feat(ci): Publish installer PKG for macOS standalone#8795
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Contributor
There was a problem hiding this comment.
Copilot reviewed 4 out of 6 changed files in this pull request and generated no comments.
Files not reviewed (2)
- scripts/build/macos-standalone.sh: Language not supported
- scripts/upload/app-store-connect.sh: Language not supported
Comments suppressed due to low confidence (4)
website/src/middleware.ts:14
- [nitpick] The destination URL for the PKG redirect shares the same 'firezone-macos-client' prefix as the DMG. Consider clarifying the naming convention if a distinct identifier for the installer package is intended.
"https://www.github.com/firezone/firezone/releases/download/macos-client-:version/firezone-macos-client-:version.pkg",
website/src/components/Changelog/Apple.tsx:18
- [nitpick] The changelog now includes a separate entry for the PKG file while the DMG entry title has been updated. Confirm that the naming and labeling clearly distinguish between the installer types to avoid user confusion.
href: "/dl/firezone-client-macos/pkg/:version",
website/redirects.js:17
- [nitpick] The new redirect for the PKG file uses a URL structure similar to the DMG. Ensure that this naming convention is consistent and clear for users identifying the installer package.
source: "/dl/firezone-client-macos/pkg/latest",
.github/workflows/_swift.yml:113
- [nitpick] The upload-artifact step now aggregates both DMG and PKG files under a single artifact name. Verify that downstream processes can correctly handle multiple files within one artifact bundle.
name: macos-client-standalone
bmanifold
reviewed
Apr 16, 2025
| # Verify notarization | ||
| xcrun stapler validate "$dmg_path" | ||
|
|
||
| echo "Disk image notarized!" |
Member
There was a problem hiding this comment.
Not sure if it matters, but it looks like this echo message was left out of the change. Was that intentional?
bmanifold
reviewed
Apr 16, 2025
| xcrun altool \ | ||
| --upload-app \ | ||
| -f "$ARTIFACT_PATH" \ | ||
| -f "$PRIMARY_ARTIFACT_PATH" \ |
Member
There was a problem hiding this comment.
I'm probably missing something, but I'm not seeing the name PRIMARY_ARTIFACT_PATH set anywhere in this PR. Is that being set outside of these scripts?
Member
Author
There was a problem hiding this comment.
Ah good catch. Will get that fixed.
jamilbk
commented
Apr 16, 2025
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
This was referenced Apr 21, 2025
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Apr 21, 2025
In #8795 we added an additional path to the artifact upload which appeared to have broken it. The action cannot seem to handle multiple direct paths that lead to files. It tries to but fails: ``` Multiple search paths detected. Calculating the least common ancestor of all paths The least common ancestor is /Users/runner/work/firezone/firezone/"/Users/runner/work/_temp. This will be the root directory of the artifact Warning: No files were found with the provided path: "/Users/runner/work/_temp/firezone-macos-client-1.4.12.dmg" "/Users/runner/work/_temp/firezone-macos-client-1.4.12.pkg". No artifacts will be uploaded. ``` Source: https://github.com/firezone/firezone/actions/runs/14571295945/job/40868936348#step:7:31 Splitting this step into two and creating one artifact each fixes this as can be seen in the following job (which I triggered for this PR): https://github.com/firezone/firezone/actions/runs/14572176039/job/40871304453
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Microsoft Intune's DMG provisioner currently fails unexpectedly when trying to provision our published DMG file with the error:
I ran the following verification commands locally, which all passed:
So the issue appears to be most likely that Intune doens't like the
/Applicationsshortcut in the DMG. This is a UX feature to make it easy to drag the application the /Applications folder upon opening the DMG.So we're publishing an PKG in addition to the DMG, which should be a more reliable artifact for MDMs to use.