-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic Macos signing workflow #2319
Conversation
d43525f
to
ec9ff31
Compare
24a081b
to
35b2acb
Compare
Applied suggestions + refactored to avoid the use of the |
Adds basic CircleCI workflow to sign, notarize, and staple MacOS app bundle and associated DMG, then publishes signed binary in CircleCI artifacts Signed-off-by: John Parent <john.parent@kitware.com> Signed-off-by: Adam Treat <treat.adam@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Looks good to me! Reviewed everything up to 04b918c in 57 seconds
More details
- Looked at
134
lines of code in2
files - Skipped
0
files when reviewing. - Skipped posting
1
drafted comments based on config settings.
1. .circleci/grab_notary_id.py:14
- Draft comment:
Consider processing the log file line by line instead of reading it entirely into memory to handle potentially large log files more efficiently. - Reason this comment was not posted:
Confidence changes required:33%
The scriptgrab_notary_id.py
is used to extract the notarization ID from the log file generated during the notarization process. The regular expressionID_REG
is designed to capture the ID following the pattern "id: <id_value>". The script reads the entire log file into memory, which could be optimized for large log files by processing line by line instead. However, this is not a critical issue unless the log files are expected to be very large. The script correctly handles the case where the ID is not found by raising a RuntimeError, which is appropriate for a script used in a CI/CD pipeline where clear error reporting is crucial.
Workflow ID: wflow_l3EuSUIT92WOWEIk
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet
mode, and more.
⌛ 8 days left in your free trial, upgrade for $20/seat/month or contact us.
04b918c
to
bfc4579
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❌ Changes requested. Incremental review on bfc4579 in 1 minute and 20 seconds
More details
- Looked at
134
lines of code in2
files - Skipped
0
files when reviewing. - Skipped posting
0
drafted comments based on config settings.
Workflow ID: wflow_K6wXn7sqPvfzbIGF
Want Ellipsis to fix these issues? Tag @ellipsis-dev
in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet
mode, and more.
⌛ 8 days left in your free trial, upgrade for $20/seat/month or contact us.
MacOs Cloud Signing Workflow
Adds basic support for current signing workflow implemented in a headless fashion relying on circleci cloud runners.
Signs app bundle and DMG archive and then notarizes and staples same, with verbose error reporting in the case of a notarization failure.
Summary:
Added macOS signing workflow to CircleCI configuration, including steps for signing, notarizing, and stapling the app bundle and DMG archive.
Key points:
.circleci/continue_config.yml
.sign-offline-chat-installer-macos
andnotarize-offline-chat-installer-macos
jobs.sign-offline-chat-installer-macos
sets up keychain, signs app bundle and DMG.notarize-offline-chat-installer-macos
notarizes and staples the signed DMG..circleci/grab_notary_id.py
to extract notarization ID from logs.Generated with ❤️ by ellipsis.dev