Bobd/codesign mac (#6259)

Codengineer · web-flow · commit f248e982e521 · 2025-11-14T12:58:23.000-05:00
* Test macos code signing for binaries
* Adding dependency on signing job in pack
diff --git a/.yamato/com.unity.ml-agents-pack.yml b/.yamato/com.unity.ml-agents-pack.yml
@@ -1,3 +1,6 @@
+{% metadata_file .yamato/env.metafile -%}
+---
+
 pack:
   name: Pack
   agent:
@@ -21,3 +24,37 @@ pack:
         - "upm-ci~/packages/**/*"
   triggers:
     cancel_old_ci: true
+  dependencies:
+    - .yamato/com.unity.ml-agents-pack.yml#sign_macOS
+
+sign_macOS:
+  name: Sign MacOS Shared Libraries
+  agent:
+    type: Unity::VM::osx
+    image: package-ci/macos-13:v4
+    flavor: m1.mac
+  sources:
+    checkout_mode: sparse
+    files:
+      sparse_checkout_rules: .yamato/sparse-checkouts/upm-packages.txt
+  commands:
+    - brick_source: git@github.cds.internal.unity3d.com:unity/macos.cds.ci.code-signing.git@v1.2.2
+      variables:
+        CERTIFICATE_NAME: apple-developer-id-application-unity-technologies-sf
+    - command: |-
+        security unlock-keychain -p $UNITY_KEYCHAIN_PASSWORD /Users/$USER/Library/Keychains/login.keychain-db
+{% for package in packages -%}
+{% for shared_library in package.native_plugins.macOS -%}
+        codesign --force --verify --verbose --timestamp --sign $(<certificate_thumbprint.txt) "{{ shared_library.path }}"
+        codesign -d -vv "{{ shared_library.path }}"
+{% endfor -%}
+{% endfor -%}
+        security lock-keychain /Users/$USER/Library/Keychains/login.keychain-db
+  artifacts:
+{% for package in packages -%}
+{% for shared_library in package.native_plugins.macOS -%}
+    {{ shared_library.name }}:
+      paths:
+        - "{{ shared_library.path }}"
+{% endfor -%}
+{% endfor -%}
diff --git a/.yamato/env.metafile b/.yamato/env.metafile
@@ -0,0 +1,8 @@
+packages:
+  - name: com.unity.ml-agents
+    short_name: ml-agents
+    path: com.unity.ml-agents
+    native_plugins:
+      macOS:
+        - name: libgrpc_macOS
+          path: com.unity.ml-agents/Plugins/ProtoBuffer/runtimes/osx/native/libgrpc_csharp_ext.x64.bundle
diff --git a/.yamato/sparse-checkouts/upm-packages.txt b/.yamato/sparse-checkouts/upm-packages.txt
@@ -0,0 +1,3 @@
+.github
+.yamato
+com.unity.ml-agents
diff --git a/.yamato/wrench/package-pack-jobs.yml b/.yamato/wrench/package-pack-jobs.yml
@@ -21,6 +21,8 @@ package_pack_-_ml-agents:
     packages:
       paths:
       - upm-ci~/packages/**/*
+  dependencies:
+    - path: .yamato/com.unity.ml-agents-pack.yml#sign_macOS
   variables:
     UPMCI_ACK_LARGE_PACKAGE: 1
     UPMPVP_CONTEXT_WRENCH: 0.10.5.0

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+.github`
	`2`	`+.yamato`
	`3`	`+com.unity.ml-agents`