From d6b419a0471cbdd313e5dbae8a80defedf6b1663 Mon Sep 17 00:00:00 2001 From: Bob Donovan Date: Wed, 12 Nov 2025 13:54:38 -0500 Subject: [PATCH 1/4] Test macos code signing for binaries --- .yamato/com.unity.ml-agents-pack.yml | 41 ++++++++++++++++++++++++++++ .yamato/env.metafile | 8 ++++++ 2 files changed, 49 insertions(+) create mode 100644 .yamato/env.metafile diff --git a/.yamato/com.unity.ml-agents-pack.yml b/.yamato/com.unity.ml-agents-pack.yml index 786ea04a99..cbd3e49dfc 100644 --- a/.yamato/com.unity.ml-agents-pack.yml +++ b/.yamato/com.unity.ml-agents-pack.yml @@ -1,3 +1,6 @@ +{% metadata_file .yamato/env.metafile -%} +--- + pack: name: Pack agent: @@ -21,3 +24,41 @@ pack: - "upm-ci~/packages/**/*" triggers: cancel_old_ci: true + +sign_macOS: + name: Sign MacOS Shared Libraries + agent: + type: Unity::VM::osx + image: package-ci/macos-13:v4 + flavor: m1.mac + sources: + checkout_mode: sparse + files: + sparse_checkout_rules: .yamato/sparse-checkouts/upm-packages.txt + commands: + - brick_source: git@github.cds.internal.unity3d.com:unity/macos.cds.ci.code-signing.git@v1.2.2 + variables: + CERTIFICATE_NAME: apple-developer-id-application-unity-technologies-sf + - command: |- + security unlock-keychain -p $UNITY_KEYCHAIN_PASSWORD /Users/$USER/Library/Keychains/login.keychain-db +{% for package in packages -%} +{% for shared_library in package.native_plugins.macOS -%} + codesign --force --verify --verbose --timestamp --sign $( Date: Wed, 12 Nov 2025 15:24:31 -0500 Subject: [PATCH 2/4] fixing signing job --- .yamato/com.unity.ml-agents-pack.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.yamato/com.unity.ml-agents-pack.yml b/.yamato/com.unity.ml-agents-pack.yml index cbd3e49dfc..a8fc5b6593 100644 --- a/.yamato/com.unity.ml-agents-pack.yml +++ b/.yamato/com.unity.ml-agents-pack.yml @@ -31,10 +31,6 @@ sign_macOS: type: Unity::VM::osx image: package-ci/macos-13:v4 flavor: m1.mac - sources: - checkout_mode: sparse - files: - sparse_checkout_rules: .yamato/sparse-checkouts/upm-packages.txt commands: - brick_source: git@github.cds.internal.unity3d.com:unity/macos.cds.ci.code-signing.git@v1.2.2 variables: @@ -56,9 +52,3 @@ sign_macOS: - "{{ shared_library.path }}" {% endfor -%} {% endfor -%} - -sign: - name: Sign Shared Libraries - dependencies: - - .yamato/pack.yml#sign_macOS - - .yamato/pack.yml#sign_windows From 1461468482dd64ae274f2120035c873e9d57b9dd Mon Sep 17 00:00:00 2001 From: Bob Donovan Date: Wed, 12 Nov 2025 16:01:18 -0500 Subject: [PATCH 3/4] Fixing code signing --- .yamato/com.unity.ml-agents-pack.yml | 4 ++++ .yamato/env.metafile | 2 +- .yamato/sparse-checkouts/upm-packages.txt | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 .yamato/sparse-checkouts/upm-packages.txt diff --git a/.yamato/com.unity.ml-agents-pack.yml b/.yamato/com.unity.ml-agents-pack.yml index a8fc5b6593..49e63ccc89 100644 --- a/.yamato/com.unity.ml-agents-pack.yml +++ b/.yamato/com.unity.ml-agents-pack.yml @@ -31,6 +31,10 @@ sign_macOS: type: Unity::VM::osx image: package-ci/macos-13:v4 flavor: m1.mac + sources: + checkout_mode: sparse + files: + sparse_checkout_rules: .yamato/sparse-checkouts/upm-packages.txt commands: - brick_source: git@github.cds.internal.unity3d.com:unity/macos.cds.ci.code-signing.git@v1.2.2 variables: diff --git a/.yamato/env.metafile b/.yamato/env.metafile index 82556b55ec..6a8b0ec632 100644 --- a/.yamato/env.metafile +++ b/.yamato/env.metafile @@ -5,4 +5,4 @@ packages: native_plugins: macOS: - name: libgrpc_macOS - path: Plugins/ProtoBuffer/runtimes/osx/native/libgrpc_csharp_ext.x64.bundle + path: com.unity.ml-agents/Plugins/ProtoBuffer/runtimes/osx/native/libgrpc_csharp_ext.x64.bundle diff --git a/.yamato/sparse-checkouts/upm-packages.txt b/.yamato/sparse-checkouts/upm-packages.txt new file mode 100644 index 0000000000..f06a071417 --- /dev/null +++ b/.yamato/sparse-checkouts/upm-packages.txt @@ -0,0 +1,3 @@ +.github +.yamato +com.unity.ml-agents \ No newline at end of file From 136e5bc95ec89d64fed6c114624076cb8c95f8e2 Mon Sep 17 00:00:00 2001 From: Bob Donovan Date: Thu, 13 Nov 2025 16:07:42 -0500 Subject: [PATCH 4/4] Adding dependency on signing job in pack --- .yamato/com.unity.ml-agents-pack.yml | 2 ++ .yamato/wrench/package-pack-jobs.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.yamato/com.unity.ml-agents-pack.yml b/.yamato/com.unity.ml-agents-pack.yml index 49e63ccc89..d3aa3930cd 100644 --- a/.yamato/com.unity.ml-agents-pack.yml +++ b/.yamato/com.unity.ml-agents-pack.yml @@ -24,6 +24,8 @@ pack: - "upm-ci~/packages/**/*" triggers: cancel_old_ci: true + dependencies: + - .yamato/com.unity.ml-agents-pack.yml#sign_macOS sign_macOS: name: Sign MacOS Shared Libraries diff --git a/.yamato/wrench/package-pack-jobs.yml b/.yamato/wrench/package-pack-jobs.yml index 631f612e0d..35d39a4f2f 100644 --- a/.yamato/wrench/package-pack-jobs.yml +++ b/.yamato/wrench/package-pack-jobs.yml @@ -21,6 +21,8 @@ package_pack_-_ml-agents: packages: paths: - upm-ci~/packages/**/* + dependencies: + - path: .yamato/com.unity.ml-agents-pack.yml#sign_macOS variables: UPMCI_ACK_LARGE_PACKAGE: 1 UPMPVP_CONTEXT_WRENCH: 0.10.5.0