xamarin
/
xamarin-macios
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Jenkinsfile notarization (#6869) 

* Add in notarization script for xamarin.mac/xamarin.iOS

* Flatten the list to get rid of the braces

* Add in keychain password

* Add login.keychain back in to access codesigning certificates

* Always sign pkgs, upload notarized copies

* Enable ios notarization and make notarized pkgs public

* Make notarization non-fatal

* Publish GH statuses for notarized PKGs

* Don't forget to declare URI variables for notarized pkgs

* report proper package links

* [jenkins] Improve package reporting.
This commit is contained in:
Connor Adsit 2019-09-02 06:35:14 -04:00 коммит произвёл Rolf Bjarne Kvinge
Родитель 9e193eaca3
Коммит c384add291
2 изменённых файлов: 77 добавлений и 4 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

67
jenkins/Jenkinsfile поставляемый
Просмотреть файл

@ -10,6 +10,8 @@ packagePrefix = null
virtualPath = null
xiPackageUrl = null
xmPackageUrl = null
xiNotarizedPackageUrl = null
xmNotarizedPackageUrl = null
utils = null
errorMessage = null
currentStage = null
@ -19,6 +21,8 @@ manualException = false
xiPackageFilename = null
xmPackageFilename = null
xiNotarizedPkgFilename = null
xmNotarizedPkgFilename = null
msbuildZipFilename = null
bundleZipFilename = null
manifestFilename = null
@ -477,6 +481,9 @@ timestamps {
}
stage ('Signing') {
def notarize_mac = true
def notarize_ios = true
def entitlements = "${workspace}/xamarin-macios/mac-entitlements.plist"
currentStage = "${STAGE_NAME}"
echo ("Building on ${env.NODE_NAME}")
def xiPackages = findFiles (glob: "package/xamarin.ios-*.pkg")
@ -495,8 +502,49 @@ timestamps {
def bundleZip = findFiles (glob: "package/bundle.zip")
if (bundleZip.length > 0)
bundleZipFilename = bundleZip [0].name
withCredentials ([string (credentialsId: 'codesign_keychain_pw', variable: 'PRODUCTSIGN_KEYCHAIN_PASSWORD')]) {
sh ("${workspace}/xamarin-macios/jenkins/productsign.sh")
sh ("${workspace}/xamarin-macios/jenkins/productsign.sh")
}
if (notarize_mac || notarize_ios) {
try {
pkgs = []
if (fileExists('release-scripts')) {
dir('release-scripts') {
sh ('git checkout sign-and-notarized && git pull')
}
} else {
sh ('git clone git@github.com:xamarin/release-scripts -b sign-and-notarized')
}
if (notarize_mac)
pkgs = pkgs + xmPackages
if (notarize_ios)
pkgs = pkgs + xiPackages
withCredentials([string(credentialsId: 'codesign_keychain_pw', variable: 'KEYCHAIN_PASS'), string(credentialsId: 'team_id', variable: 'TEAM_ID'), string(credentialsId: 'application_id', variable: 'APP_ID'), string(credentialsId: 'installer_id', variable: 'INSTALL_ID'), usernamePassword(credentialsId: 'apple_account', passwordVariable: 'APPLE_PASS', usernameVariable: 'APPLE_ACCOUNT')]) {
sh (returnStatus: true, script: "security create-keychain -p ${env.KEYCHAIN_PASS} login.keychain") // needed to repopulate the keychain
sh ("security unlock-keychain -p ${env.KEYCHAIN_PASS} login.keychain")
sh ("python release-scripts/sign_and_notarize.py -a ${env.APP_ID} -i ${env.INSTALL_ID} -u ${env.APPLE_ACCOUNT} -p ${env.APPLE_PASS} -t ${env.TEAM_ID} -d package/notarized -e ${entitlements} -k login.keychain " + pkgs.flatten().join(" "))
}
def xiNotarizedPackages = findFiles (glob: "package/notarized/xamarin.ios-*.pkg")
if (xiNotarizedPackages.length > 0) {
xiNotarizedPkgFilename = xiNotarizedPackages [0].name
echo ("Created notarized Xamarin.iOS package: ${xiNotarizedPkgFilename}")
}
def xmNotarizedPackages = findFiles (glob: "package/notarized/xamarin.mac-*.pkg")
if (xmNotarizedPackages.length > 0) {
xmNotarizedPkgFilename = xmNotarizedPackages [0].name
echo ("Created notarized Xamarin.Mac package: ${xmNotarizedPkgFilename}")
}
} catch (ex) {
echo "Notarization failed:\n${ex.getMessage()}"
for (def stack : ex.getStackTrace()) {
echo "\t${stack}"
}
manager.addWarningBadge("PKGs are not notarized")
}
}
}
@ -531,6 +579,7 @@ timestamps {
sh ("ls -la package")
uploadFiles ("package/*", "wrench", virtualPath)
uploadFiles ("package/notarized/*", "wrench", virtualPath)
uploadFiles ("package-internal/*", "jenkins-internal", virtualPath)
// Also upload manifest to a predictable url (without the build number)
@ -558,12 +607,22 @@ timestamps {
if (xiPackageFilename != null) {
xiPackageUrl = "${packagePrefix}/${xiPackageFilename}"
utils.reportGitHubStatus (gitHash, 'PKG-Xamarin.iOS', "${xiPackageUrl}", 'SUCCESS', "${xiPackageFilename}")
packagesMessage += "[${xiPackageFilename}](${xiPackageUrl}) "
packagesMessage += "* [${xiPackageFilename} (Not notarized)](${xiPackageUrl})\n"
}
if (xmPackageFilename != null) {
xmPackageUrl = "${packagePrefix}/${xmPackageFilename}"
utils.reportGitHubStatus (gitHash, 'PKG-Xamarin.Mac', "${xmPackageUrl}", 'SUCCESS', "${xmPackageFilename}")
packagesMessage += "[${xmPackageFilename}](${xmPackageUrl})"
packagesMessage += "* [${xmPackageFilename} (Not notarized)](${xmPackageUrl})\n"
}
if (xiNotarizedPkgFilename != null) {
xiNotarizedPackageUrl = "${packagePrefix}/notarized/${xiNotarizedPkgFilename}"
utils.reportGitHubStatus (gitHash, 'PKG-Xamarin.iOS-notarized', "${xiNotarizedPackageUrl}", 'SUCCESS', "${xiNotarizedPkgFilename}")
packagesMessage += "* [${xiNotarizedPkgFilename} (Notarized)](${xiNotarizedPackageUrl})\n"
}
if (xmNotarizedPkgFilename != null) {
xmNotarizedPackageUrl = "${packagePrefix}/notarized/${xmNotarizedPkgFilename}"
utils.reportGitHubStatus (gitHash, 'PKG-Xamarin.Mac-notarized', "${xmNotarizedPackageUrl}", 'SUCCESS', "${xmNotarizedPkgFilename}")
packagesMessage += "* [${xmNotarizedPkgFilename} (Notarized)](${xmNotarizedPackageUrl})\n"
}
if (manifestFilename != null) {
def manifestUrl = "${packagePrefix}/${manifestFilename}"
@ -583,7 +642,7 @@ timestamps {
}
if (packagesMessage != "")
appendFileComment ("✅ Packages: ${packagesMessage}\n")
appendFileComment ("✅ Packages: \n${packagesMessage}\n")
}
dir ('xamarin-macios') {

14
mac-entitlements.plist Normal file
Просмотреть файл

@ -0,0 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>