|
|
|
|
@ -77,8 +77,77 @@ jobs:
|
|
|
|
|
~/Qt/Tools/CMake/CMake.app/Contents/bin/cmake --build . --target package
|
|
|
|
|
mkdir upload
|
|
|
|
|
cp gpt4all-installer-* upload
|
|
|
|
|
# persist the unsigned installer
|
|
|
|
|
- store_artifacts:
|
|
|
|
|
path: build/upload
|
|
|
|
|
# add workspace so signing jobs can connect & obtain dmg
|
|
|
|
|
- persist_to_workspace:
|
|
|
|
|
root: build
|
|
|
|
|
# specify path to only include components we want to persist
|
|
|
|
|
# accross builds
|
|
|
|
|
paths:
|
|
|
|
|
- upload
|
|
|
|
|
|
|
|
|
|
sign-offline-chat-installer-macos:
|
|
|
|
|
macos:
|
|
|
|
|
xcode: 14.0.0
|
|
|
|
|
steps:
|
|
|
|
|
- checkout
|
|
|
|
|
# attach to a workspace containing unsigned dmg
|
|
|
|
|
- attach_workspace:
|
|
|
|
|
at: build
|
|
|
|
|
- run:
|
|
|
|
|
name: "Setup Keychain"
|
|
|
|
|
command: |
|
|
|
|
|
base64 --decode \<<< $MAC_SIGNING_CERT > cert.p12
|
|
|
|
|
security create-keychain sign.keychain \<<< "$MAC_KEYCHAIN_KEY"
|
|
|
|
|
security default-keychain -s sign.keychain
|
|
|
|
|
security unlock-keychain sign.keychain \<<< "$MAC_KEYCHAIN_KEY"
|
|
|
|
|
security import cert.p12 -k sign.keychain -T /usr/bin/codesign \<<< "$MAC_SIGNING_CERT_PWD"
|
|
|
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MAC_KEYCHAIN_KEY" sign.keychain
|
|
|
|
|
rm cert.p12
|
|
|
|
|
- run:
|
|
|
|
|
name: "Sign App Bundle"
|
|
|
|
|
command: |
|
|
|
|
|
python3 ../gpt4all-chat/cmake/sign_dmg.py --input-dmg build/upload/gpt4all-installer-darwin.dmg --output-dmg build/upload/gpt4all-installer-darwin-signed.dmg --signing-identity "$MAC_SIGNING_CERT_NAME"
|
|
|
|
|
- run:
|
|
|
|
|
name: "Sign DMG"
|
|
|
|
|
command: |
|
|
|
|
|
codesign --options runtime --timestamp -s "$MAC_SIGNING_CERT_NAME" build/upload/gpt4all-installer-darwin-signed.dmg
|
|
|
|
|
|
|
|
|
|
notarize-offline-chat-installer-macos:
|
|
|
|
|
macos:
|
|
|
|
|
xcode: 14.0.0
|
|
|
|
|
steps:
|
|
|
|
|
- checkout
|
|
|
|
|
- attach_workspace:
|
|
|
|
|
at: build
|
|
|
|
|
- run:
|
|
|
|
|
name: "Setup Notarize Keychain"
|
|
|
|
|
command: |
|
|
|
|
|
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$MAC_NOTARIZATION_ID" --team-id "$MAC_NOTARIZATION_TID" --password "$MAC_NOTARIZATION_KEY"
|
|
|
|
|
- run:
|
|
|
|
|
name: "Notarize"
|
|
|
|
|
command: |
|
|
|
|
|
xcrun notarytool submit --apple-id "$MAC_NOTARIZATION_ID" --team-id "$MAC_NOTARIZATION_TID" --password "$MAC_NOTARIZATION_KEY" build/upload/gpt4all-installer-darwin-signed.dmg | tee notarize_log.txt
|
|
|
|
|
- run:
|
|
|
|
|
name: "Report Notarization Failure"
|
|
|
|
|
command: |
|
|
|
|
|
NID=`.circleci/grab_notary_id.py notarize_log.txt` && export NID
|
|
|
|
|
xcrun notarytool log $NID --keychain-profile "notary-profile"
|
|
|
|
|
exit 1
|
|
|
|
|
when: on_fail
|
|
|
|
|
- run:
|
|
|
|
|
name: "Rename and move"
|
|
|
|
|
command: |
|
|
|
|
|
mv build/upload/gpt4all-installer-darwin-signed.dmg build/upload-signed/gpt4all-installer-darwin-signed.dmg
|
|
|
|
|
- run:
|
|
|
|
|
name: "Staple"
|
|
|
|
|
command: |
|
|
|
|
|
xcrun stapler staple build/upload-signed/gpt4all-installer-darwin-signed.dmg
|
|
|
|
|
- store_artifacts:
|
|
|
|
|
path: build/upload-signed
|
|
|
|
|
|
|
|
|
|
build-offline-chat-installer-linux:
|
|
|
|
|
machine:
|
|
|
|
|
image: ubuntu-2204:2023.04.2
|
|
|
|
|
@ -1022,6 +1091,12 @@ workflows:
|
|
|
|
|
- build-offline-chat-installer-macos:
|
|
|
|
|
requires:
|
|
|
|
|
- hold
|
|
|
|
|
- sign-offline-chat-installer-macos:
|
|
|
|
|
requires:
|
|
|
|
|
- build-offline-chat-installer-macos
|
|
|
|
|
- notarize-offline-chat-installer-macos:
|
|
|
|
|
requires:
|
|
|
|
|
- sign-offline-chat-installer-macos
|
|
|
|
|
- build-offline-chat-installer-windows:
|
|
|
|
|
requires:
|
|
|
|
|
- hold
|
|
|
|
|
|
John Parent
4 weeks ago