Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: sign apple binaries #400

Closed
wants to merge 4 commits into from
Closed

chore: sign apple binaries #400

wants to merge 4 commits into from

Conversation

alejandroEsc
Copy link
Contributor

What problem does this PR solve?:
Allows having to sign darwin images.

Which issue(s) does this PR fix?:

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

@alejandroEsc alejandroEsc self-assigned this Jun 30, 2022
@alejandroEsc alejandroEsc changed the title chore: sign apply binaries chore: sign apple binaries Jun 30, 2022
@alejandroEsc alejandroEsc requested a review from supershal June 30, 2022 15:13
@github-actions
Copy link
Contributor

github-actions bot commented Jun 30, 2022
edited
Loading

File Coverage
All files 16%
pkg/ansible/runner.go 0%
pkg/app/artifacts.go 0%
pkg/app/build.go 1%
pkg/app/build_azure.go 0%
pkg/app/build_gcp.go 0%
pkg/app/config.go 47%
pkg/app/errors.go 0%
pkg/app/provision.go 0%
pkg/app/root.go 0%
pkg/app/validate.go 0%
pkg/appansible/io.go 0%
pkg/appansible/playbook.go 0%
pkg/azure/azure.go 0%
pkg/logging/logger.go 0%
pkg/packer/manifest.go 0%
pkg/packer/packer.go 0%
pkg/stringutil/rand.go 0%
pkg/version/info.go 8%

Minimum allowed coverage is 75%

Generated by 🐒 cobertura-action against 9d8254c

faiq
faiq reviewed Jul 1, 2022
View reviewed changes
.github/workflows/sign-darwin.yml
required: false
type: string

jobs:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's move this whole thing to release-main.yaml

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this requires inputs to work, we can and maybe should call these on another workflow like that found in the release-main process. At least that was my hope. Here at least this allows us a repeatable mechanism to get this to work.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inputs can be populated by the release-please task outputs the bump-kib job does this.

Keeping this here while it's draft is fine, but I really want to see it in the other file as another workflow.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure thing. There were some difficulties in the release job process itself that kept me from moving forward to that approach, it has been a while but I tried to communicate my frustration with that approach.

@supershal
Copy link
Collaborator

Closing the ticket as per discussion. The notarizing mac binary in github public repo is not secure enough as it may expose apple credentials. Once we finalize the approach, we can revisit this PR

@supershal supershal closed this Jul 6, 2022
@faiq
Copy link
Collaborator

faiq commented Jul 7, 2022

When doing this we need to be sure to clean up

Apple-Actions/import-codesign-certs#8 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@faiq faiq faiq left review comments

@supershal supershal Awaiting requested review from supershal

Assignees

@alejandroEsc alejandroEsc

Labels
ignore-for-release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alejandroEsc @supershal @faiq