Permalink
Browse files

Update nightly build script

  • Loading branch information...
rowanbeentje committed Oct 28, 2018
1 parent e82a825 commit 8c57d5b3267acf2c0a32745074f9f15028e63aec
Showing with 84 additions and 39 deletions.
  1. +84 −39 Scripts/nightlybuildscript.sh
@@ -14,18 +14,21 @@ PRIVATE_KEY_LOC='LOCATION NOT COMMITTED'
NIGHTLY_ICON_LOC=/Users/spbuildbot/buildbot/sequel-pro/build/Resources/Images/appIcon.icns
NIGHTLY_KEYCHAIN_LOC=/Users/spbuildbot/Library/Keychains/spnightly.keychain-db
NIGHTLY_KEYCHAIN_PASSWORD='PASSWORD NOT COMMITTED'
FRAMEWORKS_LIST="/tmp/sp.frameworks.$$"
FILES_TO_SIGN_LIST="/tmp/sp.filelist.$$"
UPLOAD_AUTH_TOKEN="TOKEN_NOT_COMMITTED"
# Ensure a revision hash was passed in
REVISION_HASH=`echo "$1" | grep "\([0-9a-f]*\)"`
if [ "$REVISION_HASH" == "" ]
then
echo "Unable to extract revision hash from first argument; cancelling nightly build (git rev-parse HEAD)." >&2
exit 1
fi
fi
SHORT_HASH=${REVISION_HASH:0:10}
# Build a numeric revision for bundle version etc
svn2git_migration_compensation=480
svn2git_migration_compensation=779
cd "$GIT_DIR"
NUMERIC_REVISION=$((`git log --oneline | wc -l` + $svn2git_migration_compensation))
@@ -44,17 +47,59 @@ then
exit 1
fi
IBSTRINGSDIR=ibstrings
#XIB_BASE="$GIT_DIR/Interfaces/English.lproj"
remove_temp_files()
{
rm "$FRAMEWORKS_LIST" &> /dev/null
rm "$FILES_TO_SIGN_LIST" &> /dev/null
}
dist_sign_framework()
{
codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r "${GIT_DIR}/Resources/spframeworkrequirement.bin" "$1" 2> /dev/null
}
dist_sign_resource()
{
codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r "${GIT_DIR}/Resources/sprequirement.bin" "$1" 2> /dev/null
}
verify_signing()
{
codesign --verify --deep "$1" 2>&1
}
dist_code_sign()
{
ERRORS=''
while read FRAMEWORK_TO_SIGN
do
dist_sign_framework "${FRAMEWORK_TO_SIGN}"
ERRORS+=$(verify_signing "${FRAMEWORK_TO_SIGN}")
done < "$1"
while read FILE_TO_SIGN
do
dist_sign_resource "${FILE_TO_SIGN}"
ERRORS+=$(verify_signing "${FILE_TO_SIGN}")
done < "$2"
echo $ERRORS
}
echo "Cleaning remains of any previous nightly builds..."
# Delete any previous disk images and translation files
rm -f *.dmg &> /dev/null
rm -f *.zip &> /dev/null
rm -rf disttemp &> /dev/null
rm -f languagetranslations.zip &> /dev/null
rm -rf languagetranslations &> /dev/null
rm -rf $IBSTRINGSDIR &> /dev/null
remove_temp_files
#echo "Creating IB strings files for rekeying..."
#mkdir -p $IBSTRINGSDIR/English.lproj
@@ -92,7 +137,7 @@ rm -rf $IBSTRINGSDIR &> /dev/null
#echo "Copying nightly icon"
# Copy in the nightly icon
# Copy in the nightly icon - this is currently within this repo so this step isn't really necessary
#cp -f "$NIGHTLY_ICON_LOC" Sequel\ Pro.app/Contents/Resources/appicon.icns
echo "Updating version strings"
@@ -102,66 +147,76 @@ php -r '$infoplistloc = "'$BUILD_DIR'/Sequel Pro.app/Contents/Info.plist";
$infoplist = file_get_contents($infoplistloc);
$infoplist = preg_replace("/(\<key\>CFBundleShortVersionString\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1Nightly build for revision '$SHORT_HASH'\\2", $infoplist);
$infoplist = preg_replace("/(\<key\>CFBundleVersion\<\/key\>\s*\n?\r?\s*)\<string\>[^<]*(\<\/string\>)/i", "\\1<string>'$NUMERIC_REVISION'\\2", $infoplist);
$infoplist = preg_replace("/(\<key\>NSHumanReadableCopyright\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1Nightly build for revision '$SHORT_HASH'\\2", $infoplist);
$infoplist = preg_replace("/(\<key\>SUFeedURL\<\/key\>\s*\n?\r?\s*\<string\>)[^<]*(\<\/string\>)/i", "\\1https://sequelpro.com/nightly/nightly-app-releases.php\\2", $infoplist);
file_put_contents($infoplistloc, $infoplist);'
# Update versions in localised string files
php -r '$englishstringsloc = "/'$BUILD_DIR'/Sequel Pro.app/Contents/Resources/English.lproj/InfoPlist.strings";
$englishstrings = file_get_contents($englishstringsloc);
$englishstrings = mb_convert_encoding($englishstrings, "UTF-8", "UTF-16");
$englishstrings = preg_replace("/version [^\,\"]+/iu", "nightly build for r'$SHORT_HASH'", $englishstrings);
$englishstrings = preg_replace("/version [^\,\"]+/iu", "nightly build for '$SHORT_HASH'", $englishstrings);
$englishstrings = mb_convert_encoding($englishstrings, "UTF-16", "UTF-8");
file_put_contents($englishstringsloc, $englishstrings);'
echo "Signing build..."
# Code sign and verify the nightly
APP_LOC="Sequel Pro.app"
ls -d -1 "$APP_LOC/Contents/Frameworks"/** > "$FRAMEWORKS_LIST"
echo "${APP_LOC}/Contents/Library/QuickLook/Sequel Pro.qlgenerator" >> "$FILES_TO_SIGN_LIST"
echo "${APP_LOC}/Contents/Resources/SequelProTunnelAssistant" >> "$FILES_TO_SIGN_LIST"
echo "${APP_LOC}" >> "$FILES_TO_SIGN_LIST"
security unlock-keychain -p "$NIGHTLY_KEYCHAIN_PASSWORD" "$NIGHTLY_KEYCHAIN_LOC"
codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r $GIT_DIR"/Resources/spframeworkrequirement.bin" "Sequel Pro.app/Contents/Resources/SequelProTunnelAssistant"
codesign -f --keychain "$NIGHTLY_KEYCHAIN_LOC" -s 'Developer ID Application: MJ Media (Y48LQG59RS)' -r $GIT_DIR"/Resources/sprequirement.bin" "Sequel Pro.app"
VERIFY_ERRORS=$(dist_code_sign "$FRAMEWORKS_LIST" "$FILES_TO_SIGN_LIST")
security lock-keychain "$NIGHTLY_KEYCHAIN_LOC"
VERIFYERRORS=`codesign --verify "Sequel Pro.app" 2>&1`
VERIFYERRORS+=`codesign --verify "Sequel Pro.app/Contents/Resources/SequelProTunnelAssistant" 2>&1`
if [ "$VERIFYERRORS" != '' ]
then
remove_temp_files
echo "Signing verification threw an error: $VERIFYERRORS" >&2
exit 1
fi
echo "Build signed and verified successfully"
echo "Building disk image..."
echo "Compressing..."
# Build the disk image
mkdir disttemp
cp -R -p Sequel\ Pro.app disttemp
SetFile -a B disttemp/Sequel\ Pro.app
hdiutil create -fs HFS+ -volname "Sequel Pro Nightly (r"$SHORT_HASH")" -srcfolder disttemp disttemp.dmg
hdiutil convert disttemp.dmg -format UDBZ -o Sequel_Pro_r"$SHORT_HASH".dmg
rm -rf disttemp*
zip -q -r --symlinks "Sequel_Pro_r${SHORT_HASH}.zip" "Sequel Pro.app"
# Make sure it was created
if [ ! -e "Sequel_Pro_r${SHORT_HASH}.dmg" ]
if [ ! -e "Sequel_Pro_r${SHORT_HASH}.zip" ]
then
echo "Disk image was not built successfully!" >&2
echo "Zip file was not built successfully!" >&2
exit 1
fi
echo "Signing disk image"
echo "Signing zip file"
# Sign the disk image
SIGNATURE=`openssl dgst -sha1 -binary < "Sequel_Pro_r${SHORT_HASH}.dmg" | openssl dgst -dss1 -sign "$PRIVATE_KEY_LOC" | openssl enc -base64 | tr -d "\n"`
SIGNATURE=`openssl dgst -sha1 -binary < "Sequel_Pro_r${SHORT_HASH}.zip" | openssl dgst -dss1 -sign "$PRIVATE_KEY_LOC" | openssl enc -base64 | tr -d "\n"`
URLENCODEDSIGNATURE=$(php -r 'echo urlencode("'$SIGNATURE'");')
echo "Zip file ready (hashed as $SIGNATURE)"
echo "Getting ID to upload zip file..."
PENDING_BUILD_ID=$(curl 'https://sequelpro.com/api?action=pendingTestBuilds&authToken='$UPLOAD_AUTH_TOKEN | jq -r '.releases | map(select(.commit == "'$REVISION_HASH'")) | .[0]? | .id?')
if [ $PENDING_BUILD_ID == 'null' ]
then
echo "Unable to get pending build ID!" >&2
exit 1
fi
echo "Working with pending build ID "$PENDING_BUILD_ID
echo "Disk image ready (hashed as $SIGNATURE)"
echo "Uploading disk image..."
FILESIZE=$(stat -f%z "Sequel_Pro_r"$SHORT_HASH".zip")
echo "Uploading disk image of size ${FILESIZE}..."
# Upload the disk image
scp -P 32100 Sequel_Pro_r"$SHORT_HASH".dmg spnightlyuploader@sequelpro.com:nightlybuilds
curl 'https://sequelpro.com/api?action=uploadBuild&uploadReleaseId='$PENDING_BUILD_ID'&uploadFilesize='$FILESIZE'&buildHash='$URLENCODEDSIGNATURE'&authToken='$UPLOAD_AUTH_TOKEN --upload-file Sequel_Pro_r"$SHORT_HASH".zip
RETURNVALUE=$?
if [ $RETURNVALUE -eq 0 ]
then
echo "Successfully uploaded disk image"
ssh spnightlyuploader@sequelpro.com -p 32100 chmod 666 nightlybuilds/Sequel_Pro_r"$SHORT_HASH".dmg
echo "Successfully uploaded zip file"
fi
# Clean up
@@ -176,14 +231,4 @@ then
exit 1
fi
# Use curl to post the signature to the server
echo "Informing nightly server about new build..."
BUILD_ACTIVATE_OUTPUT=`curl --silent -F "filename=Sequel_Pro_r${SHORT_HASH}.dmg" -F "build_hash=$SIGNATURE" -F "build_id=$NUMERIC_REVISION" -F "full_revision=$REVISION_HASH" http://sequelpro.com/nightly/build.php?action=hash-submit`
if [ "$BUILD_ACTIVATE_OUTPUT" != 'Successfully updated.' ]
then
echo "Unexpected status when informing nightly server about new build: "
echo "$BUILD_ACTIVATE_OUTPUT"
exit 1
fi
echo "Done!"

0 comments on commit 8c57d5b

Please sign in to comment.