Signing macOS binaries

akrabat · Jul 29, 2024 · 3ad3689 · 3ad3689
1 parent d2153bb
commit 3ad3689
Show file tree

Hide file tree

Showing 4 changed files with 124 additions and 4 deletions.
diff --git a/.github/workflows/build-macos-binaries.yml b/.github/workflows/build-macos-binaries.yml
@@ -0,0 +1,49 @@
+name: Build macOS Binaries
+
+on:
+  release:
+    types:
+      - created
+
+jobs:
+  masos:
+    name: Build macOS binaries
+    runs-on: macos-14
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: 1.22
+
+      - name: Display the version of go that we have installed
+        run: go version
+
+      - name: Display the release tag
+        run: echo ${{ github.event.release.tag_name }}
+
+      - name: "DEBUG: What's our directory & what's in it?"
+        run: pwd && ls
+
+      - name: Build the uuid7 executables
+        run: ./build-macos-executables.sh ${{ github.event.release.tag_name }}
+        env: 
+          MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
+          MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+          MACOS_IDENTITY_ID: ${{ secrets.MACOS_IDENTITY_ID }}
+
+      - name: List the uuid7 executables
+        run: ls -l ./release
+
+      - name: Upload the uuid7 binaries
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+          file: ./release/uuid7-*
+          file_glob: true
diff --git a/build-executables.sh b/build-executables.sh
@@ -13,8 +13,6 @@ package_name=uuid7
 #
 # The full list of the platforms is at: https://golang.org/doc/install/source#environment
 platforms=(
-"darwin/amd64"
-"darwin/arm64"
 "linux/amd64"
 "linux/arm"
 "linux/arm64"
@@ -46,7 +44,7 @@ do
 
     echo "Building release/$zip_name..."
     env GOOS=$GOOS GOARCH=$GOARCH go build \
-      -ldflags "-X github.com/akrabat/rodeo/commands.Version=$version" \
+      -ldflags "-X github.com/akrabat/uuid7/commands.Version=$version" \
       -o release/$output_name
     if [ $? -ne 0 ]; then
         echo 'An error has occurred! Aborting the script execution...'

diff --git a/build-macos-executables.sh b/build-macos-executables.sh
@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+# From: https://stackoverflow.com/a/53583797/23060
+# From: https://gist.github.com/DimaKoz/06b7475317b12e7ffa724ef0e115a4ec
+
+version=$1
+if [[ -z "$version" ]]; then
+  echo "usage: $0 <version>"
+  exit 1
+fi
+package_name=uuid7
+
+#
+# The full list of the platforms is at: https://golang.org/doc/install/source#environment
+platforms=(
+"darwin/amd64"
+"darwin/arm64"
+)
+
+rm -rf release/
+mkdir -p release
+
+set -e
+set -x
+
+echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
+security create-keychain -p password1234 build.keychain
+security default-keychain -s build.keychain
+security unlock-keychain -p password1234 build.keychain
+security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
+security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k password1234 build.keychain
+
+
+for platform in "${platforms[@]}"
+do
+    platform_split=(${platform//\// })
+    os=${platform_split[0]}
+    GOOS=${platform_split[0]}
+    GOARCH=${platform_split[1]}
+
+    if [ $os = "darwin" ]; then
+        os="macOS"
+    fi
+
+    output_name="$package_name"
+    zip_name="$package_name"'-'$version'-'$os'-'$GOARCH
+
+    echo "Building release/$zip_name..."
+    env GOOS=$GOOS GOARCH=$GOARCH go build \
+      -ldflags "-X github.com/akrabat/uuid7/commands.Version=$version" \
+      -o release/$output_name
+    if [ $? -ne 0 ]; then
+        echo 'An error has occurred! Aborting the script execution...'
+        exit 1
+    fi
+
+    pushd release > /dev/null || exit
+
+    # List
+    ls -l
+
+    # sign with identity 3D8D...
+    /usr/bin/codesign --force -s "$MACOS_IDENTITY_ID" "$output_name" -v
+
+    # create zip file
+    chmod a+x "$output_name"
+    zip "$zip_name".zip "$output_name"
+    rm "$output_name"
+
+    popd > /dev/null || exit
+done
+
+security delete-keychain build.keychain
diff --git a/uuid7.go b/uuid7.go
@@ -19,7 +19,7 @@ func main() {
 		return
 	}
 	if len(os.Args) > 1 && (os.Args[1] == "-v" || os.Args[1] == "--version") {
-		fmt.Println("uuid7 version 0.1")
+		fmt.Println("uuid7 version 0.1.1")
 		fmt.Println("by Rob Allen")
 		fmt.Println("https://github.com/akrabat/uuid7")
 		return