Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign MacOS Binaries with JFrog Certificate #2563

Open
wants to merge 84 commits into
base: dev
Choose a base branch
from
Open

Sign MacOS Binaries with JFrog Certificate #2563

wants to merge 84 commits into from

Conversation

EyalDelarea
Copy link
Contributor

@EyalDelarea EyalDelarea commented Jun 3, 2024
edited
Loading

  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....

Sign Darwin Binaries during Release

This PR introduce a way to integrate darwin signed executables singing during the CLI release.

Darwin Release Flow:

flowchart TD

    A[Bump Version Commit to v2 branch Triggers the flow] --> B[GitHub Actions Build & Upload Signed darwin exeutables] --> C(Jenkins Job does not build darwin exeutables - downloads from github packages)
    
    C --> E
    
   E[Distribute to releases]
Loading

Example workflow runs:

TODO:

  • Test Jenkins script
  • GitHub Token is needed for the Action to delete old artifacts ( to avoid overhead )
  • Add apple secrets to repository

@EyalDelarea EyalDelarea added the improvement Automatically generated release notes label Jun 3, 2024
@EyalDelarea EyalDelarea requested a review from yahavi June 4, 2024 14:17
@EyalDelarea EyalDelarea marked this pull request as ready for review June 4, 2024 14:17
EyalDelarea
EyalDelarea commented Jun 4, 2024
View reviewed changes
Jenkinsfile
@@ -314,7 +314,13 @@ def uploadCli(architectures) {
for (int i = 0; i < architectures.size(); i++) {
def currentBuild = architectures[i]
stage("Build and upload ${currentBuild.pkg}") {
buildAndUpload(currentBuild.goos, currentBuild.goarch, currentBuild.pkg, currentBuild.fileExtension)
// MacOS binaries should be downloaded from GitHub packages, as they are signed there.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is still a work in progress, i'm not sure if the executable name is important for the rest of the release or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yahavi yahavi Awaiting requested review from yahavi

@sverdlov93 sverdlov93 Awaiting requested review from sverdlov93

Assignees
No one assigned
Labels
improvement Automatically generated release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Signed JFrog CLI binary for MacOS
1 participant
@EyalDelarea