Test with signing

iotaledger · Jul 4, 2023 · ff959fa · ff959fa
1 parent f586312
commit ff959fa
Show file tree

Hide file tree

Showing 3 changed files with 129 additions and 42 deletions.
diff --git a/.github/workflows/bindings-nodejs-publish.yml b/.github/workflows/bindings-nodejs-publish.yml
@@ -6,62 +6,63 @@ env:
   CARGO_INCREMENTAL: 0
 
 jobs:
-  publish-nodejs:
-    runs-on: ubuntu-latest
+  # publish-nodejs:
+  #   runs-on: ubuntu-latest
 
-    defaults:
-      run:
-        working-directory: bindings/nodejs
+  #   defaults:
+  #     run:
+  #       working-directory: bindings/nodejs
 
-    steps:
-      - uses: actions/checkout@v3
+  #   steps:
+  #     - uses: actions/checkout@v3
 
-      - name: Set up Rust
-        uses: ./.github/actions/setup-rust
+  #     - name: Set up Rust
+  #       uses: ./.github/actions/setup-rust
 
-      # Required for ledger-nano
-      - name: Install required packages
-        run: |
-          sudo apt-get update
-          sudo apt-get install libudev-dev libusb-1.0-0-dev
+  #     # Required for ledger-nano
+  #     - name: Install required packages
+  #       run: |
+  #         sudo apt-get update
+  #         sudo apt-get install libudev-dev libusb-1.0-0-dev
 
-      - name: Set up Node.js
-        uses: actions/setup-node@v2
-        with:
-          node-version: "18.x"
-          registry-url: "https://registry.npmjs.org"
+  #     - name: Set up Node.js
+  #       uses: actions/setup-node@v2
+  #       with:
+  #         node-version: "18.x"
+  #         registry-url: "https://registry.npmjs.org"
 
-      - name: Install Yarn
-        run: npm i -g yarn
+  #     - name: Install Yarn
+  #       run: npm i -g yarn
 
-      - name: Install JS dependencies
-        run: yarn
+  #     - name: Install JS dependencies
+  #       run: yarn
 
-      - name: Build project
-        run: yarn build
+  #     - name: Build project
+  #       run: yarn build
 
-      - name: Update Cargo.toml with git
-        run:  sed -i 's#path = "../core"#git = "https://github.com/iotaledger/iota-sdk", rev = "'$GITHUB_SHA'"#g' Cargo.toml 
+  #     - name: Update Cargo.toml with git
+  #       run:  sed -i 's#path = "../core"#git = "https://github.com/iotaledger/iota-sdk", rev = "'$GITHUB_SHA'"#g' Cargo.toml 
 
-      - name: Print Cargo.toml
-        run: cat Cargo.toml
+  #     - name: Print Cargo.toml
+  #       run: cat Cargo.toml
 
-      - name: Publish nodejs bindings to NPM
-        shell: sh
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: npm publish --access public
+  #     - name: Publish nodejs bindings to NPM
+  #       shell: sh
+  #       env:
+  #         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+  #       run: npm publish --access public
 
   nodejs-binding-prebuild:
     runs-on: ${{ matrix.os }}
-    needs: publish-nodejs
+    # needs: publish-nodejs
     strategy:
       fail-fast: false
       matrix:
         # The GitHub hosted Windows 2022 image comes with Visual Studio 2022, but node-gyp
         # (which is used by neon-sys) sadly fails to recognize it. As a mitigation, we still run the
         # tests on Windows 2019, until we can figure out a way to fix the problem.
-        os: [ubuntu-20.04, macos-13, windows-2019]
+        # os: [ubuntu-20.04, macos-13, windows-2019]
+        os: [macos-13]
         node-version: ["18.x"]
 
     steps:
@@ -115,10 +116,27 @@ jobs:
         run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV
         if: matrix.os == 'windows-2019'
 
+      - name: Install gon (macOS)
+        # https://github.com/mitchellh/gon
+        run: brew install mitchellh/gon/gon
+        if: ${{ startsWith(matrix.os, 'macos') }}
+
       - name: Set deployment target (macOS)
         run: echo "MACOSX_DEPLOYMENT_TARGET=10.13" >> $GITHUB_ENV
         if: matrix.os == 'macos-13'
 
+      - name: Set deployment target (macOS)
+        if: ${{ startsWith(matrix.os, 'macos') }}
+        run: rustup target add aarch64-apple-darwin
+
+      - name: Set deployment target (linux)
+        if: ${{ startsWith(matrix.os, 'ubuntu') }}
+        run: rustup target add aarch64-unknown-linux-gnu
+
+      - name: Set deployment target (windows)
+        if: ${{ startsWith(matrix.os, 'windows') }}
+        run: rustup target add aarch64-pc-windows-msvc
+
       - name: Get current date
         run: echo "CURRENT_DATE=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
         if: matrix.os == 'macos-13' || ${{ startsWith(matrix.os, 'ubuntu') }}
@@ -168,12 +186,66 @@ jobs:
         run: yarn install --frozen-lockfile
         working-directory: bindings/nodejs
 
-      - name: Build Node.js prebuild (x64)
-        run: yarn run prebuild-x64
+      # - name: Build Node.js prebuild (x64)
+      #   run: yarn run prebuild-x64
+      #   working-directory: bindings/nodejs
+
+      - name: Build Node.js prebuild (macos, arm64)
+        # if: ${{ startsWith(matrix.os, 'macos') }}
+        run: |
+              yarn run prebuild-macos-arm64
         working-directory: bindings/nodejs
 
-      - name: Build Node.js prebuild (arm64)
-        run: yarn run prebuild-arm64
+      # - name: Build Node.js prebuild (ubuntu/linux, arm64)
+      #   if: ${{ startsWith(matrix.os, 'ubuntu') }}
+      #   run: |
+      #         yarn run prebuild-linux-arm64
+      #   working-directory: bindings/nodejs
+
+      # - name: Build Node.js prebuild (windows, arm64)
+      #   if: ${{ startsWith(matrix.os, 'windows') }}
+      #   run: |
+      #         yarn run prebuild-windows-arm64
+      #   working-directory: bindings/nodejs
+
+      - name: Import code signing assets (macOS)
+        # Based on https://github.com/Apple-Actions/import-codesign-certs/blob/master/src/security.ts
+        run: |
+          security create-keychain -p $KEYCHAIN_PASSWORD signing.keychain
+          security set-keychain-settings -lut 3600 signing.keychain
+          security unlock-keychain -p $KEYCHAIN_PASSWORD signing.keychain
+          echo $MAC_CERT_BASE64 | base64 -D -o signing.p12
+          security import signing.p12 -k signing.keychain -f pkcs12 -T "/usr/bin/codesign" -T "/usr/bin/security" -P $MAC_CERT_PASSWORD
+          rm signing.p12
+          security -q set-key-partition-list -S apple-tool:,apple: -k $KEYCHAIN_PASSWORD signing.keychain > /dev/null
+          security -v list-keychains -s signing.keychain
+          security find-identity -vp codesigning
+        env:
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          MAC_CERT_BASE64: ${{ secrets.MAC_CERT_BASE64 }}
+          MAC_CERT_PASSWORD: ${{ secrets.MAC_CERT_PASSWORD }}
+        if: ${{ startsWith(matrix.os, 'macos') }}
+
+      - name: Sign and notarize index.node binary (macOS)
+        run: |
+          ls prebuilds/@iota/
+
+          # unpack to only get the index.node
+          tar -xvf prebuilds/@iota/sdk-v1.0.0-rc.3-napi-v6-darwin-arm64.tar.gz
+
+          gon gon-config.json
+          unzip binary.zip
+
+          # clean existing build/Release
+          rm -rf build
+          mkdir -p build/Release
+
+          mv -f index.node build/Release/index.node
+          tar -czf prebuilds/@iota/sdk-v1.0.0-rc.3-napi-v6-darwin-arm64.tar.gz build/Release/index.node
+        env:
+          AC_USERNAME: ${{ secrets.ASC_APPLE_ID }}
+          AC_PASSWORD: ${{ secrets.ASC_PASSWORD }}
+        if: ${{ startsWith(matrix.os, 'macos') }}
         working-directory: bindings/nodejs
 
       - name: Upload prebuild to GitHub release

diff --git a/bindings/nodejs/gon-config.json b/bindings/nodejs/gon-config.json
@@ -0,0 +1,13 @@
+{
+  "source": ["./bindings/nodejs/build/Release/index.node"],
+  "bundle_id": "org.iota.cli-wallet",
+  "apple_id": {
+    "password": "@env:AC_PASSWORD"
+  },
+  "sign": {
+    "application_identity": "Developer ID Application: IOTA Stiftung (UG77RJKZHH)"
+  },
+  "zip": {
+    "output_path": "./bindings/nodejs/binary.zip"
+  }
+}
diff --git a/bindings/nodejs/package.json b/bindings/nodejs/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@iota/sdk",
-    "version": "1.0.0-rc.1",
+    "version": "1.0.0-rc.3",
     "description": "Node.js binding to the IOTA SDK library",
     "main": "out/index.js",
     "types": "out/index.d.ts",
@@ -11,7 +11,9 @@
         "build": "node scripts/neon-build && tsc",
         "build:neon": "cargo-cp-artifact -ac iota-sdk-nodejs ./index.node -- cargo build --release --message-format=json-render-diagnostics",
         "prebuild-x64": "prebuild --runtime napi --target 6 --prepack scripts/neon-build.js --strip --arch x64",
-        "prebuild-arm64": "prebuild --runtime napi --target 6 --prepack scripts/neon-build.js --strip --arch arm64",
+        "prebuild-macos-arm64": "prebuild --runtime napi --target 6 --prepack 'cargo-cp-artifact -ac iota-sdk-nodejs ./index.node -- cargo build --release --message-format=json-render-diagnostics --target aarch64-apple-darwin' --strip --arch arm64",
+        "prebuild-linux-arm64": "prebuild --runtime napi --target 6 --prepack 'cargo-cp-artifact -ac iota-sdk-nodejs ./index.node -- cargo build --release --message-format=json-render-diagnostics --target aarch64-unknown-linux-gnu' --strip --arch arm64",
+        "prebuild-windows-arm64": "prebuild --runtime napi --target 6 --prepack 'cargo-cp-artifact -ac iota-sdk-nodejs ./index.node -- cargo build --release --message-format=json-render-diagnostics --target aarch64-pc-windows-msvc' --strip --arch arm64",
         "rebuild": "node scripts/neon-build && tsc && node scripts/strip.js",
         "install": "prebuild-install --runtime napi --tag-prefix='iota-sdk-nodejs-v' && tsc || npm run rebuild",
         "test": "jest"