5050 path : ${{ env.DIST_DIR }}
5151
5252 notarize-macos :
53+ name : notarize-${{ matrix.artifact.name }}
5354 runs-on : macos-latest
5455 needs : create-release-artifacts
56+ outputs :
57+ checksum-darwin_amd64 : ${{ steps.re-package.outputs.checksum-darwin_amd64 }}
58+ checksum-darwin_arm64 : ${{ steps.re-package.outputs.checksum-darwin_arm64 }}
59+
60+ strategy :
61+ matrix :
62+ artifact :
63+ - name : darwin_amd64
64+ path : " macOS_64bit.tar.gz"
65+ - name : darwin_arm64
66+ path : " macOS_ARM64.tar.gz"
5567
5668 steps :
5769 - name : Checkout repository
@@ -91,27 +103,49 @@ jobs:
91103 wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip
92104 unzip gon_macos.zip -d /usr/local/bin
93105
106+ name : Write gon config to file
107+ # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
108+ run : |
109+ cat > gon.config.hcl <<EOF
110+ # See: https://github.com/mitchellh/gon#configuration-file
111+ source = ["dist/arduino-cli_osx_${{ matrix.artifact.name }}/arduino-cli"]
112+ bundle_id = "cc.arduino.arduino-cli"
113+
114+ sign {
115+ application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
116+ }
117+
118+ # Ask Gon for zip output to force notarization process to take place.
119+ # The CI will ignore the zip output, using the signed binary only.
120+ zip {
121+ output_path = "unused.zip"
122+ }
123+ EOF
124+
94125name : Sign and notarize binary
95126 env :
96127 AC_USERNAME : ${{ secrets.AC_USERNAME }}
97128 AC_PASSWORD : ${{ secrets.AC_PASSWORD }}
98129 run : |
99130 gon gon.config.hcl
100131
101- name : Re-package binary and update checksum
132+ name : Re-package binary and output checksum
133+ id : re-package
102134 # This step performs the following:
103135 # 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
104- # 2. Recalculate package checksum and replace it in the nnnnnn-checksums.txt file
136+ # 2. Recalculate package checksum
137+ # 3. Output the new checksum to include in the nnnnnn-checksums.txt file(it cannot be done there because of parallelization)
105138 run : |
106139 # GitHub's upload/download-artifact@v2 actions don't preserve file permissions,
107140 # so we need to add execution permission back until the action is made to do this.
108- chmod +x ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64 /${{ env.PROJECT_NAME }}
141+ chmod +x " ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_${{ matrix.artifact.name }} /${{ env.PROJECT_NAME }}"
109142 TAG="${GITHUB_REF/refs\/tags\//}"
110- tar -czvf "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz" \
111- -C ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64/ ${{ env.PROJECT_NAME }} \
143+ PACKAGE_FILENAME="$(basename ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_${{ matrix.artifact.path }})"
144+ tar -czvf "${{ env.DIST_DIR }}/$PACKAGE_FILENAME" \
145+ -C "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_${{ matrix.artifact.name }}/" "${{ env.PROJECT_NAME }}" \
112146 -C ../../ LICENSE.txt
113- CHECKSUM ="$(shasum -a 256 ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz | cut -d " " -f 1 )"
114- perl -pi -w -e "s/.* ${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz/${CHECKSUM} ${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz/g;" ${{ env.DIST_DIR }}/*-checksums.txt
147+ CHECKSUM_LINE ="$(shasum -a 256 ${{ env.DIST_DIR }}/$PACKAGE_FILENAME )"
148+ echo "::set-output name=checksum- ${{ matrix.artifact.name }}::$CHECKSUM_LINE"
115149
116150name : Upload artifacts
117151 uses : actions/upload-artifact@v3
@@ -131,6 +165,16 @@ jobs:
131165 name : ${{ env.ARTIFACT_NAME }}
132166 path : ${{ env.DIST_DIR }}
133167
168+ - name : Update checksum
169+ run : |
170+ declare -a checksum_lines=("${{ needs.notarize-macos.outputs.checksum-darwin_amd64 }}", "${{ needs.notarize-macos.outputs.checksum-darwin_arm64 }}")
171+ for checksum_line in "${checksum_lines[@]}"
172+ do
173+ CHECKSUM=$(echo ${checksum_line} | cut -d " " -f 1)
174+ PACKAGE_FILENAME=$(echo ${checksum_line} | cut -d " " -f 2)
175+ perl -pi -w -e "s/.*${PACKAGE_FILENAME}/${CHECKSUM} ${PACKAGE_FILENAME}/g;" ${{ env.DIST_DIR }}/*-checksums.txt
176+ done
177+
134178name : Identify Prerelease
135179 # This is a workaround while waiting for create-release action
136180 # to implement auto pre-release based on tag
0 commit comments