oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 16:33:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
syft/.github/scripts/apple-signing/notarize.sh
Alex Goodman e4ac7700dd
pass notarize arg, not original archive (#793) 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2022-02-04 19:44:37 +00:00

86 lines
1.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -ue
set +xu
if [ -z "$AC_USERNAME" ]; then
exit_with_error "AC_USERNAME not set"
fi
if [ -z "$AC_PASSWORD" ]; then
exit_with_error "AC_PASSWORD not set"
fi
set -u
# repackage [archive-path]
#
# returns an archive compatible for Apple's notarization process, repackaging the input archive as needed
#
repackage() {
archive=$1
case "$archive" in
*.tar.gz)
new_archive=${archive%.tar.gz}.zip
(
tmp_dir=$(mktemp -d)
cd "$tmp_dir"
# redirect stdout to stderr to preserve the return value
tar xzf "$archive" && zip "$new_archive" ./* 1>&2
rm -rf "$tmp_dir"
)
echo "$new_archive"
;;
*.zip)
echo "$archive"
;;
*) return 1
;;
esac
}
# notarize [archive-path]
#
notarize() {
archive_path=$1
title "notarizing binaries found in the release archive"
payload_archive_path=$(repackage "$archive_path")
if [ "$?" != "0" ]; then
exit_with_error "cannot prepare payload for notarization: $archive_path"
fi
if [ ! -f "$payload_archive_path" ]; then
exit_with_error "cannot find payload for notarization: $payload_archive_path"
fi
# install gon
which gon || (brew tap mitchellh/gon && brew install mitchellh/gon/gon)
# create config (note: json via stdin with gon is broken, can only use HCL from file)
tmp_file=$(mktemp).hcl
cat <<EOF > "$tmp_file"
notarize {
path = "$payload_archive_path"
bundle_id = "com.anchore.toolbox.syft"
}
apple_id {
username = "$AC_USERNAME"
password = "@env:AC_PASSWORD"
}
EOF
gon -log-level info "$tmp_file"
result="$?"
rm "$tmp_file"
if [ "$result" -ne "0" ]; then
exit_with_error "notarization failed"
fi
}
Reference in New Issue View Git Blame Copy Permalink