ci: switch altool to notarytool

2023-08-08 14:06:06 +02:00 · 2023-08-08 14:06:06 +02:00 · dcfebbcb9e
parent 9cc6bdc9db
commit dcfebbcb9e
12 changed files with 29 additions and 36 deletions
--- a/3
+++ b/3
@ -663,8 +663,7 @@ ifdef MACOS_CODESIGN_IDENT
 	scripts/sign-macos-pkg.sh $(STATUS_CLIENT_DMG) $(MACOS_CODESIGN_IDENT)
 endif
-notarize-macos: export CHECK_INTERVAL_SEC ?= 30
+notarize-macos: export CHECK_TIMEOUT ?= 10m
 notarize-macos: export CHECK_RETRY_LIMIT ?= 40
 notarize-macos: export MACOS_BUNDLE_ID ?= im.status.ethereum.desktop
 notarize-macos:
 	scripts/notarize-macos-pkg.sh $(STATUS_CLIENT_DMG)
--- a/ci/Jenkinsfile.combined
+++ b/ci/Jenkinsfile.combined
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 pipeline {
--- a/ci/Jenkinsfile.linux
+++ b/ci/Jenkinsfile.linux
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/ci/Jenkinsfile.macos
+++ b/ci/Jenkinsfile.macos
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/ci/Jenkinsfile.tests-e2e
+++ b/ci/Jenkinsfile.tests-e2e
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/ci/Jenkinsfile.tests-imports
+++ b/ci/Jenkinsfile.tests-imports
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/ci/Jenkinsfile.tests-nim
+++ b/ci/Jenkinsfile.tests-nim
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/ci/Jenkinsfile.windows
+++ b/ci/Jenkinsfile.windows
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/ci/cpp/Jenkinsfile.linux
+++ b/ci/cpp/Jenkinsfile.linux
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/ci/cpp/Jenkinsfile.macos
+++ b/ci/cpp/Jenkinsfile.macos
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/ci/cpp/Jenkinsfile.windows
+++ b/ci/cpp/Jenkinsfile.windows
@ -1,3 +1,4 @@
 #!/usr/bin/env groovy
 library 'status-jenkins-lib@v1.7.11'
 /* Options section can't access functions in objects. */
--- a/scripts/notarize-macos-pkg.sh
+++ b/scripts/notarize-macos-pkg.sh
@ -11,29 +11,26 @@ set -eof pipefail
 # Path to MacOS bundle created by XCode.
 BUNDLE_PATH="${1}"
-# Notarization request check intervals/retries.
+# Notarization request check timeout.
-CHECK_INTERVAL_SEC="${CHECK_INTERVAL_SEC:-30}"
+CHECK_TIMEOUT="${CHECK_TIMEOUT:-10m}"
-CHECK_RETRY_LIMIT="${CHECK_RETRY_LIMIT:-40}"
+# Xcode notarization log file paths
 # Unique ID of MacOS application.
 MACOS_BUNDLE_ID="${MACOS_BUNDLE_ID:-im.status.ethereum.desktop}"
 # Xcode altool log file paths
 NOTARIZATION_ERR_LOG="${NOTARIZATION_ERR_LOG:-${PWD}/notarization.out.log}"
 NOTARIZATION_OUT_LOG="${NOTARIZATION_OUT_LOG:-${PWD}/notarization.err.log}"
-function show_xcrun_altool_logs() {
+function show_notarization_logs() {
    echo "FAILURE!"
    echo "STDERR:"
    cat "${NOTARIZATION_ERR_LOG}"
    echo "STDOUT:"
    cat "${NOTARIZATION_OUT_LOG}"
 }
-trap show_xcrun_altool_logs ERR
+trap show_notarization_logs ERR
-function xcrun_altool() {
+function xcrun_notarytool() {
    # STDERR goes to /dev/null so we can capture just the JSON.
-    xcrun altool "${@}" \
+    xcrun notarytool "${@}" \
        --team-id "${MACOS_NOTARIZE_TEAM_ID}" \
-        --username "${MACOS_NOTARIZE_USERNAME}" \
+        --apple-id "${MACOS_NOTARIZE_USERNAME}" \
        --password "${MACOS_NOTARIZE_PASSWORD}" \
        --output-format "json" \
         > >(tee -a "${NOTARIZATION_OUT_LOG}") \
@ -42,9 +39,9 @@ function xcrun_altool() {
 # Submit app for notarization. Should take 5-10 minutes.
 echo -e "\n### Creating Notarization Request..."
-OUT=$(xcrun_altool --notarize-app -f "${BUNDLE_PATH}" --primary-bundle-id "${MACOS_BUNDLE_ID}")
+OUT=$(xcrun_notarytool submit --wait --timeout "${CHECK_TIMEOUT}" "${BUNDLE_PATH}")
 # Necessary to track notarization request progress.
-REQUEST_UUID=$(echo "${OUT}" | jq -r '."notarization-upload".RequestUUID')
+REQUEST_UUID=$(echo "${OUT}" | jq -r '.id')
 if [[ -z "${REQUEST_UUID}" ]] || [[ "${REQUEST_UUID}" == "null" ]]; then
    echo "\n!!! FAILURE: No notarization request UUID found." >&1
@ -54,28 +51,15 @@ if [[ -z "${REQUEST_UUID}" ]] || [[ "${REQUEST_UUID}" == "null" ]]; then
 fi
 echo -e "\n### Request ID: ${REQUEST_UUID}"
-# Check notarization ticket status periodically.
+# Check notarization ticket status.
 echo -e "\n### Checking Notarization Status..."
-while sleep "${CHECK_INTERVAL_SEC}"; do
+if $(echo "${OUT}" | jq -er '.status == "Accepted"'); then
    OUT=$(xcrun_altool --notarization-info "${REQUEST_UUID}")
    # Once notarization is complete, run stapler and exit.
    if $(echo "${OUT}" | jq -er '."notarization-info".Status == "in progress"'); then
        ((CHECK_RETRY_LIMIT-=1))
        if [[ "${CHECK_RETRY_LIMIT}" -eq 0 ]]; then
            echo -e "\n!!! FAILURE: Notarization timed out."
            exit 1
        fi
        echo "In progress, sleeping ${CHECK_INTERVAL_SEC}s..."
    elif $(echo "${OUT}" | jq -er '."notarization-info".Status == "success"'); then
    echo -e "\n### Successful Notarization"
        break
 else
    echo -e "\n!!! Notariztion Error"
    echo "${OUT}" >&2
    exit 1
 fi
 done
 # Optional but preferrable to attach the ticket to the bundle.
 echo -e "\n### Stapling Notarization Ticket..."