Skip to content

Commit

Permalink
Allow signed releases for macOS and Windows, fixes #1626 (#1727)
Browse files Browse the repository at this point in the history 
* (Windows) Sign the ddev binary as well as the installer binary

This also makes 'make windows_install' work on Windows
where it has never worked before. Turns out it needs
backslashes in the ddev.nsi

* Sign ddev binary on macOS
* Release build is done with macOS now, so it can be signed
  • Loading branch information
@rfay
rfay committed Jul 24, 2019
1 parent 2148548 commit 6665fe7
Show file tree
Hide file tree
Showing 9 changed files with 100 additions and 107 deletions.
134 changes: 51 additions & 83 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,19 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: NORMAL Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew

# Now build using the regular ddev-only technique - this results in a fully clean set of executables.
- run:
command: |
make -s clean linux darwin windows_install chocolatey EXTRA_PATH=/home/linuxbrew/.linuxbrew/bin
make -s clean linux darwin windows_install EXTRA_PATH=/home/linuxbrew/.linuxbrew/bin
name: Build the ddev executables
- persist_to_workspace:
root: ~/
Expand All @@ -42,13 +42,13 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
# Run the built-in ddev tests with the executables just built.
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew

Expand All @@ -62,7 +62,7 @@ jobs:

mac_nginx_fpm_test:
macos:
xcode: "10.1.0"
xcode: "10.2.1"
working_directory: ~/ddev
environment:
DDEV_TEST_WEBSERVER_TYPE: nginx-fpm
Expand All @@ -73,16 +73,18 @@ jobs:
at: ~/
- restore_cache:
keys:
- homebrew-macos-v5
- homebrew-macos-v9
# Run the built-in ddev tests with the executables just built.
- run:
command: ./.circleci/macos_circle_vm_setup.sh
name: macOS Circle VM setup - tools, docker, golang
# Now build using the regular ddev-only technique - this results in a fully clean set of executables.
- save_cache:
key: homebrew-macos-v5
key: homebrew-macos-v9
paths:
- /usr/local/Homebrew
- /usr/local/Cellar
- ~/Library/Caches/Homebrew
- run:
command: make -s test
name: ddev tests
Expand All @@ -92,7 +94,7 @@ jobs:

mac_apache_fpm_test:
macos:
xcode: "10.1.0"
xcode: "10.2.1"
working_directory: ~/ddev
environment:
DDEV_TEST_WEBSERVER_TYPE: apache-fpm
Expand All @@ -103,7 +105,7 @@ jobs:
at: ~/
- restore_cache:
keys:
- homebrew-macos-v5
- homebrew-macos-v9
# Run the built-in ddev tests with the executables just built.
- run:
command: ./.circleci/macos_circle_vm_setup.sh
Expand All @@ -116,44 +118,15 @@ jobs:
- store_test_results:
path: /tmp/testresults
- save_cache:
key: homebrew-macos-v5
paths:
- /usr/local/Homebrew


mac_webcache_test:
macos:
xcode: "10.1.0"
working_directory: ~/ddev
environment:
DDEV_TEST_USE_WEBCACHE: "true"
DRUD_NONINTERACTIVE: "true"
GOTEST_SHORT: "true"
steps:
- attach_workspace:
at: ~/
- restore_cache:
keys:
- homebrew-macos-v5
# Run the built-in ddev tests with the executables just built.
- run:
command: ./.circleci/macos_circle_vm_setup.sh
name: macOS Circle VM setup - tools, docker, golang
# Now build using the regular ddev-only technique - this results in a fully clean set of executables.
- run:
command: make -s test
name: ddev tests
no_output_timeout: "40m"
- store_test_results:
path: /tmp/testresults
- save_cache:
key: homebrew-macos-v5
key: homebrew-macos-v9
paths:
- /usr/local/Homebrew
- /usr/local/Cellar
- ~/Library/Caches/Homebrew

mac_nfsmount_test:
macos:
xcode: "10.1.0"
xcode: "10.2.1"
working_directory: ~/ddev
environment:
DDEV_TEST_USE_NFSMOUNT: "true"
Expand All @@ -164,16 +137,17 @@ jobs:
at: ~/
- restore_cache:
keys:
- homebrew-macos-v5
- homebrew-macos-v9
# Run the built-in ddev tests with the executables just built.
- run:
command: ./.circleci/macos_circle_vm_setup.sh
name: macOS Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-macos-v5
key: homebrew-macos-v9
paths:
- /usr/local/Homebrew
# Now build using the regular ddev-only technique - this results in a fully clean set of executables.
- /usr/local/Cellar
- ~/Library/Caches/Homebrew
- run:
command: make -s test
name: ddev tests
Expand All @@ -194,14 +168,14 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
- attach_workspace:
at: ~/
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew

Expand All @@ -227,14 +201,14 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
- attach_workspace:
at: ~/
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew
- run:
Expand All @@ -257,14 +231,14 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
- attach_workspace:
at: ~/
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew
# Now build using the regular ddev-only technique - this results in a fully clean set of executables.
Expand All @@ -287,12 +261,12 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew
- run:
Expand All @@ -308,12 +282,12 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew
- run:
Expand All @@ -331,20 +305,22 @@ jobs:

mac_container_test:
macos:
xcode: "10.1.0"
xcode: "10.2.1"
working_directory: ~/ddev
steps:
- checkout
- restore_cache:
keys:
- homebrew-macos-v5
- homebrew-macos-v9
- run:
command: ./.circleci/macos_circle_vm_setup.sh
name: macOS Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-macos-v5
key: homebrew-macos-v9
paths:
- /usr/local/Homebrew
- /usr/local/Cellar
- ~/Library/Caches/Homebrew
- run:
command: |
for dir in containers/*
Expand All @@ -367,15 +343,15 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
- attach_workspace:
at: ~/
- run:
command: ./.circleci/generate_artifacts.sh $ARTIFACTS
name: tar/zip up artifacts and make hashes
no_output_timeout: "40m"
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew
- store_artifacts:
Expand All @@ -395,24 +371,20 @@ jobs:
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-linux-v6
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: TAG BUILD Circle VM setup - tools, docker, golang
- save_cache:
key: homebrew-linux-v5
key: homebrew-linux-v6
paths:
- /home/linuxbrew

# Now build using the regular ddev-only technique - this results in a fully clean set of executables.
- run:
command: make -s clean linux darwin windows_install chocolatey EXTRA_PATH=/home/linuxbrew/.linuxbrew/bin
command: make -s clean linux darwin windows_install EXTRA_PATH=/home/linuxbrew/.linuxbrew/bin
name: Build the ddev executables

- run:
command: .gotmp/bin/ddev version
name: ddev version information

# We only build the xz version of the docker images on tag build.
- run:
# Do not build the docker tarballs at simple tag build time
Expand All @@ -424,37 +396,33 @@ jobs:
path: /artifacts
name: Artifact storage

# 'release_build' is used to push a full release.
# 'release_build' is used to push a full release; it's triggered by api call
release_build:
machine:
image: ubuntu-1604:201903-01
macos:
xcode: "10.2.1"
working_directory: ~/ddev
environment:
DRUD_DEBUG: "true"
ARTIFACTS: /artifacts
steps:
- checkout
- run: sudo mkdir /home/linuxbrew && sudo chown $(id -u) /home/linuxbrew
- restore_cache:
keys:
- homebrew-linux-v5
- homebrew-macos-v9
- run:
command: ./.circleci/linux_circle_vm_setup.sh
name: RELEASE BUILD Circle VM setup - tools, docker, golang
command: ./.circleci/macos_circle_vm_setup.sh
name: RELEASE BUILD Circle VM setup
- save_cache:
key: homebrew-linux-v5
key: homebrew-macos-v9
paths:
- /home/linuxbrew
- /usr/local/Homebrew
- /usr/local/Cellar
- ~/Library/Caches/Homebrew

# Now build using the regular ddev-only technique - this results in a fully clean set of executables.
- run:
command: make -s clean linux darwin windows_install chocolatey EXTRA_PATH=/home/linuxbrew/.linuxbrew/bin
command: make -s clean linux darwin_signed windows_install chocolatey
name: Build the ddev executables

- run:
command: .gotmp/bin/ddev version
name: ddev version information

# We only build the xz version of the docker images on tag build.
- run:
command: ./.circleci/generate_artifacts.sh $ARTIFACTS TRUE ${BUILD_IMAGE_TARBALLS:true}
Expand Down
10 changes: 8 additions & 2 deletions .circleci/generate_artifacts.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,11 @@ if [ "${BUILD_IMAGE_TARBALLS}" = "true" ]; then
fi

# Generate and place extra items like autocomplete
.gotmp/bin/ddev_gen_autocomplete
if [ "${OSTYPE}" = "linux-gnu" ] ; then
.gotmp/bin/ddev_gen_autocomplete
else
.gotmp/bin/darwin_amd64/ddev_gen_autocomplete
fi
for dir in .gotmp/bin/darwin_amd64 .gotmp/bin/windows_amd64; do
cp .gotmp/bin/ddev_bash_completion.sh $dir
done
Expand All @@ -51,7 +55,9 @@ zip $ARTIFACTS/ddev_linux.$VERSION.zip ddev ddev_bash_completion.sh
cd $BASE_DIR/.gotmp/bin/windows_amd64
tar -czf $ARTIFACTS/ddev_windows.$VERSION.tar.gz ddev.exe ddev_bash_completion.sh
zip $ARTIFACTS/ddev_windows.$VERSION.zip ddev.exe ddev_bash_completion.sh
tar -czf $ARTIFACTS/ddev_chocolatey.$VERSION.tar.gz chocolatey
if [ -f chocolatey ]; then
tar -czf $ARTIFACTS/ddev_chocolatey.$VERSION.tar.gz chocolatey
fi

cp ddev_windows_installer*.exe $ARTIFACTS

Expand Down
5 changes: 2 additions & 3 deletions .circleci/macos_circle_vm_setup.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,8 @@ nohup /Applications/Docker.app/Contents/MacOS/Docker --unattended &

brew tap drud/ddev

for item in mysql-client zip nsis jq expect coreutils golang ddev mkcert; do
brew install $item || brew upgrade $item
done
brew install mysql-client zip nsis jq expect coreutils golang ddev mkcert osslsigncode ghr
brew link mysql-client zip nsis jq expect coreutils golang ddev mkcert osslsigncode ghr

brew link --force mysql-client

Expand Down

0 comments on commit 6665fe7

Please sign in to comment.