
||||
| awk '{ gsub(/\\n/, "\n"); print; }'\
|
||||
|
@ -107,6 +118,8 @@
|
|||
make\
|
||||
CHANNEL=${bamboo.channel}\
|
||||
GPG_KEY_PASSPHRASE=${bamboo.gpgPassword}\
|
||||
DEPLOY_SCRIPT_PATH="../bamboo-deploy-publisher/deploy.sh"\
|
||||
SIGNER_API_KEY="${bamboo.adguardDnsClientWinSignerSecretApiKey}"\
|
||||
FRONTEND_PREBUILT=1\
|
||||
PARALLELISM=1\
|
||||
VERBOSE=2\
|
||||
|
|
|
@ -143,6 +143,11 @@
|
|||
'other':
|
||||
'clean-working-dir': true
|
||||
'tasks':
|
||||
- 'checkout':
|
||||
'repository': 'bamboo-deploy-publisher'
|
||||
# The paths are always relative to the working directory.
|
||||
'path': 'bamboo-deploy-publisher'
|
||||
'force-clean-build': true
|
||||
- 'checkout':
|
||||
'force-clean-build': true
|
||||
- 'script':
|
||||
|
@ -153,13 +158,27 @@
|
|||
|
||||
set -e -f -u -x
|
||||
|
||||
# Follow the working repository path.
|
||||
cd "${bamboo.name}"
|
||||
|
||||
# Explicitly checkout the revision that we need.
|
||||
git checkout "${bamboo.repository.revision.number}"
|
||||
|
||||
# Run the build with the specified channel.
|
||||
echo "${bamboo.gpgSecretKeyPart1}${bamboo.gpgSecretKeyPart2}"\
|
||||
| awk '{ gsub(/\\n/, "\n"); print; }'\
|
||||
| gpg --import --batch --yes
|
||||
|
||||
make\
|
||||
ARCH="amd64"\
|
||||
CHANNEL=${bamboo.channel}\
|
||||
GPG_KEY_PASSPHRASE=${bamboo.gpgPassword}\
|
||||
DEPLOY_SCRIPT_PATH="../bamboo-deploy-publisher/deploy.sh"\
|
||||
SIGNER_API_KEY="${bamboo.adguardDnsClientWinSignerSecretApiKey}"\
|
||||
FRONTEND_PREBUILT=1\
|
||||
OS="windows darwin linux"\
|
||||
PARALLELISM=1\
|
||||
SIGN=0\
|
||||
SIGN=1\
|
||||
VERBOSE=2\
|
||||
build-release
|
||||
'requirements':
|
||||
|
|
|
@ -83,11 +83,15 @@ if [ "$sign" -eq '1' ]
|
|||
then
|
||||
gpg_key_passphrase="${GPG_KEY_PASSPHRASE:?please set GPG_KEY_PASSPHRASE or unset SIGN}"
|
||||
gpg_key="${GPG_KEY:?please set GPG_KEY or unset SIGN}"
|
||||
signer_api_key="${SIGNER_API_KEY:?please set SIGNER_API_KEY or unset SIGN}"
|
||||
deploy_script_path="${DEPLOY_SCRIPT_PATH:?please set DEPLOY_SCRIPT_PATH or unset SIGN}"
|
||||
else
|
||||
gpg_key_passphrase=''
|
||||
gpg_key=''
|
||||
signer_api_key=''
|
||||
deploy_script_path=''
|
||||
fi
|
||||
readonly gpg_key_passphrase gpg_key
|
||||
readonly gpg_key_passphrase gpg_key signer_api_key deploy_script_path
|
||||
|
||||
# The default distribution files directory is dist.
|
||||
dist="${DIST_DIR:-dist}"
|
||||
|
@ -149,6 +153,46 @@ windows amd64 - -
|
|||
windows arm64 - -"
|
||||
readonly platforms
|
||||
|
||||
# Function sign signs the specified build as intended by the target operating
|
||||
# system.
|
||||
sign() {
|
||||
# Only sign if needed.
|
||||
if [ "$sign" -ne '1' ]
|
||||
then
|
||||
return
|
||||
fi
|
||||
|
||||
# Get the arguments. Here and below, use the "sign_" prefix for all
|
||||
# variables local to function sign.
|
||||
sign_os="$1"
|
||||
sign_bin_path="$2"
|
||||
|
||||
if [ "$sign_os" != 'windows' ]
|
||||
then
|
||||
gpg\
|
||||
--default-key "$gpg_key"\
|
||||
--detach-sig\
|
||||
--passphrase "$gpg_key_passphrase"\
|
||||
--pinentry-mode loopback\
|
||||
-q\
|
||||
"$sign_bin_path"\
|
||||
;
|
||||
|
||||
return
|
||||
fi
|
||||
|
||||
signed_bin_path="${sign_bin_path}.signed"
|
||||
|
||||
env\
|
||||
INPUT_FILE="$sign_bin_path"\
|
||||
OUTPUT_FILE="$signed_bin_path"\
|
||||
SIGNER_API_KEY="$signer_api_key"\
|
||||
"$deploy_script_path" sign-executable\
|
||||
;
|
||||
|
||||
mv "$signed_bin_path" "$sign_bin_path"
|
||||
}
|
||||
|
||||
# Function build builds the release for one platform. It builds a binary and an
|
||||
# archive.
|
||||
build() {
|
||||
|
@ -189,17 +233,7 @@ build() {
|
|||
|
||||
log "$build_output"
|
||||
|
||||
if [ "$sign" -eq '1' ]
|
||||
then
|
||||
gpg\
|
||||
--default-key "$gpg_key"\
|
||||
--detach-sig\
|
||||
--passphrase "$gpg_key_passphrase"\
|
||||
--pinentry-mode loopback\
|
||||
-q\
|
||||
"$build_output"\
|
||||
;
|
||||
fi
|
||||
sign "$os" "$build_output"
|
||||
|
||||
# Prepare the build directory for archiving.
|
||||
cp ./CHANGELOG.md ./LICENSE.txt ./README.md "$build_dir"
|
||||
|
|
Loading…
Reference in New Issue