From ee9b09fb20c43af7e520f57e9239bbcf46b7113d Mon Sep 17 00:00:00 2001
From: Gus Rivera <gus.rivera@goteleport.com>
Date: Thu, 26 Sep 2024 13:34:37 -0500
Subject: [PATCH] Signing And Notarizing Plugins Targetting Darwin (#45557)

* Updating darwin plugin builds to notarize binaries

* Updating event-handler signing to include binaries
---
 integrations/event-handler/Makefile | 11 +++++++++++
 integrations/terraform/Makefile     | 15 +++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/integrations/event-handler/Makefile b/integrations/event-handler/Makefile
index f4fd8850d1a1e..d0a0906bada06 100644
--- a/integrations/event-handler/Makefile
+++ b/integrations/event-handler/Makefile
@@ -46,8 +46,19 @@ RELEASE_MESSAGE = "Building with GOOS=$(OS) GOARCH=$(ARCH)."
 build:
 	GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -o $(BUILDDIR)/teleport-event-handler $(BUILDFLAGS)
 
+# darwin-signed-build is a wrapper around the build target that ensures it is codesigned
+include ../../darwin-signing.mk
+.PHONY: darwin-signed-build
+darwin-signed-build: BINARIES=$(BINARY)
+darwin-signed-build: build
+	$(NOTARIZE_BINARIES)
+
 .PHONY: release
+ifeq ($(OS),darwin)
+release: darwin-signed-build
+else
 release: build
+endif
 	@echo "---> $(RELEASE_MESSAGE)"
 	mkdir $(RELEASE_NAME)
 	cp -rf $(BINARY) \
diff --git a/integrations/terraform/Makefile b/integrations/terraform/Makefile
index cb6dcd61d958d..3456a99eb9f8b 100644
--- a/integrations/terraform/Makefile
+++ b/integrations/terraform/Makefile
@@ -121,9 +121,20 @@ endif
 	rm -r ./tfschema/github.com/
 	@go run ./gen/main.go
 
-.PHONY: release
+# darwin-signed-build is a wrapper around the build target that ensures it is codesigned
+include ../../darwin-signing.mk
+.PHONY: darwin-signed-build
+darwin-signed-build: BINARIES=$(BUILDDIR)/terraform-provider-teleport
 ifeq ($(OS)-$(ARCH),darwin-universal)
-release: build-darwin-universal
+darwin-signed-build: build-darwin-universal
+else
+darwin-signed-build: build
+endif
+	$(NOTARIZE_BINARIES)
+
+.PHONY: release
+ifeq ($(OS),darwin)
+release: darwin-signed-build
 else
 release: build
 endif