Allow for local macOS signed builds (#4582)

Split up the CreateDMG.sh macos script to two scripts: MacDeploy.sh - this calls macdeployqt on the built app CreateDMG.sh - this calls dmgbuild on the built & deployed app Add a `SKIP_VENV` environment variable to CreateDMG.sh, this can be used to use the system version of dmgbuild Add the ability to codesign the created dmg and its contents using the `MACOS_CODESIGN_CERTIFICATE` environment variable Moved the output name logic from CreateDMG to the `OUTPUT_DMG_PATH` environment variable The nightly release create job also doesn't remove artifacts now, it only replaces artifacts that are conflicting. The downside to this is that if we change the name of an artifact, we need to manually delete the old artifact. The upside to this is that we can now upload artifacts that are not handled in the same CI job.
2024-11-13 19:49:51 +01:00 · 2023-04-29 16:07:20 +02:00 · 2023-04-29 16:07:20 +02:00 · 4c23f4bcea
parent 9c9fa86c45
commit 4c23f4bcea
3 changed files with 73 additions and 25 deletions
--- a/.CI/CreateDMG.sh
+++ b/.CI/CreateDMG.sh
@ -1,32 +1,38 @@
-#!/bin/sh
+#!/usr/bin/env bash

-if [ -d bin/chatterino.app ] && [ ! -d chatterino.app ]; then
-    >&2 echo "Moving bin/chatterino.app down one directory"
-    mv bin/chatterino.app chatterino.app
+set -eo pipefail
+
+if [ ! -d chatterino.app ]; then
+    echo "ERROR: No 'chatterino.app' dir found in the build directory. Make sure you've run ./CI/MacDeploy.sh"
+    exit 1
 fi

-if [ -n "$Qt5_DIR" ]; then
-    echo "Using Qt DIR from Qt5_DIR: $Qt5_DIR"
-    _QT_DIR="$Qt5_DIR"
-elif [ -n "$Qt6_DIR" ]; then
-    echo "Using Qt DIR from Qt6_DIR: $Qt6_DIR"
-    _QT_DIR="$Qt6_DIR"
+if [ -z "$OUTPUT_DMG_PATH" ]; then
+    echo "ERROR: Must specify the path for where to save the final .dmg. Make sure you've set the OUTPUT_DMG_PATH environment variable."
+    exit 1
 fi

-if [ -n "$_QT_DIR" ]; then
-    export PATH="${_QT_DIR}/bin:$PATH"
-else
-    echo "No Qt environment variable set, assuming system-installed Qt"
-fi
-
-echo "Running MACDEPLOYQT"
-macdeployqt chatterino.app
+if [ -z "$SKIP_VENV" ]; then
    echo "Creating python3 virtual environment"
    python3 -m venv venv
    echo "Entering python3 virtual environment"
    . venv/bin/activate
    echo "Installing dmgbuild"
    python3 -m pip install dmgbuild
-echo "Running dmgbuild.."
-dmgbuild --settings ./../.CI/dmg-settings.py -D app=./chatterino.app Chatterino2 chatterino-macos-Qt-$1.dmg
+fi
+
+if [ -n "$MACOS_CODESIGN_CERTIFICATE" ]; then
+    echo "Codesigning force deep inside the app"
+    codesign -s "$MACOS_CODESIGN_CERTIFICATE" --deep --force chatterino.app
    echo "Done!"
+fi
+
+echo "Running dmgbuild.."
+dmgbuild --settings ./../.CI/dmg-settings.py -D app=./chatterino.app Chatterino2 "$OUTPUT_DMG_PATH"
+echo "Done!"
+
+if [ -n "$MACOS_CODESIGN_CERTIFICATE" ]; then
+    echo "Codesigning the dmg"
+    codesign -s "$MACOS_CODESIGN_CERTIFICATE" --deep --force "$OUTPUT_DMG_PATH"
+    echo "Done!"
+fi
--- a/.CI/MacDeploy.sh
+++ b/.CI/MacDeploy.sh
@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Bundle relevant qt & system dependencies into the ./chatterino.app folder
+
+set -eo pipefail
+
+if [ -d bin/chatterino.app ] && [ ! -d chatterino.app ]; then
+    >&2 echo "Moving bin/chatterino.app down one directory"
+    mv bin/chatterino.app chatterino.app
+fi
+
+if [ -n "$Qt5_DIR" ]; then
+    echo "Using Qt DIR from Qt5_DIR: $Qt5_DIR"
+    _QT_DIR="$Qt5_DIR"
+elif [ -n "$Qt6_DIR" ]; then
+    echo "Using Qt DIR from Qt6_DIR: $Qt6_DIR"
+    _QT_DIR="$Qt6_DIR"
+fi
+
+if [ -n "$_QT_DIR" ]; then
+    export PATH="${_QT_DIR}/bin:$PATH"
+else
+    echo "No Qt environment variable set, assuming system-installed Qt"
+fi
+
+echo "Running MACDEPLOYQT"
+
+_macdeployqt_args=()
+
+if [ -n "$MACOS_CODESIGN_CERTIFICATE" ]; then
+    _macdeployqt_args+=("-codesign=$MACOS_CODESIGN_CERTIFICATE")
+fi
+
+macdeployqt chatterino.app "${_macdeployqt_args[@]}"
+
+if [ -n "$MACOS_CODESIGN_CERTIFICATE" ]; then
+    # Validate that chatterino.app was codesigned correctly
+    codesign -v chatterino.app
+fi
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -336,12 +336,15 @@ jobs:

      - name: Package (MacOS)
        if: startsWith(matrix.os, 'macos')
+        env:
+          OUTPUT_DMG_PATH: chatterino-macos-Qt-${{ matrix.qt-version}}.dmg
        run: |
          ls -la
          pwd
          ls -la build || true
          cd build
-          sh ./../.CI/CreateDMG.sh ${{ matrix.qt-version }}
+          ./../.CI/MacDeploy.sh
+          ./../.CI/CreateDMG.sh
        shell: bash

      - name: Upload artifact (MacOS)
@ -439,7 +442,7 @@ jobs:
      - name: Create release
        uses: ncipollo/release-action@v1.12.0
        with:
-          removeArtifacts: true
+          replacesArtifacts: true
          allowUpdates: true
          artifactErrorsFailBuild: true
          artifacts: "release-artifacts/*"