Update nightly build script

sequelpro · Oct 28, 2018 · 8c57d5b · 8c57d5b
1 parent e82a825
commit 8c57d5b
Showing 1 changed file with 84 additions and 39 deletions.
diff --git a/Scripts/nightlybuildscript.sh b/Scripts/nightlybuildscript.sh
@@ -14,18 +14,21 @@ PRIVATE_KEY_LOC='LOCATION NOT COMMITTED'
 NIGHTLY_ICON_LOC=/Users/spbuildbot/buildbot/sequel-pro/build/Resources/Images/appIcon.icns
 NIGHTLY_KEYCHAIN_LOC=/Users/spbuildbot/Library/Keychains/spnightly.keychain-db
 NIGHTLY_KEYCHAIN_PASSWORD='PASSWORD NOT COMMITTED'
+FRAMEWORKS_LIST="/tmp/sp.frameworks.$$"
+FILES_TO_SIGN_LIST="/tmp/sp.filelist.$$"
+UPLOAD_AUTH_TOKEN="TOKEN_NOT_COMMITTED"
 
 # Ensure a revision hash was passed in
 REVISION_HASH=`echo "$1" | grep "\([0-9a-f]*\)"`
 if [ "$REVISION_HASH" == "" ]
 then
 	echo "Unable to extract revision hash from first argument; cancelling nightly build (git rev-parse HEAD)." >&2
 	exit 1
-fi	
+fi
 SHORT_HASH=${REVISION_HASH:0:10}
 
 # Build a numeric revision for bundle version etc
-svn2git_migration_compensation=480
+svn2git_migration_compensation=779
 cd "$GIT_DIR"
 NUMERIC_REVISION=$((`git log --oneline | wc -l` + $svn2git_migration_compensation))
 
@@ -44,17 +47,59 @@ then
 	exit 1
 fi
 
-IBSTRINGSDIR=ibstrings
-#XIB_BASE="$GIT_DIR/Interfaces/English.lproj"
+remove_temp_files()
+{
+	rm "$FRAMEWORKS_LIST" &> /dev/null
+	rm "$FILES_TO_SIGN_LIST" &> /dev/null
+}
+
+dist_sign_framework()
+{
+	codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r "${GIT_DIR}/Resources/spframeworkrequirement.bin" "$1" 2> /dev/null
+}
+
+dist_sign_resource()
+{
+	codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r "${GIT_DIR}/Resources/sprequirement.bin" "$1" 2> /dev/null
+}
+
+verify_signing()
+{
+	codesign --verify --deep "$1" 2>&1
+}
+
+dist_code_sign()
+{
+	ERRORS=''
+
+	while read FRAMEWORK_TO_SIGN
+	do
+		dist_sign_framework "${FRAMEWORK_TO_SIGN}"
+
+		ERRORS+=$(verify_signing "${FRAMEWORK_TO_SIGN}")
+	done < "$1"
+
+	while read FILE_TO_SIGN
+	do
+		dist_sign_resource "${FILE_TO_SIGN}"
+
+		ERRORS+=$(verify_signing "${FILE_TO_SIGN}")
+	done < "$2"
+
+	echo $ERRORS
+}
+
 
 echo "Cleaning remains of any previous nightly builds..."
 
 # Delete any previous disk images and translation files
 rm -f *.dmg &> /dev/null
+rm -f *.zip &> /dev/null
 rm -rf disttemp &> /dev/null
 rm -f languagetranslations.zip &> /dev/null
 rm -rf languagetranslations &> /dev/null
 rm -rf $IBSTRINGSDIR &> /dev/null
+remove_temp_files
 
 #echo "Creating IB strings files for rekeying..."
 #mkdir -p $IBSTRINGSDIR/English.lproj
@@ -92,7 +137,7 @@ rm -rf $IBSTRINGSDIR &> /dev/null
 
 #echo "Copying nightly icon"
 
-# Copy in the nightly icon
+# Copy in the nightly icon - this is currently within this repo so this step isn't really necessary
 #cp -f "$NIGHTLY_ICON_LOC" Sequel\ Pro.app/Contents/Resources/appicon.icns
 
 echo "Updating version strings"
@@ -102,66 +147,76 @@ php -r '$infoplistloc = "'$BUILD_DIR'/Sequel Pro.app/Contents/Info.plist";
 	$infoplist = file_get_contents($infoplistloc);
 	$infoplist = preg_replace("/(\<key\>CFBundleShortVersionString\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1Nightly build for revision '$SHORT_HASH'\\2", $infoplist);
 	$infoplist = preg_replace("/(\<key\>CFBundleVersion\<\/key\>\s*\n?\r?\s*)\<string\>[^<]*(\<\/string\>)/i", "\\1<string>'$NUMERIC_REVISION'\\2", $infoplist);
-	$infoplist = preg_replace("/(\<key\>NSHumanReadableCopyright\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1Nightly build for revision '$SHORT_HASH'\\2", $infoplist);
 	$infoplist = preg_replace("/(\<key\>SUFeedURL\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1https://sequelpro.com/nightly/nightly-app-releases.php\\2", $infoplist);
 	file_put_contents($infoplistloc, $infoplist);'
 
 # Update versions in localised string files
 php -r '$englishstringsloc = "/'$BUILD_DIR'/Sequel Pro.app/Contents/Resources/English.lproj/InfoPlist.strings";
     $englishstrings = file_get_contents($englishstringsloc);
     $englishstrings = mb_convert_encoding($englishstrings, "UTF-8", "UTF-16");
-    $englishstrings = preg_replace("/version [^\,\"]+/iu", "nightly build for r'$SHORT_HASH'", $englishstrings);
+    $englishstrings = preg_replace("/version [^\,\"]+/iu", "nightly build for '$SHORT_HASH'", $englishstrings);
     $englishstrings = mb_convert_encoding($englishstrings, "UTF-16", "UTF-8");
     file_put_contents($englishstringsloc, $englishstrings);'
 
 echo "Signing build..."
 
 # Code sign and verify the nightly
+APP_LOC="Sequel Pro.app"
+ls -d -1 "$APP_LOC/Contents/Frameworks"/** > "$FRAMEWORKS_LIST"
+echo "${APP_LOC}/Contents/Library/QuickLook/Sequel Pro.qlgenerator" >> "$FILES_TO_SIGN_LIST"
+echo "${APP_LOC}/Contents/Resources/SequelProTunnelAssistant" >> "$FILES_TO_SIGN_LIST"
+echo "${APP_LOC}" >> "$FILES_TO_SIGN_LIST"
+
 security unlock-keychain -p "$NIGHTLY_KEYCHAIN_PASSWORD" "$NIGHTLY_KEYCHAIN_LOC"
-codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r $GIT_DIR"/Resources/spframeworkrequirement.bin" "Sequel Pro.app/Contents/Resources/SequelProTunnelAssistant"
-codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r $GIT_DIR"/Resources/sprequirement.bin" "Sequel Pro.app"
+VERIFY_ERRORS=$(dist_code_sign "$FRAMEWORKS_LIST" "$FILES_TO_SIGN_LIST")
 security lock-keychain "$NIGHTLY_KEYCHAIN_LOC"
-VERIFYERRORS=`codesign --verify "Sequel Pro.app" 2>&1`
-VERIFYERRORS+=`codesign --verify "Sequel Pro.app/Contents/Resources/SequelProTunnelAssistant" 2>&1`
+
 if [ "$VERIFYERRORS" != '' ]
 then
+	remove_temp_files
 	echo "Signing verification threw an error: $VERIFYERRORS" >&2
 	exit 1
 fi
 
 echo "Build signed and verified successfully"
-echo "Building disk image..."
+echo "Compressing..."
 
-# Build the disk image
-mkdir disttemp
-cp -R -p Sequel\ Pro.app disttemp
-SetFile -a B disttemp/Sequel\ Pro.app
-hdiutil create -fs HFS+ -volname "Sequel Pro Nightly (r"$SHORT_HASH")" -srcfolder disttemp disttemp.dmg
-hdiutil convert disttemp.dmg -format UDBZ -o Sequel_Pro_r"$SHORT_HASH".dmg
-rm -rf disttemp*
+zip -q -r --symlinks "Sequel_Pro_r${SHORT_HASH}.zip" "Sequel Pro.app"
 
 # Make sure it was created
-if [ ! -e "Sequel_Pro_r${SHORT_HASH}.dmg" ]
+if [ ! -e "Sequel_Pro_r${SHORT_HASH}.zip" ]
 then
-	echo "Disk image was not built successfully!" >&2
+	echo "Zip file was not built successfully!" >&2
 	exit 1
 fi
 
-echo "Signing disk image"
+echo "Signing zip file"
 
 # Sign the disk image
-SIGNATURE=`openssl dgst -sha1 -binary < "Sequel_Pro_r${SHORT_HASH}.dmg" | openssl dgst -dss1 -sign "$PRIVATE_KEY_LOC" | openssl enc -base64 | tr -d "\n"`
+SIGNATURE=`openssl dgst -sha1 -binary < "Sequel_Pro_r${SHORT_HASH}.zip" | openssl dgst -dss1 -sign "$PRIVATE_KEY_LOC" | openssl enc -base64 | tr -d "\n"`
+URLENCODEDSIGNATURE=$(php -r 'echo urlencode("'$SIGNATURE'");')
+
+echo "Zip file ready (hashed as $SIGNATURE)"
+
+
+echo "Getting ID to upload zip file..."
+
+PENDING_BUILD_ID=$(curl 'https://sequelpro.com/api?action=pendingTestBuilds&authToken='$UPLOAD_AUTH_TOKEN | jq -r '.releases | map(select(.commit == "'$REVISION_HASH'")) | .[0]? | .id?')
+if [ $PENDING_BUILD_ID == 'null' ]
+then
+	echo "Unable to get pending build ID!" >&2
+	exit 1
+fi
+echo "Working with pending build ID "$PENDING_BUILD_ID
 
-echo "Disk image ready (hashed as $SIGNATURE)"
-echo "Uploading disk image..."
+FILESIZE=$(stat -f%z "Sequel_Pro_r"$SHORT_HASH".zip")
+echo "Uploading disk image of size ${FILESIZE}..."
 
-# Upload the disk image
-scp -P 32100 Sequel_Pro_r"$SHORT_HASH".dmg spnightlyuploader@sequelpro.com:nightlybuilds
+curl 'https://sequelpro.com/api?action=uploadBuild&uploadReleaseId='$PENDING_BUILD_ID'&uploadFilesize='$FILESIZE'&buildHash='$URLENCODEDSIGNATURE'&authToken='$UPLOAD_AUTH_TOKEN --upload-file Sequel_Pro_r"$SHORT_HASH".zip
 RETURNVALUE=$?
 if [ $RETURNVALUE -eq 0 ]
 then
-	echo "Successfully uploaded disk image"
-	ssh spnightlyuploader@sequelpro.com -p 32100 chmod 666 nightlybuilds/Sequel_Pro_r"$SHORT_HASH".dmg
+	echo "Successfully uploaded zip file"
 fi
 
 # Clean up
@@ -176,14 +231,4 @@ then
 	exit 1
 fi
 
-# Use curl to post the signature to the server
-echo "Informing nightly server about new build..."
-BUILD_ACTIVATE_OUTPUT=`curl --silent -F "filename=Sequel_Pro_r${SHORT_HASH}.dmg" -F "build_hash=$SIGNATURE" -F "build_id=$NUMERIC_REVISION" -F "full_revision=$REVISION_HASH" http://sequelpro.com/nightly/build.php?action=hash-submit`
-if [ "$BUILD_ACTIVATE_OUTPUT" != 'Successfully updated.' ]
-then
-	echo "Unexpected status when informing nightly server about new build: "
-	echo "$BUILD_ACTIVATE_OUTPUT"
-	exit 1
-fi
-
 echo "Done!"