move notary to sign pipe

moves the notary to goreleases sign pipe
jozu-ai · Mar 26, 2024 · aeb99d6 · aeb99d6
1 parent 4bfff2a
commit aeb99d6
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 11 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -36,15 +36,8 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           APPLE_DEVELOPER_ID: ${{ secrets.APPLICATION_IDENTITY}}
-
-      - name: Notarize macOS archives
-        env:
-          APPLE_ID_PASSWORD: ${{ secrets.AC_PASSWORD }}
-          APPLE_DEVELOPER_ID: ${{ secrets.AC_USERNAME }}
           APPLE_ID: ${{ vars.APPLE_ID }}
-        run: |
-            shopt -s failglob
-            build/scripts/sign dist/kitops-darwin*.zip
+          APPLE_ID_PASSWORD: ${{ secrets.AC_PASSWORD }}
 
       - name: Generate CLI documentation
         run: |

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -34,10 +34,10 @@ builds:
         - cmd: ./build/scripts/sign '{{ .Path }}'
           output: true
 archives:
-  - format: tar.gz
+  - id: kit-archive
+    format: tar.gz
     builds:
       - kit
-      - kit-macos
     name_template: >-
       {{ .ProjectName }}-
       {{- tolower .Os }}-
@@ -53,6 +53,30 @@ archives:
       - LICENSE
       - README.md
 
+  - id: kit-macos-archive
+    format: zip
+    builds:
+      - kit-macos
+    name_template: >-
+      {{ .ProjectName }}-
+      {{- tolower .Os }}-
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    files:
+      - LICENSE
+      - README.md
+
+signs:
+  - artifacts: archive
+    ids:
+      - kit-macos-archive
+    signature: "${artifact}"
+    cmd: build/scripts/sign
+    args:
+      - "${artifact}"
+    output: true
 
 changelog:
   sort: asc

diff --git a/build/scripts/sign b/build/scripts/sign
@@ -13,7 +13,7 @@ sign_macos() {
   fi
 
   if [[ $1 == *.zip ]]; then
-    xcrun notarytool submit "$1" --apple-id "${APPLE_ID?}" --team-id "${APPLE_DEVELOPER_ID?}" --password "${APPLE_ID_PASSWORD?}"
+    xcrun notarytool submit "$1" --apple-id "${APPLE_ID?}" --team-id "${APPLE_DEVELOPER_ID?}" --password "${APPLE_ID_PASSWORD?}" --wait
   else
     codesign --timestamp --options=runtime -s "${APPLE_DEVELOPER_ID?}" -v "$1"
   fi