Merge pull request #1159 from mesosphere/mh/bump-goreleaser

fix: add macos binary notarization
mesosphere · Aug 25, 2024 · b2f7597 · b2f7597
2 parents 820b2e6 + eb69896
commit b2f7597
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 6 deletions.
diff --git a/.github/workflows/release-kib.yaml b/.github/workflows/release-kib.yaml
@@ -7,14 +7,14 @@ on:
   workflow_dispatch:
   push:
     tags:
-      - 'v*'
+      - "v*"
 
 name: Release konvoy-image-builder
 jobs:
   release-to-github:
     runs-on:
-    - self-hosted
-    - small
+      - self-hosted
+      - small
     steps:
       - uses: actions/checkout@v4
         with:
@@ -24,11 +24,11 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version-file: 'go.mod'
+          go-version-file: "go.mod"
           cache: true
 
       - name: Download GoReleaser
-        run: go install github.com/goreleaser/goreleaser@v1.15.2
+        run: go install github.com/goreleaser/goreleaser/v2@v2.2.0
 
       - name: Docker Login
         uses: docker/login-action@v3
@@ -45,6 +45,13 @@ jobs:
         env:
           DOCKER_CLI_EXPERIMENTAL: "enabled"
           GITHUB_TOKEN: ${{ secrets.MESOSPHERECI_USER_TOKEN }}
+          # notarize options
+          NOTARIZE_DARWIN_BINARY: "true"
+          MACOS_SIGN_P12: "${{ secrets.NCN_APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}"
+          MACOS_SIGN_PASSWORD: "${{ secrets.NCN_APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}"
+          MACOS_NOTARY_ISSUER_ID: "${{ secrets.NCN_APPSTORECONNECT_ISSUER_ID }}"
+          MACOS_NOTARY_KEY_ID: "${{ secrets.NCN_APPSTORECONNECT_KEY_ID }}"
+          MACOS_NOTARY_KEY: "${{ secrets.NCN_APPSTORECONNECT_PRIVATE_KEY }}"
 
   bump-kib:
     runs-on: ubuntu-22.04

diff --git a/.goreleaser-podman-e2e.yml b/.goreleaser-podman-e2e.yml
@@ -1,4 +1,5 @@
 ---
+version: 2
 before:
   hooks:
     - go mod download

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -1,12 +1,13 @@
 ---
+version: 2
 before:
   hooks:
     - go mod download
     - go mod tidy
 
 # NOTE(jkoelker) the changelog is managed by `release-please`
 changelog:
-  skip: true
+  disable: true
 
 builds:
   - main: ./cmd/konvoy-image/main.go
@@ -94,3 +95,20 @@ release:
   prerelease: auto
   ids:
     - konvoy-image-bundle
+
+notarize:
+  macos:
+    - enabled: '{{ isEnvSet "NOTARIZE_DARWIN_BINARY"}}'
+      ids:
+        - konvoy-image
+        - konvoy-image-wrapper
+      sign:
+        certificate: "{{.Env.MACOS_SIGN_P12}}"
+        password: "{{.Env.MACOS_SIGN_PASSWORD}}"
+
+      notarize:
+        issuer_id: "{{.Env.MACOS_NOTARY_ISSUER_ID}}"
+        key_id: "{{.Env.MACOS_NOTARY_KEY_ID}}"
+        key: "{{.Env.MACOS_NOTARY_KEY}}"
+        wait: true
+        timeout: 20m