mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
86 lines
1.7 KiB
Bash
Executable File
86 lines
1.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -ue
|
|
|
|
set +xu
|
|
if [ -z "$AC_USERNAME" ]; then
|
|
exit_with_error "AC_USERNAME not set"
|
|
fi
|
|
|
|
if [ -z "$AC_PASSWORD" ]; then
|
|
exit_with_error "AC_PASSWORD not set"
|
|
fi
|
|
set -u
|
|
|
|
# repackage [archive-path]
|
|
#
|
|
# returns an archive compatible for Apple's notarization process, repackaging the input archive as needed
|
|
#
|
|
repackage() {
|
|
archive=$1
|
|
|
|
case "$archive" in
|
|
*.tar.gz)
|
|
new_archive=${archive%.tar.gz}.zip
|
|
(
|
|
tmp_dir=$(mktemp -d)
|
|
cd "$tmp_dir"
|
|
# redirect stdout to stderr to preserve the return value
|
|
tar xzf "$archive" && zip "$new_archive" ./* 1>&2
|
|
rm -rf "$tmp_dir"
|
|
)
|
|
echo "$new_archive"
|
|
;;
|
|
*.zip)
|
|
echo "$archive"
|
|
;;
|
|
*) return 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# notarize [archive-path]
|
|
#
|
|
notarize() {
|
|
archive_path=$1
|
|
|
|
title "notarizing binaries found in the release archive"
|
|
|
|
payload_archive_path=$(repackage "$archive_path")
|
|
if [ "$?" != "0" ]; then
|
|
exit_with_error "cannot prepare payload for notarization: $archive_path"
|
|
fi
|
|
|
|
if [ ! -f "$payload_archive_path" ]; then
|
|
exit_with_error "cannot find payload for notarization: $payload_archive_path"
|
|
fi
|
|
|
|
# install gon
|
|
which gon || (brew tap mitchellh/gon && brew install mitchellh/gon/gon)
|
|
|
|
# create config (note: json via stdin with gon is broken, can only use HCL from file)
|
|
tmp_file=$(mktemp).hcl
|
|
|
|
cat <<EOF > "$tmp_file"
|
|
notarize {
|
|
path = "$archive_path"
|
|
bundle_id = "com.anchore.toolbox.syft"
|
|
}
|
|
|
|
apple_id {
|
|
username = "$AC_USERNAME"
|
|
password = "@env:AC_PASSWORD"
|
|
}
|
|
EOF
|
|
|
|
gon -log-level info "$tmp_file"
|
|
|
|
result="$?"
|
|
|
|
rm "$tmp_file"
|
|
|
|
if [ "$result" -ne "0" ]; then
|
|
exit_with_error "notarization failed"
|
|
fi
|
|
}
|
|
|