darwin arm builds (#118)

fix build system to support Apple Silicon signed binaries
allcloud-io · Jul 30, 2021 · 3b28674 · 3b28674
1 parent 833baeb
commit 3b28674
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 80 deletions.
diff --git a/.github/workflow/upload_assets.yml b/.github/workflow/upload_assets.yml
diff --git a/.github/workflows/upload_assets.yml b/.github/workflows/upload_assets.yml
@@ -17,7 +17,7 @@ jobs:
       - name: build
         run: |
           echo "GO111MODULE=on" >> $GITHUB_ENV
-          make zip
+          make zip-only-unsigned
       - name: Upload release assets
         uses: skx/github-action-publish-binaries@master
         env:

diff --git a/.gitignore b/.gitignore
@@ -9,3 +9,4 @@ brewbot
 *.tar.gz
 steps_output.txt
 .vscode/
+bottle_output.txt
diff --git a/Makefile b/Makefile
@@ -18,6 +18,10 @@ test:
 darwin-amd64:
 	GOOS=darwin GOARCH=amd64 $(GOBUILD) -ldflags "-X main.version=$(VERSION)" -o $(BUILDPATH)/$(BINARY_NAME)-darwin-amd64 -v
 
+.PHONY: darwin-arm64
+darwin-arm64:
+	GOOS=darwin GOARCH=arm64 $(GOBUILD) -ldflags "-X main.version=$(VERSION)" -o $(BUILDPATH)/$(BINARY_NAME)-darwin-arm64 -v
+
 .PHONY: linux-386
 linux-386:
 	GOOS=linux GOARCH=386 $(GOBUILD) -ldflags "-X main.version=$(VERSION)" -o $(BUILDPATH)/$(BINARY_NAME)-linux-386 -v
@@ -34,28 +38,41 @@ windows-386:
 windows-amd64:
 	GOOS=windows GOARCH=amd64 $(GOBUILD) -ldflags "-X main.version=$(VERSION)" -o $(BUILDPATH)/$(BINARY_NAME)-windows-amd64.exe -v
 
+.PHONY: native
+native:
+	$(GOBUILD) -ldflags "-X main.version=$(VERSION)" -o $(BUILDPATH)/$(BINARY_NAME) -v
+
 .PHONY: all
-all: darwin-amd64 linux-386 linux-amd64 windows-386 windows-amd64
+all: darwin-amd64 darwin-arm64 linux-386 linux-amd64 windows-386 windows-amd64
 
 .PHONY: sign
-sign: darwin-amd64
+sign: darwin-amd64 darwin-arm64
 	# sign
-	gon -log-level=info ./gon.json
+	gon -log-level=info ./gon-arm64.json
+	gon -log-level=info ./gon-amd64.json
+
+.PHONY: zip-only-unsigned
+zip-only-unsigned: all
+	mkdir -p $(ASSETPATH)
+	cd $(BUILDPATH) && \
+	for i in `ls -1 $(BINARY_NAME)* | grep -v '.zip' | grep -v darwin`; do zip ../$(ASSETPATH)/$$i.zip $$i; done
+	cd $(ASSETPATH) && \
+	sha256sum *zip > SHASUMS256.txt
 
-.PHONY: zip
 zip: all sign
 	mkdir -p $(ASSETPATH)
 	cd $(BUILDPATH) && \
 	for i in `ls -1 $(BINARY_NAME)* | grep -v '.zip' | grep -v darwin`; do zip ../$(ASSETPATH)/$$i.zip $$i; done
 	cd $(ASSETPATH) && \
 	sha256sum *zip > SHASUMS256.txt
 
-.PHONY: unsigned-darwin-amd64-zip
-unsigned-darwin-amd64-zip: darwin-amd64
-	# used by brew if signing isn't setup
+.PHONY: unsigned-darwin-zip
+unsigned-darwin-zip: darwin-amd64 darwin-arm64
+	# use if signing isn't setup
 	mkdir -p $(ASSETPATH)
 	cd $(BUILDPATH) && \
-	zip ../$(ASSETPATH)/clisso-darwin-amd64.zip clisso-darwin-amd64
+	zip ../$(ASSETPATH)/clisso-darwin-amd64.zip clisso-darwin-amd64 && \
+	zip ../$(ASSETPATH)/clisso-darwin-arm64.zip clisso-darwin-arm64
 
 .PHONY: brew
 brew:

diff --git a/gon.json → gon-amd64.json b/gon.json → gon-amd64.json
diff --git a/gon-arm64.json b/gon-arm64.json
@@ -0,0 +1,15 @@
+{
+    "source": [
+        "./build/clisso-darwin-arm64"
+    ],
+    "bundle_id": "io.allcloud.clisso",
+    "apple_id": {
+        "password": "@keychain:AC_PASSWORD"
+    },
+    "sign": {
+        "application_identity": "5791D17F2B7A187DD559F87F7631BD8F934B4204"
+    },
+    "zip": {
+        "output_path": "./assets/clisso-darwin-arm64.zip"
+    }
+}
diff --git a/make_brew_release.sh b/make_brew_release.sh
@@ -30,6 +30,14 @@ function cleanup() {
 
 trap cleanup EXIT
 
+# download source and calc sha256
+SHA256=$(wget "https://github.com/allcloud-io/${BINARY_NAME}/archive/${VERSION}.tar.gz" -O source.tar.gz -o /dev/null && sha256sum source.tar.gz | awk '{ print $1 }' && rm -f source.tar.gz)
+
+# create signed zip files
+make sign
+SHA256_ZIP_DARWIN_AMD64=$(sha256sum "assets/${BINARY_NAME}-darwin-amd64.zip" | awk '{ print $1 }' )
+SHA256_ZIP_DARWIN_ARM64=$(sha256sum "assets/${BINARY_NAME}-darwin-arm64.zip" | awk '{ print $1 }' )
+
 # add tap in case it's missing
 brew tap allcloud-io/tools
 TAP_DIR=$(brew --repo allcloud-io/tools)
@@ -44,64 +52,21 @@ git pull
 
 # set the correct version
 sed "s:%VERSION%:${VERSION}:" "${BINARY_NAME}.rb.template" | sed "s:%BOTTLE%::" > "${BINARY_NAME}.rb"
-# and calc sha256
-SHA256=$(brew fetch "${BINARY_NAME}" --build-from-source 2>/dev/null | grep SHA256 | cut -d" " -f2 || true)
-
-if [[ $AC_USERNAME ]]; then
-  BUILD_TARGET=sign
-else
-  sed -i.bak '/mitchellh\/gon\/gon/d' "${BINARY_NAME}.rb.template"
-  BUILD_TARGET=unsigned-darwin-amd64-zip
-fi
 
 # replace version and sha256 placeholder in template
 sed "s:%VERSION%:${VERSION}:" "${BINARY_NAME}.rb.template" | \
 sed "s:%SOURCE_SHA%:${SHA256}:" | \
-sed "s:%AC_USERNAME%:$AC_USERNAME:" | \
-sed "s:%BUILD_TARGET%:$BUILD_TARGET:" > "${BINARY_NAME}.rb.bottle"
-
-# generate parts to be assembled later
-grep -B100 '%BOTTLE%' "${BINARY_NAME}.rb.bottle" | grep -v '%BOTTLE%' > "${BINARY_NAME}.rb.bottle.head"
-grep -A100 '%BOTTLE%' "${BINARY_NAME}.rb.bottle" | grep -v '%BOTTLE%' > "${BINARY_NAME}.rb.bottle.tail"
-
-# skip the bottle placeholder for now
-cat "${BINARY_NAME}.rb.bottle.head" "${BINARY_NAME}.rb.bottle.tail" > "${BINARY_NAME}.rb"
+sed "s:%BUILD_DARWIN_AMD64_SHA%:${SHA256_ZIP_DARWIN_AMD64}:" | \
+sed "s:%BUILD_DARWIN_ARM64_SHA%:${SHA256_ZIP_DARWIN_ARM64}:" > "${BINARY_NAME}.rb"
 
 # change back to original workdir
 cd "$SOURCE_DIR" || exit 1
 # build the bottle
 brew test-bot "allcloud-io/tools/${BINARY_NAME}"
 
-# create a tempfile
-TEMPFILE=$(mktemp)
-
-for json in *bottle.json; do
-  # extract the mac version the bottle was build for
-  MAC_VERSION=$(echo "$json" | cut -d. -f4);
-  # extract the sha256 of the bottle
-  SHA=$(jq ".\"allcloud-io/tools/${BINARY_NAME}\".bottle.tags.$MAC_VERSION.sha256" < "$json")
-  # get the local file name
-  LOCAL=$(jq -r ".\"allcloud-io/tools/${BINARY_NAME}\".bottle.tags.$MAC_VERSION.local_filename" < "$json")
-  # get the remote filename
-  REMOTE=$(jq -r ".\"allcloud-io/tools/${BINARY_NAME}\".bottle.tags.$MAC_VERSION.filename" < "$json")
-  # rename to the correct name
-  mv "$LOCAL" "$REMOTE"
-  # append to tempfile
-  echo "    sha256 $SHA => :$MAC_VERSION" >> "${TEMPFILE}"
-  rm "$json"
-done
-
-cd "$TAP_DIR" || exit 1
-
-# add all the bottles
-cat "${BINARY_NAME}.rb.bottle.head" "${TEMPFILE}" "${BINARY_NAME}.rb.bottle.tail" > "${BINARY_NAME}.rb"
-
 # commit to git and push to origin
 BRANCHNAME=auto/${BINARY_NAME}-${VERSION}
 git checkout -b "$BRANCHNAME" || git checkout "$BRANCHNAME"
-sed -i.bak '/ENV\["AC_USERNAME"\]/d' "${BINARY_NAME}.rb"
-sed -i.bak '/mitchellh\/gon\/gon/d' "${BINARY_NAME}.rb"
-sed -i.bak 's:"sign":"unsigned-darwin-amd64-zip":' "${BINARY_NAME}.rb"
 git add "${BINARY_NAME}.rb"
 git commit -m "Automatic commit of bottle build for version $VERSION of $BINARY_NAME."
 git push origin "$BRANCHNAME"