diff --git a/.github/workflows/build_nudge_pr.yml b/.github/workflows/build_nudge_pr.yml index 8fbceeca..1efe4b87 100644 --- a/.github/workflows/build_nudge_pr.yml +++ b/.github/workflows/build_nudge_pr.yml @@ -31,7 +31,7 @@ jobs: p12-file-base64: ${{ secrets.PKG_CERTIFICATES_P12_MAOS }} p12-password: ${{ secrets.PKG_CERTIFICATES_P12_PASSWORD_MAOS }} - - name: Run build package script + - name: Run build script run: ./build_nudge.zsh - name: get environment variables @@ -40,7 +40,7 @@ jobs: echo "NUDGE_VERSION=$(/bin/cat ./build_info.txt)" >> $GITHUB_ENV echo "NUDGE_MAIN_VERSION=$(/bin/cat ./build_info_main.txt)" >> $GITHUB_ENV - - name: Upload packages + - name: Upload zip archive uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: packages diff --git a/build_nudge.zsh b/build_nudge.zsh index fc2c2fd4..79d02954 100755 --- a/build_nudge.zsh +++ b/build_nudge.zsh @@ -56,14 +56,6 @@ echo "Building Nudge" $XCODE_BUILD -project "$TOOLSDIR/Nudge.xcodeproj" CODE_SIGN_IDENTITY=$APP_SIGNING_IDENTITY OTHER_CODE_SIGN_FLAGS="--timestamp" check_exit_code "$?" "Error running xcodebuild" -# Setup notary item -$XCODE_NOTARY_PATH store-credentials --apple-id "opensource@macadmins.io" --team-id "T4SK8ZXCXG" --password "$2" nudge - -# Zip application for notary -# /usr/bin/ditto -c -k --keepParent "${BUILDSDIR}/Release/Nudge.app" "${BUILDSDIR}/Release/Nudge.zip" -# Notarize nudge application -# $XCODE_NOTARY_PATH submit "${BUILDSDIR}/Release/Nudge.zip" --keychain-profile "nudge" --wait - # Create outputs folder if [ -e $OUTPUTSDIR ]; then /bin/rm -rf $OUTPUTSDIR @@ -73,6 +65,7 @@ fi if ! [ -n "$1" ]; then echo "Did not pass option to create package" # Move notarized zip to outputs folder + /usr/bin/ditto -c -k --keepParent "${BUILDSDIR}/Release/Nudge.app" "${BUILDSDIR}/Release/Nudge.zip" /bin/mv "${BUILDSDIR}/Release/Nudge.zip" "$OUTPUTSDIR" exit 0 fi @@ -125,15 +118,7 @@ python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$NUDGE_PKG_PATH" PKG_RESULT="$?" check_exit_code "$?" "Could not sign package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg" -# Notarize nudge package -$XCODE_NOTARY_PATH submit "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait -check_exit_code "$?" "Could not notarize package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg" -$XCODE_STAPLER_PATH staple "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" -check_exit_code "$?" "Could not staple package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg" -# Move the signed pkg -/bin/mv "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR" - -# move the la to the payload folder +# move the LaunchAgent to the payload folder echo "Moving LaunchAgent to payload folder" NUDGE_LA_PKG_PATH="$TOOLSDIR/NudgePkgLA" if [ -e $NUDGE_LA_PKG_PATH ]; then @@ -165,19 +150,11 @@ echo "Moving postinstall to scripts folder" } SIGNED_JSONFILE -# Create the signed pkg +# Create the LaunchAgent signed pkg python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$NUDGE_LA_PKG_PATH" check_exit_code "$?" "Could not sign package: Nudge_LaunchAgent-1.0.1.pkg" -# Notarize launchagent package -$XCODE_NOTARY_PATH submit "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" --keychain-profile "nudge" --wait -check_exit_code "$?" "Could not notarize package: Nudge_LaunchAgent-1.0.1.pkg" -$XCODE_STAPLER_PATH staple "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" -check_exit_code "$?" "Could not staple package: Nudge_LaunchAgent-1.0.1.pkg" -# Move the signed pkg -/bin/mv "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" "$OUTPUTSDIR" - -# move the ld to the payload folder +# move the Logger to the payload folder echo "Moving LaunchDaemon to logging payload folder" NUDGE_LD_PKG_PATH="$TOOLSDIR/NudgePkgLogger" if [ -e $NUDGE_LD_PKG_PATH ]; then @@ -191,7 +168,7 @@ echo "Moving LaunchDaemon to logging payload folder" echo "Moving postinstall to scripts folder" /bin/cp "${TOOLSDIR}/build_assets/postinstall-logger" "$NUDGE_LD_PKG_PATH/scripts/postinstall" -# Create the json file for the signed munkipkg LaunchAgent pkg +# Create the json file for the signed munkipkg Logger pkg /bin/cat << SIGNED_JSONFILE > "$NUDGE_LD_PKG_PATH/build-info.json" { "distribution_style": true, @@ -213,14 +190,6 @@ SIGNED_JSONFILE python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$NUDGE_LD_PKG_PATH" check_exit_code "$?" "Could not sign package: Nudge_Logger-1.0.1.pkg" -# Notarize logger package -$XCODE_NOTARY_PATH submit "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" --keychain-profile "nudge" --wait -check_exit_code "$?" "Could not notarize package: Nudge_Logger-1.0.1.pkg" -$XCODE_STAPLER_PATH staple "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" -check_exit_code "$?" "Could not staple package: Nudge_Logger-1.0.1.pkg" -# Move the signed pkg -/bin/mv "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" "$OUTPUTSDIR" - # Create the Essentials package echo "Moving Nudge.app to payload folder" ESSENTIALS_PKG_PATH="$TOOLSDIR/NudgePkgEssentials" @@ -259,14 +228,6 @@ SIGNED_JSONFILE python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$ESSENTIALS_PKG_PATH" check_exit_code "$?" "Could not sign package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" -# Notarize Nudge Essentials package -$XCODE_NOTARY_PATH submit "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait -check_exit_code "$?" "Could not notarize package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" -$XCODE_STAPLER_PATH staple "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" -check_exit_code "$?" "Could not staple package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" -# Move the Nudge Essentials signed/notarized pkg -/bin/mv "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR" - # Create the Suite package echo "Moving Nudge.app to payload folder" SUITE_PKG_PATH="$TOOLSDIR/NudgePkgSuite" @@ -308,6 +269,50 @@ SIGNED_JSONFILE python3 "${MP_BINDIR}/munki-pkg-${MP_SHA}/munkipkg" "$SUITE_PKG_PATH" check_exit_code "$?" "Could not sign package: Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg" + +# Notarize packages +if ! [ -n "$2" ]; then + echo "Did not pass option to notarize packages" + # Move notarized zip to outputs folder + /bin/mv "${BUILDSDIR}/Release/Nudge.zip" "$OUTPUTSDIR" + exit 0 +fi + +# Setup notary item +$XCODE_NOTARY_PATH store-credentials --apple-id "opensource@macadmins.io" --team-id "T4SK8ZXCXG" --password "$2" nudge + +# Notarize Nudge package +$XCODE_NOTARY_PATH submit "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait +check_exit_code "$?" "Could not notarize package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg" +$XCODE_STAPLER_PATH staple "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" +check_exit_code "$?" "Could not staple package: Nudge-$AUTOMATED_NUDGE_BUILD.pkg" +# Move the Nudge signed/notarized pkg +/bin/mv "$NUDGE_PKG_PATH/build/Nudge-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR" + +# Notarize Nudge LaunchAgent package +$XCODE_NOTARY_PATH submit "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" --keychain-profile "nudge" --wait +check_exit_code "$?" "Could not notarize package: Nudge_LaunchAgent-1.0.1.pkg" +$XCODE_STAPLER_PATH staple "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" +check_exit_code "$?" "Could not staple package: Nudge_LaunchAgent-1.0.1.pkg" +# Move the Nudge LaunchAgent signed/notarized pkg +/bin/mv "$NUDGE_LA_PKG_PATH/build/Nudge_LaunchAgent-1.0.1.pkg" "$OUTPUTSDIR" + +# Notarize Nudge Logger package +$XCODE_NOTARY_PATH submit "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" --keychain-profile "nudge" --wait +check_exit_code "$?" "Could not notarize package: Nudge_Logger-1.0.1.pkg" +$XCODE_STAPLER_PATH staple "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" +check_exit_code "$?" "Could not staple package: Nudge_Logger-1.0.1.pkg" +# Move the Nudge Logger signed/notarized pkg +/bin/mv "$NUDGE_LD_PKG_PATH/build/Nudge_Logger-1.0.1.pkg" "$OUTPUTSDIR" + +# Notarize Nudge Essentials package +$XCODE_NOTARY_PATH submit "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait +check_exit_code "$?" "Could not notarize package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" +$XCODE_STAPLER_PATH staple "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" +check_exit_code "$?" "Could not staple package: Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" +# Move the Nudge Essentials signed/notarized pkg +/bin/mv "$ESSENTIALS_PKG_PATH/build/Nudge_Essentials-$AUTOMATED_NUDGE_BUILD.pkg" "$OUTPUTSDIR" + # Notarize Nudge Suite package $XCODE_NOTARY_PATH submit "$SUITE_PKG_PATH/build/Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg" --keychain-profile "nudge" --wait check_exit_code "$?" "Could not notarize package: Nudge_Suite-$AUTOMATED_NUDGE_BUILD.pkg"