From 97f789a22e11b1d19cb3c29b9976781969800a6f Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Mon, 14 Apr 2025 14:57:35 -0500 Subject: [PATCH 01/10] Updated CI mac runner --- receivers/electron/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index aa60ca7..5010160 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -17,7 +17,7 @@ buildElectronDockerContainer: buildMac: stage: buildAndDeployElectron tags: - - m1-macos + - tart-installed before_script: - cd receivers/electron script: From 88658c81fd71ac4430536e7729f991e6bd011ebf Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Mon, 14 Apr 2025 15:22:53 -0500 Subject: [PATCH 02/10] CI: Adding Tart image --- receivers/electron/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index 5010160..e2d6621 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -16,6 +16,7 @@ buildElectronDockerContainer: buildMac: stage: buildAndDeployElectron + image: ghcr.io/cirruslabs/macos-sonoma-xcode:latest tags: - tart-installed before_script: From deb99521c34cec27e51754526ccf958d4cf7b17e Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Tue, 15 Apr 2025 12:30:56 -0500 Subject: [PATCH 03/10] CI: Changed Tart image --- receivers/electron/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index e2d6621..047958a 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -16,7 +16,7 @@ buildElectronDockerContainer: buildMac: stage: buildAndDeployElectron - image: ghcr.io/cirruslabs/macos-sonoma-xcode:latest + image: ghcr.io/cirruslabs/macos-ventura-xcode:13.4.1 tags: - tart-installed before_script: From ec4b75845d86f4d27940862dd12cc7e8182b5e03 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Tue, 15 Apr 2025 15:13:39 -0500 Subject: [PATCH 04/10] CI: Using newer Ventura Xcode version --- receivers/electron/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index 047958a..45f429f 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -16,7 +16,7 @@ buildElectronDockerContainer: buildMac: stage: buildAndDeployElectron - image: ghcr.io/cirruslabs/macos-ventura-xcode:13.4.1 + image: ghcr.io/cirruslabs/macos-ventura-xcode:14.3.1 tags: - tart-installed before_script: From f36160a4c0d8f910886c261af1ab632757f858fc Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Wed, 16 Apr 2025 12:51:17 -0500 Subject: [PATCH 05/10] Added Cirrus CI configuration for local testing --- .cirrus.yml | 19 +++++++++++++++++++ .gitignore | 1 + receivers/electron/.gitlab-ci.yml | 1 + 3 files changed, 21 insertions(+) create mode 100644 .cirrus.yml diff --git a/.cirrus.yml b/.cirrus.yml new file mode 100644 index 0000000..e21c2c6 --- /dev/null +++ b/.cirrus.yml @@ -0,0 +1,19 @@ + +# Todo: Codesign fails for local CI, works when steps replicated in VM GUI +# Run command: `cirrus run --artifacts-dir receivers/electron/out` +task: + name: buildReceiverMac + macos_instance: + image: ghcr.io/cirruslabs/macos-ventura-xcode:14.3.1 + buildReceiverMac_script: + - source .secure_files/.env + - sudo security add-certificates -k /Library/Keychains/System.keychain ./.secure_files/developerID_application.cer + - security unlock-keychain -p "admin" ~/Library/Keychains/login.keychain + - security import ./.secure_files/Certificates.p12 -k ~/Library/Keychains/login.keychain -P "$CERTIFICATES_PASSWORD" -T /usr/bin/codesign + - cd receivers/electron + - npm install + - npm run build + - npm run make -- --platform="darwin" --arch="arm64" + - npm run make -- --platform="darwin" --arch="x64" + binary_artifacts: + path: receivers/electron/out/* diff --git a/.gitignore b/.gitignore index bbb35cd..72e3ac4 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ node_modules/ .wrangler/ +.secure_files/ diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index 45f429f..5485950 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -20,6 +20,7 @@ buildMac: tags: - tart-installed before_script: + - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash - cd receivers/electron script: - npm install From 4620ee52b1e1594424b3018e045c88dc24ddc88f Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Wed, 16 Apr 2025 12:56:12 -0500 Subject: [PATCH 06/10] Added keychain setup to GitLab CI --- .cirrus.yml | 2 +- receivers/electron/.gitlab-ci.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index e21c2c6..60535b8 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -9,7 +9,7 @@ task: - source .secure_files/.env - sudo security add-certificates -k /Library/Keychains/System.keychain ./.secure_files/developerID_application.cer - security unlock-keychain -p "admin" ~/Library/Keychains/login.keychain - - security import ./.secure_files/Certificates.p12 -k ~/Library/Keychains/login.keychain -P "$CERTIFICATES_PASSWORD" -T /usr/bin/codesign + - security import ./.secure_files/Certificates.p12 -k ~/Library/Keychains/login.keychain -P "$FCAST_CERTIFICATES_PASSWORD" -T /usr/bin/codesign - cd receivers/electron - npm install - npm run build diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index 5485950..00b7301 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -21,6 +21,9 @@ buildMac: - tart-installed before_script: - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash + - sudo security add-certificates -k /Library/Keychains/System.keychain ./.secure_files/developerID_application.cer + - security unlock-keychain -p "admin" ~/Library/Keychains/login.keychain + - security import ./.secure_files/Certificates.p12 -k ~/Library/Keychains/login.keychain -P "$FCAST_CERTIFICATES_PASSWORD" -T /usr/bin/codesign - cd receivers/electron script: - npm install From 198814b32f661548d1f3851d2b30212508ce9eb3 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Wed, 16 Apr 2025 13:06:37 -0500 Subject: [PATCH 07/10] CI: Testing different Tart image --- receivers/electron/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index 00b7301..6f15e60 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -16,7 +16,7 @@ buildElectronDockerContainer: buildMac: stage: buildAndDeployElectron - image: ghcr.io/cirruslabs/macos-ventura-xcode:14.3.1 + image: ghcr.io/cirruslabs/macos-ventura-xcode@sha256:3380f24929d01a7ac48a554dd242340739387822cf1cb0d96be839ef91b89daf tags: - tart-installed before_script: From 3e2409425e8892518539005aec90fb17201fb5eb Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 17 Apr 2025 12:58:47 -0500 Subject: [PATCH 08/10] CI: Unblock keychain access in CI --- .cirrus.yml | 5 ++++- receivers/electron/.gitlab-ci.yml | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 60535b8..77a2036 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,5 +1,4 @@ -# Todo: Codesign fails for local CI, works when steps replicated in VM GUI # Run command: `cirrus run --artifacts-dir receivers/electron/out` task: name: buildReceiverMac @@ -10,8 +9,12 @@ task: - sudo security add-certificates -k /Library/Keychains/System.keychain ./.secure_files/developerID_application.cer - security unlock-keychain -p "admin" ~/Library/Keychains/login.keychain - security import ./.secure_files/Certificates.p12 -k ~/Library/Keychains/login.keychain -P "$FCAST_CERTIFICATES_PASSWORD" -T /usr/bin/codesign + # Keychain ignores access control, causing to prompt for access and failing in CI environments...: https://stackoverflow.com/a/40039594 + - "security set-key-partition-list -S apple-tool:,apple: -s -k admin ~/Library/Keychains/login.keychain" + - cd receivers/electron - npm install + - npm rebuild - npm run build - npm run make -- --platform="darwin" --arch="arm64" - npm run make -- --platform="darwin" --arch="x64" diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index 6f15e60..2588eab 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -24,9 +24,12 @@ buildMac: - sudo security add-certificates -k /Library/Keychains/System.keychain ./.secure_files/developerID_application.cer - security unlock-keychain -p "admin" ~/Library/Keychains/login.keychain - security import ./.secure_files/Certificates.p12 -k ~/Library/Keychains/login.keychain -P "$FCAST_CERTIFICATES_PASSWORD" -T /usr/bin/codesign + # Keychain ignores access control, causing to prompt for access and failing in CI environments...: https://stackoverflow.com/a/40039594 + - "security set-key-partition-list -S apple-tool:,apple: -s -k admin ~/Library/Keychains/login.keychain" - cd receivers/electron script: - npm install + - npm rebuild - npm run build - npm run make -- --platform="darwin" --arch="arm64" - npm run make -- --platform="darwin" --arch="x64" From 5ac7de20d39952baee2d4b935e6a4301a0da9cd5 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 17 Apr 2025 14:34:56 -0500 Subject: [PATCH 09/10] CI: Added mac runner ssh key --- receivers/electron/.gitlab-ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index 2588eab..afe5718 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -26,6 +26,13 @@ buildMac: - security import ./.secure_files/Certificates.p12 -k ~/Library/Keychains/login.keychain -P "$FCAST_CERTIFICATES_PASSWORD" -T /usr/bin/codesign # Keychain ignores access control, causing to prompt for access and failing in CI environments...: https://stackoverflow.com/a/40039594 - "security set-key-partition-list -S apple-tool:,apple: -s -k admin ~/Library/Keychains/login.keychain" + + - mkdir -p ~/.ssh/ + - cp ./.secure_files/id_ed25519 ~/.ssh/id_ed25519 + - cp ./.secure_files/id_ed25519.pub ~/.ssh/id_ed25519.pub + - chmod 700 ~/.ssh/ + - chmod 600 ~/.ssh/id_ed25519 + - chmod 600 ~/.ssh/id_ed25519.pub - cd receivers/electron script: - npm install From 271ba4866edbc6e54b41c350763f271d586bc143 Mon Sep 17 00:00:00 2001 From: Michael Hollister Date: Thu, 17 Apr 2025 14:53:19 -0500 Subject: [PATCH 10/10] CI: Disabling upload hostkey verification on Mac --- receivers/electron/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/receivers/electron/.gitlab-ci.yml b/receivers/electron/.gitlab-ci.yml index afe5718..a486757 100644 --- a/receivers/electron/.gitlab-ci.yml +++ b/receivers/electron/.gitlab-ci.yml @@ -40,7 +40,7 @@ buildMac: - npm run build - npm run make -- --platform="darwin" --arch="arm64" - npm run make -- --platform="darwin" --arch="x64" - - scp -r out/make/* root@$FCAST_DO_RUNNER_IP:/artifacts/ + - scp -o StrictHostKeyChecking=no -r out/make/* root@$FCAST_DO_RUNNER_IP:/artifacts/ artifacts: untracked: false when: on_success