Skip to content

Add MacOS signing #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 9, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions .github/workflows/checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,6 @@ jobs:
rake_checks:
name: Rake Checks
runs-on: ubuntu-latest
strategy:
matrix:
check: [ 'rubocop', 'commits' ]
steps:
- name: Checkout current PR
uses: actions/checkout@v4
Expand All @@ -29,4 +26,4 @@ jobs:
run: |
gem update --system --silent --no-document
bundle install --jobs 4 --retry 3
- run: bundle exec rake ${{ matrix.check }} --trace
- run: bundle exec rake rubocop --trace
15 changes: 5 additions & 10 deletions configs/projects/openvox-agent.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,6 @@
metadata_uri = File.join(runtime_details['location'], "#{proj.settings[:puppet_runtime_basename]}.json")
proj.inherit_yaml_settings(settings_uri, sha1sum_uri, metadata_uri: metadata_uri)

if platform.is_macos?
proj.extra_file_to_sign File.join(proj.bindir, 'puppet')
proj.extra_file_to_sign File.join(proj.bindir, 'pxp-agent')
proj.extra_file_to_sign File.join(proj.bindir, 'wrapper.sh')
proj.signing_hostname 'osx-signer-prod-3.delivery.puppetlabs.net'
proj.signing_username 'jenkins'
proj.signing_command 'security -q unlock-keychain -p \$$OSX_SIGNING_KEYCHAIN_PW \$$OSX_SIGNING_KEYCHAIN; codesign --timestamp --keychain \$$OSX_SIGNING_KEYCHAIN -vfs \"\$$OSX_CODESIGNING_CERT\"'
end

if platform.is_fedora? || platform.name =~ /el-10/
proj.package_override("# Disable check-rpaths since /opt/* is not a valid path\n%global __brp_check_rpaths %{nil}")
proj.package_override("# Disable the removal of la files, they are still required\n%global __brp_remove_la_files %{nil}")
Expand Down Expand Up @@ -88,7 +79,11 @@
proj.setting(:service_conf, File.join(proj.install_root, 'service_conf'))

proj.description "The OpenVox Agent package contains all of the elements needed to run the agent, including ruby and facter."
proj.version_from_git
if ENV['OPENVOX_AGENT_VERSION']
proj.version ENV['OPENVOX_AGENT_VERSION']
else
proj.version_from_git
end
proj.write_version_file File.join(proj.prefix, 'VERSION')
proj.license "See components"
proj.vendor "Vox Pupuli <[email protected]>"
Expand Down
7 changes: 6 additions & 1 deletion tasks/build.rake
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,12 @@ namespace :vox do
engine = platform =~ /^(osx|windows)-/ ? 'local' : 'docker'
cmd = "bundle exec build #{project} #{platform} --engine #{engine}"

FileUtils.rm_rf('C:/ProgramFiles64Folder') if platform =~ /^windows-/
if platform =~ /^windows-/
FileUtils.rm_rf('C:/ProgramFiles64Folder')
else
FileUtils.rm_rf('/opt/puppetlabs')
FileUtils.rm_rf('/etc/puppetlabs')
end

run_command(cmd, silent: false, print_command: true, report_status: true)
end
Expand Down