Skip to content
Permalink
Browse files

Update nightly build script

  • Loading branch information
rowanbeentje committed Oct 28, 2018
1 parent e82a825 commit 8c57d5b3267acf2c0a32745074f9f15028e63aec
Showing with 84 additions and 39 deletions.
  1. +84 −39 Scripts/nightlybuildscript.sh
@@ -14,18 +14,21 @@ PRIVATE_KEY_LOC='LOCATION NOT COMMITTED'
NIGHTLY_ICON_LOC=/Users/spbuildbot/buildbot/sequel-pro/build/Resources/Images/appIcon.icns
NIGHTLY_KEYCHAIN_LOC=/Users/spbuildbot/Library/Keychains/spnightly.keychain-db
NIGHTLY_KEYCHAIN_PASSWORD='PASSWORD NOT COMMITTED'
FRAMEWORKS_LIST="/tmp/sp.frameworks.$$"
FILES_TO_SIGN_LIST="/tmp/sp.filelist.$$"
UPLOAD_AUTH_TOKEN="TOKEN_NOT_COMMITTED"

# Ensure a revision hash was passed in
REVISION_HASH=`echo "$1" | grep "\([0-9a-f]*\)"`
if [ "$REVISION_HASH" == "" ]
then
echo "Unable to extract revision hash from first argument; cancelling nightly build (git rev-parse HEAD)." >&2
exit 1
fi
fi
SHORT_HASH=${REVISION_HASH:0:10}

# Build a numeric revision for bundle version etc
svn2git_migration_compensation=480
svn2git_migration_compensation=779
cd "$GIT_DIR"
NUMERIC_REVISION=$((`git log --oneline | wc -l` + $svn2git_migration_compensation))

@@ -44,17 +47,59 @@ then
exit 1
fi

IBSTRINGSDIR=ibstrings
#XIB_BASE="$GIT_DIR/Interfaces/English.lproj"
remove_temp_files()
{
rm "$FRAMEWORKS_LIST" &> /dev/null
rm "$FILES_TO_SIGN_LIST" &> /dev/null
}

dist_sign_framework()
{
codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r "${GIT_DIR}/Resources/spframeworkrequirement.bin" "$1" 2> /dev/null
}

dist_sign_resource()
{
codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r "${GIT_DIR}/Resources/sprequirement.bin" "$1" 2> /dev/null
}

verify_signing()
{
codesign --verify --deep "$1" 2>&1
}

dist_code_sign()
{
ERRORS=''

while read FRAMEWORK_TO_SIGN
do
dist_sign_framework "${FRAMEWORK_TO_SIGN}"

ERRORS+=$(verify_signing "${FRAMEWORK_TO_SIGN}")
done < "$1"

while read FILE_TO_SIGN
do
dist_sign_resource "${FILE_TO_SIGN}"

ERRORS+=$(verify_signing "${FILE_TO_SIGN}")
done < "$2"

echo $ERRORS
}


echo "Cleaning remains of any previous nightly builds..."

# Delete any previous disk images and translation files
rm -f *.dmg &> /dev/null
rm -f *.zip &> /dev/null
rm -rf disttemp &> /dev/null
rm -f languagetranslations.zip &> /dev/null
rm -rf languagetranslations &> /dev/null
rm -rf $IBSTRINGSDIR &> /dev/null
remove_temp_files

#echo "Creating IB strings files for rekeying..."
#mkdir -p $IBSTRINGSDIR/English.lproj
@@ -92,7 +137,7 @@ rm -rf $IBSTRINGSDIR &> /dev/null

#echo "Copying nightly icon"

# Copy in the nightly icon
# Copy in the nightly icon - this is currently within this repo so this step isn't really necessary
#cp -f "$NIGHTLY_ICON_LOC" Sequel\ Pro.app/Contents/Resources/appicon.icns

echo "Updating version strings"
@@ -102,66 +147,76 @@ php -r '$infoplistloc = "'$BUILD_DIR'/Sequel Pro.app/Contents/Info.plist";
$infoplist = file_get_contents($infoplistloc);
$infoplist = preg_replace("/(\<key\>CFBundleShortVersionString\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1Nightly build for revision '$SHORT_HASH'\\2", $infoplist);
$infoplist = preg_replace("/(\<key\>CFBundleVersion\<\/key\>\s*\n?\r?\s*)\<string\>[^<]*(\<\/string\>)/i", "\\1<string>'$NUMERIC_REVISION'\\2", $infoplist);
$infoplist = preg_replace("/(\<key\>NSHumanReadableCopyright\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1Nightly build for revision '$SHORT_HASH'\\2", $infoplist);
$infoplist = preg_replace("/(\<key\>SUFeedURL\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1https://sequelpro.com/nightly/nightly-app-releases.php\\2", $infoplist);
file_put_contents($infoplistloc, $infoplist);'

# Update versions in localised string files
php -r '$englishstringsloc = "/'$BUILD_DIR'/Sequel Pro.app/Contents/Resources/English.lproj/InfoPlist.strings";
$englishstrings = file_get_contents($englishstringsloc);
$englishstrings = mb_convert_encoding($englishstrings, "UTF-8", "UTF-16");
$englishstrings = preg_replace("/version [^\,\"]+/iu", "nightly build for r'$SHORT_HASH'", $englishstrings);
$englishstrings = preg_replace("/version [^\,\"]+/iu", "nightly build for '$SHORT_HASH'", $englishstrings);
$englishstrings = mb_convert_encoding($englishstrings, "UTF-16", "UTF-8");
file_put_contents($englishstringsloc, $englishstrings);'

echo "Signing build..."

# Code sign and verify the nightly
APP_LOC="Sequel Pro.app"
ls -d -1 "$APP_LOC/Contents/Frameworks"/** > "$FRAMEWORKS_LIST"
echo "${APP_LOC}/Contents/Library/QuickLook/Sequel Pro.qlgenerator" >> "$FILES_TO_SIGN_LIST"
echo "${APP_LOC}/Contents/Resources/SequelProTunnelAssistant" >> "$FILES_TO_SIGN_LIST"
echo "${APP_LOC}" >> "$FILES_TO_SIGN_LIST"

security unlock-keychain -p "$NIGHTLY_KEYCHAIN_PASSWORD" "$NIGHTLY_KEYCHAIN_LOC"
codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r $GIT_DIR"/Resources/spframeworkrequirement.bin" "Sequel Pro.app/Contents/Resources/SequelProTunnelAssistant"
codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r $GIT_DIR"/Resources/sprequirement.bin" "Sequel Pro.app"
VERIFY_ERRORS=$(dist_code_sign "$FRAMEWORKS_LIST" "$FILES_TO_SIGN_LIST")
security lock-keychain "$NIGHTLY_KEYCHAIN_LOC"
VERIFYERRORS=`codesign --verify "Sequel Pro.app" 2>&1`
VERIFYERRORS+=`codesign --verify "Sequel Pro.app/Contents/Resources/SequelProTunnelAssistant" 2>&1`

if [ "$VERIFYERRORS" != '' ]
then
remove_temp_files
echo "Signing verification threw an error: $VERIFYERRORS" >&2
exit 1
fi

echo "Build signed and verified successfully"
echo "Building disk image..."
echo "Compressing..."

# Build the disk image
mkdir disttemp
cp -R -p Sequel\ Pro.app disttemp
SetFile -a B disttemp/Sequel\ Pro.app
hdiutil create -fs HFS+ -volname "Sequel Pro Nightly (r"$SHORT_HASH")" -srcfolder disttemp disttemp.dmg
hdiutil convert disttemp.dmg -format UDBZ -o Sequel_Pro_r"$SHORT_HASH".dmg
rm -rf disttemp*
zip -q -r --symlinks "Sequel_Pro_r${SHORT_HASH}.zip" "Sequel Pro.app"

# Make sure it was created
if [ ! -e "Sequel_Pro_r${SHORT_HASH}.dmg" ]
if [ ! -e "Sequel_Pro_r${SHORT_HASH}.zip" ]
then
echo "Disk image was not built successfully!" >&2
echo "Zip file was not built successfully!" >&2
exit 1
fi

echo "Signing disk image"
echo "Signing zip file"

# Sign the disk image
SIGNATURE=`openssl dgst -sha1 -binary < "Sequel_Pro_r${SHORT_HASH}.dmg" | openssl dgst -dss1 -sign "$PRIVATE_KEY_LOC" | openssl enc -base64 | tr -d "\n"`
SIGNATURE=`openssl dgst -sha1 -binary < "Sequel_Pro_r${SHORT_HASH}.zip" | openssl dgst -dss1 -sign "$PRIVATE_KEY_LOC" | openssl enc -base64 | tr -d "\n"`
URLENCODEDSIGNATURE=$(php -r 'echo urlencode("'$SIGNATURE'");')

echo "Zip file ready (hashed as $SIGNATURE)"


echo "Getting ID to upload zip file..."

PENDING_BUILD_ID=$(curl 'https://sequelpro.com/api?action=pendingTestBuilds&authToken='$UPLOAD_AUTH_TOKEN | jq -r '.releases | map(select(.commit == "'$REVISION_HASH'")) | .[0]? | .id?')
if [ $PENDING_BUILD_ID == 'null' ]
then
echo "Unable to get pending build ID!" >&2
exit 1
fi
echo "Working with pending build ID "$PENDING_BUILD_ID

echo "Disk image ready (hashed as $SIGNATURE)"
echo "Uploading disk image..."
FILESIZE=$(stat -f%z "Sequel_Pro_r"$SHORT_HASH".zip")
echo "Uploading disk image of size ${FILESIZE}..."

# Upload the disk image
scp -P 32100 Sequel_Pro_r"$SHORT_HASH".dmg spnightlyuploader@sequelpro.com:nightlybuilds
curl 'https://sequelpro.com/api?action=uploadBuild&uploadReleaseId='$PENDING_BUILD_ID'&uploadFilesize='$FILESIZE'&buildHash='$URLENCODEDSIGNATURE'&authToken='$UPLOAD_AUTH_TOKEN --upload-file Sequel_Pro_r"$SHORT_HASH".zip
RETURNVALUE=$?
if [ $RETURNVALUE -eq 0 ]
then
echo "Successfully uploaded disk image"
ssh spnightlyuploader@sequelpro.com -p 32100 chmod 666 nightlybuilds/Sequel_Pro_r"$SHORT_HASH".dmg
echo "Successfully uploaded zip file"
fi

# Clean up
@@ -176,14 +231,4 @@ then
exit 1
fi

# Use curl to post the signature to the server
echo "Informing nightly server about new build..."
BUILD_ACTIVATE_OUTPUT=`curl --silent -F "filename=Sequel_Pro_r${SHORT_HASH}.dmg" -F "build_hash=$SIGNATURE" -F "build_id=$NUMERIC_REVISION" -F "full_revision=$REVISION_HASH" http://sequelpro.com/nightly/build.php?action=hash-submit`
if [ "$BUILD_ACTIVATE_OUTPUT" != 'Successfully updated.' ]
then
echo "Unexpected status when informing nightly server about new build: "
echo "$BUILD_ACTIVATE_OUTPUT"
exit 1
fi

echo "Done!"

0 comments on commit 8c57d5b

Please sign in to comment.
You can’t perform that action at this time.