From 10a69ab3d18c6135437d236558be1f45e87bd1b5 Mon Sep 17 00:00:00 2001 From: Martin Hrabovcin Date: Sun, 25 Aug 2024 11:18:38 +0000 Subject: [PATCH 1/2] fix: add macos binary notarization --- .github/workflows/release-kib.yaml | 7 +++++++ .goreleaser-podman-e2e.yml | 1 + .goreleaser.yml | 20 +++++++++++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-kib.yaml b/.github/workflows/release-kib.yaml index bb1519c02..ad02578de 100644 --- a/.github/workflows/release-kib.yaml +++ b/.github/workflows/release-kib.yaml @@ -45,6 +45,13 @@ jobs: env: DOCKER_CLI_EXPERIMENTAL: "enabled" GITHUB_TOKEN: ${{ secrets.MESOSPHERECI_USER_TOKEN }} + # notarize options + NOTARIZE_DARWIN_BINARY: 'true' + MACOS_SIGN_P12: "${{ secrets.NCN_APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}" + MACOS_SIGN_PASSWORD: "${{ secrets.NCN_APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}" + MACOS_NOTARY_ISSUER_ID: "${{ secrets.NCN_APPSTORECONNECT_ISSUER_ID }}" + MACOS_NOTARY_KEY_ID: "${{ secrets.NCN_APPSTORECONNECT_KEY_ID }}" + MACOS_NOTARY_KEY: "${{ secrets.NCN_APPSTORECONNECT_PRIVATE_KEY }}" bump-kib: runs-on: ubuntu-22.04 diff --git a/.goreleaser-podman-e2e.yml b/.goreleaser-podman-e2e.yml index a28c3ea7b..f50ea31e2 100644 --- a/.goreleaser-podman-e2e.yml +++ b/.goreleaser-podman-e2e.yml @@ -1,4 +1,5 @@ --- +version: 2 before: hooks: - go mod download diff --git a/.goreleaser.yml b/.goreleaser.yml index 33f4ea1b9..5c9bd801d 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,4 +1,5 @@ --- +version: 2 before: hooks: - go mod download @@ -6,7 +7,7 @@ before: # NOTE(jkoelker) the changelog is managed by `release-please` changelog: - skip: true + disable: true builds: - main: ./cmd/konvoy-image/main.go @@ -94,3 +95,20 @@ release: prerelease: auto ids: - konvoy-image-bundle + +notarize: + macos: + - enabled: '{{ isEnvSet "NOTARIZE_DARWIN_BINARY"}}' + ids: + - konvoy-image + - konvoy-image-wrapper + sign: + certificate: "{{.Env.MACOS_SIGN_P12}}" + password: "{{.Env.MACOS_SIGN_PASSWORD}}" + + notarize: + issuer_id: "{{.Env.MACOS_NOTARY_ISSUER_ID}}" + key_id: "{{.Env.MACOS_NOTARY_KEY_ID}}" + key: "{{.Env.MACOS_NOTARY_KEY}}" + wait: true + timeout: 20m From eb6989655d3a5f1a80dba31d3c95d3a84b92e045 Mon Sep 17 00:00:00 2001 From: Martin Hrabovcin Date: Sun, 25 Aug 2024 11:38:39 +0000 Subject: [PATCH 2/2] fix: bump goreleaser version --- .github/workflows/release-kib.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release-kib.yaml b/.github/workflows/release-kib.yaml index ad02578de..d87bf4b18 100644 --- a/.github/workflows/release-kib.yaml +++ b/.github/workflows/release-kib.yaml @@ -7,14 +7,14 @@ on: workflow_dispatch: push: tags: - - 'v*' + - "v*" name: Release konvoy-image-builder jobs: release-to-github: runs-on: - - self-hosted - - small + - self-hosted + - small steps: - uses: actions/checkout@v4 with: @@ -24,11 +24,11 @@ jobs: - name: Setup Go uses: actions/setup-go@v5 with: - go-version-file: 'go.mod' + go-version-file: "go.mod" cache: true - name: Download GoReleaser - run: go install github.com/goreleaser/goreleaser@v1.15.2 + run: go install github.com/goreleaser/goreleaser/v2@v2.2.0 - name: Docker Login uses: docker/login-action@v3 @@ -46,7 +46,7 @@ jobs: DOCKER_CLI_EXPERIMENTAL: "enabled" GITHUB_TOKEN: ${{ secrets.MESOSPHERECI_USER_TOKEN }} # notarize options - NOTARIZE_DARWIN_BINARY: 'true' + NOTARIZE_DARWIN_BINARY: "true" MACOS_SIGN_P12: "${{ secrets.NCN_APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}" MACOS_SIGN_PASSWORD: "${{ secrets.NCN_APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}" MACOS_NOTARY_ISSUER_ID: "${{ secrets.NCN_APPSTORECONNECT_ISSUER_ID }}"