coder/coder-desktop-macosPublic

NotificationsYou must be signed in to change notification settings
Fork3
Star16

Commit3e07954

committed

added some local helpers and reactivated ci workflows

Change-Id: Ie0ecd24e63f5d015f3375c2853829c4646df16a6Signed-off-by: Thomas Kosiewski <tk@coder.com>

1 parentbabb49e commit3e07954Copy full SHA for 3e07954

File tree

7 files changed

+148

-63

lines changed

.github
- actions/nix-devshell
  - action.yaml
- dependabot.yaml
- workflows
  - ci.yml
  - release.yml
Makefile
flake.nix
scripts
- build.sh

7 files changed

+148

-63

lines changed

`‎.github/actions/nix-devshell/action.yaml`

Lines changed: 0 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,8 +6,5 @@ runs:`
`6`	`6`	`-name:Setup Nix`
`7`	`7`	`uses:DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d# v16`
`8`	`8`
`9`		`- -name:Setup GHA Nix cache`
`10`		`-uses:DeterminateSystems/magic-nix-cache-action@6221693898146dc97e38ad0e013488a16477a4c4# v9`
`11`		`-`
`12`	`9`	`-name:Enter devshell`
`13`	`10`	`uses:nicknovitski/nix-develop@9be7cfb4b10451d3390a75dc18ad0465bed4932a# v1.2.1`

`‎.github/dependabot.yaml`

Lines changed: 15 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,15 @@`
	`1`	`+version:2`
	`2`	`+updates:`
	`3`	`+ -package-ecosystem:"github-actions"`
	`4`	`+directory:"/"`
	`5`	`+schedule:`
	`6`	`+interval:"weekly"`
	`7`	`+time:"06:00"`
	`8`	`+timezone:"America/Chicago"`
	`9`	`+labels:[]`
	`10`	`+commit-message:`
	`11`	`+prefix:"ci"`
	`12`	`+groups:`
	`13`	`+github-actions:`
	`14`	`+patterns:`
	`15`	`+ -"*"`

`‎.github/workflows/ci.yml`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,12 +17,12 @@ jobs:`
`17`	`17`	`test:`
`18`	`18`	`name:test`
`19`	`19`	`runs-on:${{ github.repository_owner == 'coder' && 'depot-macos-latest' \|\| 'macos-latest'}}`
`20`		`-if:false`
`21`	`20`	`steps:`
`22`	`21`	`-name:Checkout`
`23`	`22`	`uses:actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683# v4.2.2`
`24`	`23`	`with:`
`25`	`24`	`fetch-depth:1`
	`25`	`+persist-credentials:false`
`26`	`26`
`27`	`27`	`-name:Switch XCode Version`
`28`	`28`	`uses:maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd# v1.6.0`
`@@ -39,12 +39,12 @@ jobs:`
`39`	`39`	`format:`
`40`	`40`	`name:fmt`
`41`	`41`	`runs-on:${{ github.repository_owner == 'coder' && 'depot-macos-latest' \|\| 'macos-latest'}}`
`42`		`-if:false`
`43`	`42`	`steps:`
`44`	`43`	`-name:Checkout`
`45`	`44`	`uses:actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683# v4.2.2`
`46`	`45`	`with:`
`47`	`46`	`fetch-depth:1`
	`47`	`+persist-credentials:false`
`48`	`48`
`49`	`49`	`-name:Switch XCode Version`
`50`	`50`	`uses:maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd# v1.6.0`
`@@ -61,12 +61,12 @@ jobs:`
`61`	`61`	`lint:`
`62`	`62`	`name:lint`
`63`	`63`	`runs-on:${{ github.repository_owner == 'coder' && 'depot-macos-latest' \|\| 'macos-latest'}}`
`64`		`-if:false`
`65`	`64`	`steps:`
`66`	`65`	`-name:Checkout`
`67`	`66`	`uses:actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683# v4.2.2`
`68`	`67`	`with:`
`69`	`68`	`fetch-depth:1`
	`69`	`+persist-credentials:false`
`70`	`70`
`71`	`71`	`-name:Setup Nix`
`72`	`72`	`uses:./.github/actions/nix-devshell`

`‎.github/workflows/release.yml`

Lines changed: 32 additions & 31 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,73 +2,74 @@ name: release`
`2`	`2`
`3`	`3`	`on:`
`4`	`4`	# TODO: Switch to on `v*` tag push
`5`		`-workflow_dispatch:`
	`5`	`+pull_request:`
`6`	`6`
`7`		`-# permissions:`
`8`		`-# # To upload assets to the release`
`9`		`-# contents: write`
	`7`	`+permissions:{}`
`10`	`8`
`11`	`9`	`jobs:`
`12`	`10`	`build:`
`13`	`11`	`runs-on:${{ github.repository_owner == 'coder' && 'depot-macos-latest' \|\| 'macos-latest'}}`
`14`	`12`	`if:${{ github.repository_owner == 'coder' }}`
`15`		`-env:`
`16`		`-CERT_PATH:/tmp/apple_cert.p12`
`17`		`-APP_PROF_PATH:/tmp/app.provisionprofile`
`18`		`-EXT_PROF_PATH:/tmp/ext.provisionprofile`
`19`		`-KEYCHAIN_PATH:/tmp/app-signing.keychain-db`
	`13`	`+permissions:`
	`14`	`+# To upload assets to the release`
	`15`	`+contents:write`
	`16`	`+env:`
	`17`	`+KEYCHAIN_PATH:/tmp/app-signing.keychain-db`
`20`	`18`	`steps:`
`21`	`19`	`-name:Checkout`
`22`	`20`	`uses:actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683# v4.2.2`
`23`	`21`	`with:`
`24`	`22`	`fetch-depth:1`
	`23`	`+persist-credentials:false`
`25`	`24`
`26`	`25`	`-name:Switch XCode Version`
`27`	`26`	`uses:maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd# v1.6.0`
`28`	`27`	`with:`
`29`	`28`	`xcode-version:"16.0.0"`
`30`	`29`
`31`		`- -name:Install Cert & Retrieve Provisioning Profiles`
	`30`	`+ -name:Setup Nix`
	`31`	`+uses:./.github/actions/nix-devshell`
	`32`	`+`
	`33`	`+# FIXME(ThomasK33): Only used for testing, shall be removed later`
	`34`	`+ -name:Setup tmate session`
	`35`	`+uses:mxschmitt/action-tmate@v3`
	`36`	`+with:`
	`37`	`+limit-access-to-actor:true`
`32`	`38`	`env:`
`33`	`39`	`APPLE_CERT:${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }}`
`34`	`40`	`CERT_PASSWORD:${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }}`
	`41`	`+APPLE_ID:${{ secrets.APPLE_NOTARYTOOL_USERNAME }}`
	`42`	`+APPLE_ID_PASSWORD:${{ secrets.APPLE_NOTARYTOOL_PASSWORD }}`
`35`	`43`	`APP_PROF:${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }}`
`36`	`44`	`EXT_PROF:${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }}`
	`45`	`+`
	`46`	`+ -name:Install Cert & Retrieve Provisioning Profiles`
	`47`	`+env:`
	`48`	`+APPLE_CERT:${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }}`
	`49`	`+CERT_PASSWORD:${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }}`
`37`	`50`	`run:\|`
`38`		`- set -euo pipefail`
`39`		`- touch "$CERT_PATH" "$APP_PROF_PATH" "$EXT_PROF_PATH"`
`40`		`- echo "$APPLE_CERT" \| base64 -d > "$CERT_PATH"`
`41`		`- echo "$APP_PROF" \| base64 -d > "$APP_PROF_PATH"`
`42`		`- echo "$EXT_PROF" \| base64 -d > "$EXT_PROF_PATH"`
`43`		`- set -x`
	`51`	`+ set -euox pipefail`
`44`	`52`	`security create-keychain -p "" "$KEYCHAIN_PATH"`
`45`	`53`	`security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"`
`46`	`54`	`security unlock-keychain -p "" "$KEYCHAIN_PATH"`
`47`		`- security import"$CERT_PATH" -P "$CERT_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"`
	`55`	`+ security import<(echo -n "$APPLE_CERT" \| base64 -d) -P "$CERT_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"`
`48`	`56`	`security list-keychain -d user -s "$KEYCHAIN_PATH"`
`49`	`57`
`50`		`- -name:Setup Deps`
`51`		`-run:\|`
`52`		`- brew install xcodegen`
`53`		`- npm install --global create-dmg`
`54`		`-`
`55`	`58`	`-name:Build`
`56`	`59`	`env:`
`57`	`60`	`APPLE_ID:${{ secrets.APPLE_NOTARYTOOL_USERNAME }}`
`58`	`61`	`APPLE_ID_PASSWORD:${{ secrets.APPLE_NOTARYTOOL_PASSWORD }}`
`59`		`-run:\|`
`60`		`- ./scripts/build.sh`
`61`		`-`
	`62`	`+APP_PROF:${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }}`
	`63`	`+EXT_PROF:${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }}`
	`64`	`+run:./scripts/build.sh \`
	`65`	`+--app-prof-path <(echo -n "$APP_PROF" \| base64 -d) \`
	`66`	`+--ext-prof-path <(echo -n "$EXT_PROF" \| base64 -d) \`
	`67`	`+--keychain-path "$KEYCHAIN_PATH"`
	`68`	`+`
`62`	`69`	`-name:Upload Build Artifacts`
`63`	`70`	`uses:actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08# v4.6.0`
`64`	`71`	`with:`
`65`	`72`	`name:app`
`66`	`73`	`path:\|`
`67`	`74`	`./build`
`68`	`75`	`retention-days:7`
`69`		`-`
`70`		`- -name:Clean Up`
`71`		`-if:always()`
`72`		`-run:\|`
`73`		`- security delete-keychain "$KEYCHAIN_PATH"`
`74`		`- rm -f /tmp/{apple_cert.p12,app.provisionprofile,ext.provisionprofile,app-signing.keychain-db}`

`‎Makefile`

Lines changed: 18 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ PROJECT := Coder\ Desktop`
`10`	`10`	`XCPROJECT := Coder\ Desktop/Coder\ Desktop.xcodeproj`
`11`	`11`	`SCHEME := Coder\ Desktop`
`12`	`12`	`SWIFT_VERSION := 6.0`
	`13`	`+APP_SIGNING_KEYCHAIN := app-signing.keychain-db`
`13`	`14`
`14`	`15`	`.PHONY: setup`
`15`	`16`	`setup:\`
`@@ -27,6 +28,14 @@ $(XCPROJECT): $(PROJECT)/project.yml`
`27`	`28`	`$(PROJECT)/VPNLib/vpn.pb.swift:$(PROJECT)/VPNLib/vpn.proto`
`28`	`29`	`protoc --swift_opt=Visibility=public --swift_out=.'Coder Desktop/VPNLib/vpn.proto'`
`29`	`30`
	`31`	`+.PHONY:$(APP_SIGNING_KEYCHAIN)`
	`32`	`+$(APP_SIGNING_KEYCHAIN):`
	`33`	`+security create-keychain -p"""$(APP_SIGNING_KEYCHAIN)"`
	`34`	`+security set-keychain-settings -lut 21600"$(APP_SIGNING_KEYCHAIN)"`
	`35`	`+security unlock-keychain -p"""$(APP_SIGNING_KEYCHAIN)"`
	`36`	`+security import<(echo -n"${APPLE_CERT}"\| base64 -d) -P"${CERT_PASSWORD}" -A -t cert -f pkcs12 -k"$(APP_SIGNING_KEYCHAIN)"`
	`37`	`+security list-keychain -d user -s"$(APP_SIGNING_KEYCHAIN)"`
	`38`	`+`
`30`	`39`	`.PHONY: fmt`
`31`	`40`	`fmt:## Run Swift file formatter`
`32`	`41`	`swiftformat\`
`@@ -44,11 +53,19 @@ test: $(XCPROJECT) ## Run all tests`
`44`	`53`	`CODE_SIGNING_ALLOWED=NO\| xcbeautify`
`45`	`54`
`46`	`55`	`.PHONY: lint`
`47`		`-lint:## Lint swift files`
	`56`	`+lint: lint/swift lint/actions## Lint all files in the repo`
	`57`	`+`
	`58`	`+.PHONY: lint/swift`
	`59`	`+lint/swift:## Lint Swift files`
`48`	`60`	`swiftlint\`
`49`	`61`	`--strict\`
`50`	`62`	`--quiet$(LINTFLAGS)`
`51`	`63`
	`64`	`+.PHONY: lint/actions`
	`65`	`+lint/actions:## Lint GitHub Actions`
	`66`	`+actionlint`
	`67`	`+zizmor.`
	`68`	`+`
`52`	`69`	`.PHONY: clean`
`53`	`70`	`clean:## Clean Xcode project`
`54`	`71`	`xcodebuild clean\`

`‎flake.nix`

Lines changed: 6 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -31,17 +31,22 @@`
`31`	`31`
`32`	`32`	`devShells.default=pkgs.mkShellNoCC{`
`33`	`33`	`buildInputs=withpkgs;[`
	`34`	`+actionlint`
`34`	`35`	`apple-sdk_15`
`35`	`36`	`clang`
	`37`	`+coreutils`
	`38`	`+create-dmg`
`36`	`39`	`formatter`
`37`	`40`	`gnumake`
`38`	`41`	`protobuf_28`
`39`	`42`	`protoc-gen-swift`
`40`	`43`	`swiftformat`
`41`	`44`	`swiftlint`
`42`	`45`	`watchexec`
`43`		`-xcodegen`
`44`	`46`	`xcbeautify`
	`47`	`+xcodegen`
	`48`	`+xcpretty`
	`49`	`+zizmor`
`45`	`50`	`];`
`46`	`51`	`};`
`47`	`52`	`}`

`‎scripts/build.sh`

Lines changed: 74 additions & 24 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,19 +1,67 @@`
`1`	`1`	`#!/usr/bin/env bash`
	`2`	`+set -euo pipefail`
`2`	`3`
`3`		`-set -euxo pipefail`
	`4`	`+# Build Documentation @ https://developer.apple.com/forums/thread/737894`
	`5`	`+APPLE_TEAM_ID="4399GN35BJ"`
	`6`	`+CODE_SIGN_IDENTITY="Developer ID Application: Coder Technologies Inc (${APPLE_TEAM_ID})"`
`4`	`7`
`5`		`-get_uuid() {`
`6`		`- strings"$1"\| grep -E -o'[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}'`
	`8`	`+# Default values pulled in from env`
	`9`	`+APP_PROF_PATH=${APP_PROF_PATH:-""}`
	`10`	`+EXT_PROF_PATH=${EXT_PROF_PATH:-""}`
	`11`	`+KEYCHAIN_PATH=${KEYCHAIN_PATH:-""}`
	`12`	`+`
	`13`	`+# Function to display usage`
	`14`	`+usage() {`
	`15`	`+echo"Usage:$0 [--app-prof-path <path>] [--ext-prof-path <path>] [--keychain-path <path>]"`
	`16`	`+echo" --app-prof-path <path> Set the APP_PROF_PATH variable"`
	`17`	`+echo" --ext-prof-path <path> Set the EXT_PROF_PATH variable"`
	`18`	`+echo" --keychain-path <path> Set the KEYCHAIN_PATH variable"`
	`19`	`+echo" -h, --help Display this help message"`
`7`	`20`	`}`
`8`	`21`
`9`		`-# Build Documentation @ https://developer.apple.com/forums/thread/737894`
	`22`	`+# Parse command line arguments`
	`23`	`+while [["$#"-gt 0 ]];do`
	`24`	`+case$1in`
	`25`	`+ --app-prof-path)`
	`26`	`+ APP_PROF_PATH="$2"`
	`27`	`+shift 2`
	`28`	`+ ;;`
	`29`	`+ --ext-prof-path)`
	`30`	`+ EXT_PROF_PATH="$2"`
	`31`	`+shift 2`
	`32`	`+ ;;`
	`33`	`+ --keychain-path)`
	`34`	`+ KEYCHAIN_PATH="$2"`
	`35`	`+shift 2`
	`36`	`+ ;;`
	`37`	`+ -h \| --help)`
	`38`	`+ usage`
	`39`	`+exit 0`
	`40`	`+ ;;`
	`41`	`+*)`
	`42`	`+echo"Unknown parameter passed:$1"`
	`43`	`+ usage`
	`44`	`+exit 1`
	`45`	`+ ;;`
	`46`	`+esac`
	`47`	`+done`
	`48`	`+`
	`49`	`+# Check if required variables are set`
	`50`	`+if [[-z"$APP_PROF_PATH"\|\|-z"$EXT_PROF_PATH"\|\|-z"$KEYCHAIN_PATH" ]];then`
	`51`	`+echo"Missing required values"`
	`52`	`+echo`
	`53`	`+ usage`
	`54`	`+exit 1`
	`55`	`+fi`
`10`	`56`
`11`	`57`	`XCODE_PROVISIONING_PROFILES_DIR="$HOME/Library/Developer/Xcode/UserData/Provisioning Profiles"`
`12`	`58`	`ALT_PROVISIONING_PROFILES_DIR="$HOME/Library/MobileDevice/Provisioning Profiles"`
`13`	`59`	`mkdir -p"$XCODE_PROVISIONING_PROFILES_DIR"`
`14`	`60`	`mkdir -p"$ALT_PROVISIONING_PROFILES_DIR"`
`15`		`-APPLE_TEAM_ID="4399GN35BJ"`
`16`		`-CODE_SIGN_IDENTITY="Developer ID Application: Coder Technologies Inc (${APPLE_TEAM_ID})"`
	`61`	`+`
	`62`	`+get_uuid() {`
	`63`	`+ strings"$1"\| grep -E -o'[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}'`
	`64`	`+}`
`17`	`65`
`18`	`66`	`# Extract the ID of each provisioning profile`
`19`	`67`	`APP_PROVISIONING_PROFILE_ID=$(get_uuid"$APP_PROF_PATH")`
`@@ -29,41 +77,43 @@ cp "$EXT_PROF_PATH" "${ALT_PROVISIONING_PROFILES_DIR}/${EXT_PROVISIONING_PROFILE`
`29`	`77`	`export APP_PROVISIONING_PROFILE_ID`
`30`	`78`	`export EXT_PROVISIONING_PROFILE_ID`
`31`	`79`	`export PTP_SUFFIX`
	`80`	`+`
`32`	`81`	`make`
	`82`	`+`
`33`	`83`	`xcodebuild \`
`34`		`--project"Coder Desktop/Coder Desktop.xcodeproj" \`
`35`		`--scheme"Coder Desktop" \`
`36`		`--configuration"Release" \`
`37`		`--skipPackagePluginValidation \`
`38`		`-CODE_SIGN_STYLE=Manual \`
`39`		`-CODE_SIGN_IDENTITY="$CODE_SIGN_IDENTITY" \`
`40`		`-CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO \`
`41`		`-OTHER_CODE_SIGN_FLAGS='--timestamp'\| LC_ALL="en_US.UTF-8" xcpretty`
	`84`	`+ -project"Coder Desktop/Coder Desktop.xcodeproj" \`
	`85`	`+ -scheme"Coder Desktop" \`
	`86`	`+ -configuration"Release" \`
	`87`	`+ -skipPackagePluginValidation \`
	`88`	`+ CODE_SIGN_STYLE=Manual \`
	`89`	`+ CODE_SIGN_IDENTITY="$CODE_SIGN_IDENTITY" \`
	`90`	`+ CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO \`
	`91`	`+ OTHER_CODE_SIGN_FLAGS='--timestamp'\| LC_ALL="en_US.UTF-8" xcpretty`
`42`	`92`
`43`	`93`	`mkdir build`
`44`	`94`	`built_app_path="./Coder Desktop.app"`
`45`	`95`	`ditto"$(find"$HOME/Library/Developer/Xcode/DerivedData" -name"Coder Desktop.app")""$built_app_path"`
`46`	`96`
`47`	`97`	`create-dmg \`
`48`		`---identity="$CODE_SIGN_IDENTITY" \`
`49`		`-"$built_app_path" \`
`50`		`-./`
	`98`	`+ --identity="$CODE_SIGN_IDENTITY" \`
	`99`	`+"$built_app_path" \`
	`100`	`+ ./`
`51`	`101`
`52`	`102`	`# Add dmg to build artifacts`
`53`	`103`	`dmg_path="./build/Coder Desktop.dmg"`
`54`	`104`	`mv ./Coder\Desktop*.dmg"$dmg_path"`
`55`	`105`
`56`	`106`	`# Notarize`
`57`	`107`	`xcrun notarytool store-credentials"notarytool-credentials" \`
`58`		`---apple-id"$APPLE_ID" \`
`59`		`---team-id"$APPLE_TEAM_ID" \`
`60`		`---password"$APPLE_ID_PASSWORD" \`
`61`		`---keychain"$KEYCHAIN_PATH"`
	`108`	`+ --apple-id"$APPLE_ID" \`
	`109`	`+ --team-id"$APPLE_TEAM_ID" \`
	`110`	`+ --password"$APPLE_ID_PASSWORD" \`
	`111`	`+ --keychain"$KEYCHAIN_PATH"`
`62`	`112`
`63`	`113`	`xcrun notarytool submit"$dmg_path" \`
`64`		`---keychain-profile"notarytool-credentials" \`
`65`		`---keychain"$KEYCHAIN_PATH" \`
`66`		`---wait`
	`114`	`+ --keychain-profile"notarytool-credentials" \`
	`115`	`+ --keychain"$KEYCHAIN_PATH" \`
	`116`	`+ --wait`
`67`	`117`
`68`	`118`	`# Staple the notarization to the app and dmg, so they work without internet`
`69`	`119`	`xcrun stapler staple"$dmg_path"`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3e07954

File tree

7 files changed

7 files changed

`‎.github/actions/nix-devshell/action.yaml`

`‎.github/dependabot.yaml`

`‎.github/workflows/ci.yml`

`‎.github/workflows/release.yml`

`‎Makefile`

`‎flake.nix`

`‎scripts/build.sh`

0 commit comments