Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MacOS notarization (Uplift of #5485 to 0.71.x) #6739

Merged
merged 2 commits into from
Nov 4, 2019
Merged

Add MacOS notarization (Uplift of #5485 to 0.71.x) #6739

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
203aa83
Uplift of #5485 to beta
mbacchi Jul 31, 2019
ffb873c
synced CI pipeline
mihaiplesa Nov 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
64 changes: 40 additions & 24 deletions Jenkinsfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,9 @@ pipeline {
}
environment {
REFERRAL_API_KEY = credentials("REFERRAL_API_KEY")
BRAVE_GOOGLE_API_KEY = credentials("npm_config_brave_google_api_key")
BRAVE_SERVICES_KEY = credentials("brave-services-key")
BRAVE_INFURA_PROJECT_ID = credentials("brave-infura-project-id")
BRAVE_GOOGLE_API_KEY = credentials("npm_config_brave_google_api_key")
BRAVE_ARTIFACTS_S3_BUCKET = credentials("brave-jenkins-artifacts-s3-bucket")
SLACK_USERNAME_MAP = credentials("github-to-slack-username-map")
SIGN_WIDEVINE_PASSPHRASE = credentials("447b2fa7-c989-43af-9047-8ae158fad0a3")
Expand Down Expand Up @@ -129,8 +130,9 @@ pipeline {
}
}
steps {
echo "Enabling sccache"
sh "npm config --userconfig=.npmrc set sccache sccache"
script {
sccache()
}
}
}
stage("build") {
Expand Down Expand Up @@ -342,8 +344,9 @@ pipeline {
}
}
steps {
echo "Enabling sccache"
sh "npm config --userconfig=.npmrc set sccache sccache"
script {
sccache()
}
}
}
stage("build") {
Expand All @@ -365,7 +368,7 @@ pipeline {
}
stage("test-unit") {
steps {
timeout(time: 20, unit: "MINUTES") {
timeout(time: 60, unit: "MINUTES") {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
script {
sh "npm run test -- brave_unit_tests ${BUILD_TYPE} --output brave_unit_tests.xml"
Expand Down Expand Up @@ -493,8 +496,9 @@ pipeline {
}
}
steps {
echo "Enabling sccache"
sh "npm config --userconfig=.npmrc set sccache sccache"
script {
sccache()
}
}
}
stage("build") {
Expand All @@ -520,7 +524,7 @@ pipeline {
}
stage("test-unit") {
steps {
timeout(time: 20, unit: "MINUTES") {
timeout(time: 60, unit: "MINUTES") {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
script {
sh "npm run test -- brave_unit_tests ${BUILD_TYPE} --output brave_unit_tests.xml"
Expand Down Expand Up @@ -586,7 +590,7 @@ pipeline {
environment {
GIT_CACHE_PATH = "C:\\Users\\Administrator\\cache"
SCCACHE_BUCKET = credentials("brave-browser-sccache-win-s3-bucket")
SCCACHE_ERROR_LOG = "${WORKSPACE}/sccache.log"
SCCACHE_ERROR_LOG = "${WORKSPACE}\\sccache.log"
PATH = "C:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.18362.0\\x64\\;C:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Community\\Common7\\IDE\\Remote Debugger\\x64;${PATH}"
SIGNTOOL_ARGS = "sign /t http://timestamp.digicert.com /fd sha256 /sm"
CERT = "Brave"
Expand Down Expand Up @@ -676,17 +680,20 @@ pipeline {
}
}
}
// stage("sccache") {
// when {
// allOf {
// expression { !DISABLE_SCCACHE }
// }
// }
// steps {
// echo "Enabling sccache"
// powershell "npm config --userconfig=.npmrc set sccache sccache"
// }
// }
stage("sccache") {
when {
allOf {
expression { !DISABLE_SCCACHE }
}
}
steps {
echo "Enabling sccache"
powershell """
\$ErrorActionPreference = "Stop"
npm config --userconfig=.npmrc set sccache sccache
"""
}
}
stage("build") {
environment {
SIGN_WIDEVINE_CERT = credentials("widevine_brave_prod_cert.der")
Expand All @@ -696,9 +703,10 @@ pipeline {
powershell """
\$ErrorActionPreference = "Stop"
npm config --userconfig=.npmrc set brave_referrals_api_key ${REFERRAL_API_KEY}
npm config --userconfig=.npmrc set brave_services_key ${BRAVE_SERVICES_KEY}
npm config --userconfig=.npmrc set brave_infura_project_id ${BRAVE_INFURA_PROJECT_ID}
npm config --userconfig=.npmrc set brave_google_api_endpoint https://location.services.mozilla.com/v1/geolocate?key=
npm config --userconfig=.npmrc set brave_google_api_key ${BRAVE_GOOGLE_API_KEY}
npm config --userconfig=.npmrc set brave_infura_project_id ${BRAVE_INFURA_PROJECT_ID}
npm config --userconfig=.npmrc set google_api_endpoint safebrowsing.brave.com
npm config --userconfig=.npmrc set google_api_key dummytoken
npm run build -- ${BUILD_TYPE} --channel=${CHANNEL} ${OFFICIAL_BUILD} ${SKIP_SIGNING}
Expand All @@ -719,7 +727,7 @@ pipeline {
}
stage("test-unit") {
steps {
timeout(time: 20, unit: "MINUTES") {
timeout(time: 60, unit: "MINUTES") {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
powershell """
\$ErrorActionPreference = "Stop"
Expand Down Expand Up @@ -811,6 +819,7 @@ def setEnv() {
GITHUB_CREDENTIAL_ID = "brave-builds-github-token-for-pr-builder"
RUST_LOG = "sccache=warn"
RUST_BACKTRACE = "1"
SCCACHE_IDLE_TIMEOUT = 0
SKIP = false
SKIP_ANDROID = false
SKIP_IOS = false
Expand Down Expand Up @@ -992,12 +1001,18 @@ def lint() {
"""
}

def sccache() {
echo "Enabling sccache"
sh "npm config --userconfig=.npmrc set sccache sccache"
}

def config() {
sh """
npm config --userconfig=.npmrc set brave_referrals_api_key ${REFERRAL_API_KEY}
npm config --userconfig=.npmrc set brave_services_key ${BRAVE_SERVICES_KEY}
npm config --userconfig=.npmrc set brave_infura_project_id ${BRAVE_INFURA_PROJECT_ID}
npm config --userconfig=.npmrc set brave_google_api_endpoint https://location.services.mozilla.com/v1/geolocate?key=
npm config --userconfig=.npmrc set brave_google_api_key ${BRAVE_GOOGLE_API_KEY}
npm config --userconfig=.npmrc set brave_infura_project_id ${BRAVE_INFURA_PROJECT_ID}
npm config --userconfig=.npmrc set google_api_endpoint safebrowsing.brave.com
npm config --userconfig=.npmrc set google_api_key dummytoken
"""
Expand All @@ -1006,6 +1021,7 @@ def config() {
def installWindows() {
powershell """
Remove-Item -Recurse -Force ${GIT_CACHE_PATH}/*.lock
Get-ChildItem "Cert:\\LocalMachine\\My" | Remove-Item
\$ErrorActionPreference = "Stop"
npm install --no-optional
Copy-Item "${SOURCE_KEY_CER_PATH}" -Destination "${KEY_CER_PATH}"
Expand Down
10 changes: 10 additions & 0 deletions lib/config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ const Config = function () {
this.mac_installer_signing_identifier = getNPMConfig(['mac_installer_signing_identifier']) || ''
this.mac_signing_keychain = getNPMConfig(['mac_signing_keychain']) || 'login'
this.mac_signing_output_prefix = 'signing'
this.notary_user = getNPMConfig(['notary_user']) || ''
this.notary_password = getNPMConfig(['notary_password']) || ''
this.channel = ''
this.sccache = getNPMConfig(['sccache'])
this.braveReferralsApiKey = getNPMConfig(['brave_referrals_api_key']) || ''
Expand Down Expand Up @@ -129,6 +131,11 @@ Config.prototype.buildArgs = function () {
args.mac_installer_signing_identifier = this.mac_installer_signing_identifier
args.mac_signing_keychain = this.mac_signing_keychain
args.mac_signing_output_prefix = this.mac_signing_output_prefix
if (this.notarize) {
args.notarize = true
args.notary_user = this.notary_user
args.notary_password = this.notary_password
}
}

if (process.platform === 'win32' && this.build_omaha) {
Expand Down Expand Up @@ -425,6 +432,9 @@ Config.prototype.update = function (options) {
if (options.mac_signing_keychain)
this.mac_signing_keychain = options.mac_signing_keychain

if (options.notarize)
this.notarize = true

if (options.gclient_verbose)
this.gClientVerbose = options.gclient_verbose

Expand Down
6 changes: 6 additions & 0 deletions lib/createDist.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ const createDist = (buildConfig = config.defaultBuildConfig, options) => {
config.buildConfig = buildConfig
config.update(options)

if (config.notarize) {
notarize = config.notarize
notary_user = config.notary_user
notary_password = config.notary_password
}

util.updateBranding()
fs.removeSync(path.join(config.outputDir, 'dist'))
config.buildTarget = 'create_dist'
Expand Down
1 change: 1 addition & 0 deletions scripts/commands.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ program
.option('--build_omaha', 'build omaha stub/standalone installer')
.option('--tag_ap <ap>', 'ap for stub/standalone installer')
.option('--skip_signing', 'skip signing dmg/brave_installer.exe')
.option('--notarize', 'notarize the macOS app with Apple')
.arguments('[build_config]')
.action(createDist)

Expand Down