- Notifications
You must be signed in to change notification settings - Fork62
Sign macOS build#323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Merged
Sign macOS build#323
+13 −12
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
14b77dc to8cec3f7CompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.
edvilme commentedFeb 5, 2025
Uh oh!
There was an error while loading.Please reload this page.
edvilme commentedFeb 5, 2025
Uh oh!
There was an error while loading.Please reload this page.
edvilme commentedFeb 5, 2025
Uh oh!
There was an error while loading.Please reload this page.
edvilme commentedFeb 5, 2025
Uh oh!
There was an error while loading.Please reload this page.
8a3c16d tocd0cf3dCompare@edvilme FYI, newer versions of arcade do support mac signing and notarization via microbuild. No need need to use AzDO tasks. That said, performance is somewhat dependent on the number of files signed, at least for the next month or so. A low number (< 10) will be fine. Beyond that, the scaling of Microbuild is poor on Mac/Linux right now. |
This repo is tiny, so number of files shouldn't be an issue. This might be a good direction if it isn't hard. (If this already works, I wouldn't put too much time into it, though.) |
MiYanni approved these changesFeb 6, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Changes generally look good. Keep in mind, I don't know this repo or its CI. I'd just check with Chet about the zip vs tar.gz thing.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
ContributorAuthor
edvilme commentedFeb 7, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
@Forgind@MiYanni the first commit contains changes made to make signing under 1ES and confirmed it worked. However that is no longer the case after updating arcade. The second commit is work in progress to testing signing with arcade instead. I would like to investigate the arcade issue on main first before continuing testing :) See#328 |
6a8eb0f todefa237Compare3045564 to359b843CompareThis PR was rewritten but is now generating valid signed binaries for macOS using microbuild |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
Files not reviewed (1)
- eng/Signing.props: Language not supported
joeloff approved these changesFeb 18, 2025
480f19f to7206567Compare06d1e0e intomain 8 checks passed
Uh oh!
There was an error while loading.Please reload this page.
edvilme added a commit that referenced this pull requestApr 4, 2025
commit2011e55Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Thu Apr 3 10:02:00 2025 -0700 Windows: Remove version from .msi (#384)commitcfc4641Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Thu Apr 3 10:01:48 2025 -0700 Mac: Add rid to tar.gz artifacts (#383)commit6f834e0Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Mon Mar 31 17:08:40 2025 -0700 CI check signatures (#382) * Fix signing on Windows and macOS * Added signing verification steps to CIcommit7ea9cf1Author: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date: Sat Mar 29 10:55:39 2025 -0700 [main] Update dependencies from dotnet/arcade (#375)commitedff54cAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Thu Mar 27 10:53:37 2025 -0700 Update options (#380) * dry-run: Add option --preserve-vs-for-mac-sdks * Do not hide --version * Add version description stringcommitb4be6e6Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Mon Mar 24 15:37:22 2025 -0700 Update help text (#376) Update help text --------- Co-authored-by: Noah Gilson <OTAKUPENGUINOP@GMAIL.COM>commit9fba2f3Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Mon Mar 24 13:28:21 2025 -0700 Windows: Detect arm64 correctly (#370)commit289b92fAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Thu Mar 20 11:06:51 2025 -0700 Update ci workflow (#372)commit13d1cf7Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Wed Mar 19 14:35:24 2025 -0700 macOS: Fix corrupted binary (#346) Add entitlements.plistcommit4da3500Author: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date: Wed Mar 19 13:50:00 2025 -0700 Update dependencies fromhttps://github.com/dotnet/arcade build 20250314.6 (#343) Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.25157.1 -> To Version 10.0.0-beta.25164.6 Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>commit882aff1Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Fri Mar 14 13:42:02 2025 -0700 Require enter on user input (#340)commit24bea7dAuthor: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date: Thu Mar 13 08:51:54 2025 -0700 Update dependencies fromhttps://github.com/dotnet/arcade build 20250307.1 (#336) Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.25126.4 -> To Version 10.0.0-beta.25157.1 Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>commite72b91fAuthor: Marc Paine <marcpop@microsoft.com>Date: Thu Mar 13 08:51:43 2025 -0700 Update to AwesomeAssertions (#337) * Update to AwesomeAssertions Update the addreportable call * Remove unused using directivecommit03c8952Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Wed Mar 5 12:18:25 2025 -0600 Remove Visual Studio macOS checks (#318) * Remove checks for VSfM * Add --preserve-mac-vs-sdks flag * Update testscommitb648857Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Tue Mar 4 16:55:10 2025 -0600 Update CLI options and help text (#335) * Add target argument * Add TARGET argument * Add not for list by now * Update LocalizableStrings * Update --all description * Remove target from options (?) * Restore xlf translation * Show bundle types in <TARGET> argument * Update help link format * Restore CommandLine Arguments * Add --arm64 option * Fix archSelection.HasFlagcommit9823503Author: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date: Mon Mar 3 11:36:05 2025 -0800 [main] Update dependencies from dotnet/arcade (#327) * Update dependencies fromhttps://github.com/dotnet/arcade build 20250206.4 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25106.4 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250213.2 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25113.2 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250220.6 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25120.6 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250225.2 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25125.2 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250226.4 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.25080.7 -> To Version 10.0.0-beta.25126.4 --------- Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>commitea26b97Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Mon Mar 3 12:31:19 2025 -0600 Remove System.Reflection.Metadata (#334)commit275578eAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Mon Mar 3 11:41:07 2025 -0600 Remove Microsoft.Win32.Registry package (#333)commit2ac5028Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Fri Feb 28 13:14:49 2025 -0600 Small refactorings (#331)commit2393ca9Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Tue Feb 25 16:51:31 2025 -0600 Hide .xlf files in PRs (#330)commit62b46a0Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Tue Feb 25 13:58:14 2025 -0600 Fix Windows Signing (#329) Add CreateLightCommandPackageDrop to generate wixpack.zip and signcommit06d1e0eAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Tue Feb 18 12:33:11 2025 -0600 Sign macOS build (#323) * Sign on Mac * Fix typo on ArtifactName * Add TeamName variable * Add certificatename to binary * Update binary path * Update build command to include signing * Typos * Globb files to sign * Add proper certificate * Add proper certificate * MacDeveloperHarden * Add files separately * Change flags * Update certificate name * Update build parameters * Update cert namecommit85f5414Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Mon Feb 10 09:01:45 2025 -0800 Remove unused signing target Add files to ItemsToSign Sign .msi file too Update `ItemsToSign` Update certificate name UseDotNetCertificate Add .msi certificatenamecommit8c89301Author: MerlinBot <MerlinBot>Date: Fri Feb 7 21:44:29 2025 +0000 This pull request includes baselines **with an expiration date of 180 days from now** automatically generated for your 1ES PT-based pipelines. Complete this pull request as soon as possible to make sure that your pipeline becomes compliant. Longer delays in completing this PR can trigger additional emails or S360 alerts in the future. 1ES PT Auto-baselining feature helps capture existing violations in your repo and ensures to break your pipeline only for newly introduced SDL violations after baselining. Running SDL tools in break mode is required for your pipeline to be compliant. Go tohttps://aka.ms/1espt-autobaselining for more details. **Please do not Abandon this PR.** Please reach out to 1ES PT for support. More details:https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/supportcommit6a94223Author: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com>Date: Wed Feb 5 14:33:46 2025 -0800 [main] Update dependencies from dotnet/arcade (#316) * Update dependencies fromhttps://github.com/dotnet/arcade build 20241222.1 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.24622.1 * Update dependencies fromhttps://github.com/dotnet/arcade build 20241226.1 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.24626.1 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250103.3 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25053.3 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250106.1 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25056.1 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250111.1 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25061.1 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250117.3 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25067.3 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250126.1 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25076.1 * Update dependencies fromhttps://github.com/dotnet/arcade build 20250130.7 Microsoft.DotNet.Arcade.Sdk From Version 10.0.0-beta.24504.4 -> To Version 10.0.0-beta.25080.7 --------- Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>commit0cc67a3Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Mon Feb 3 17:51:20 2025 -0600 Refactor macOS build pipeline (#325) Use matrix strategy to avoid repeating codecommit11995adAuthor: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Fri Jan 31 11:43:31 2025 -0600 macOS: Support building on Apple Silicon (#322) Update solution file, project file and ci/cd to support building for osx-arm64commitaa40644Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Wed Jan 29 17:54:52 2025 -0600 GetBundleVersion: Parse versions correctly to avoid duplicates or incomplete versions (#324)commit288db58Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Mon Jan 27 15:08:07 2025 -0600 Identify macOS runtimes correctly (#321)commit802fef7Author: Eduardo Villalpando Mello <eduardov@microsoft.com>Date: Fri Jan 24 18:40:01 2025 -0600 macOS: Show correct arm64 architecture (#320)
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Fixes#300
Uses 1ESPipelineTemplates EsrpCodesigning task to sign macOS builds.
Successfully generates signed binary artifacts for both x64 and arm64 on Mac.
See below output of
codesign -dvon a M1 Mac.