ci(signingscript): PR changes + Prevent mixed formats

Removed noop sign sign in tasks.py since we don't allow for mixed formats anymore

Author: hneiva

signingscript/src/signingscript/script.py

@@ -45,11 +45,16 @@ async def async_main(context):
         context.session = session
         context.autograph_configs = load_autograph_configs(context.config["autograph_configs"])
 
+        # TODO: Make task.sign take in the whole filelist_dict and return a dict of output files.
+        #       That would likely mean changing all behaviors to accept and deal with multiple files at once.
+
         filelist_dict = build_filelist_dict(context)
         for path, path_dict in filelist_dict.items():
             if path_dict["formats"] == ["apple_notarization_stacked"]:
                 # Skip if only format is notarization_stacked - handled below
                 continue
+            if "apple_notarization_stacked" in path_dict["formats"]:
+                continue
             copy_to_dir(path_dict["full_path"], context.config["work_dir"], target=path)
             log.info("signing %s", path)
             output_files = await sign(context, os.path.join(work_dir, path), path_dict["formats"], authenticode_comment=path_dict.get("comment"))

signingscript/src/signingscript/sign.py

@@ -1601,7 +1601,11 @@ async def _notarize_geckodriver(context, path, workdir):
 
 
 async def _notarize_all(context, path, workdir):
-    """Notarizes all files in a tarball"""
+    """
+    Notarizes all files in a tarball
+
+    @Deprecated: This function is deprecated and will be removed in the future. Use apple_notarize_stacked instead.
+    """
     _, extension = os.path.splitext(path)
     # Attempt extracting
     await _extract_tarfile(context, path, extension, tmp_dir=workdir)
@@ -1631,6 +1635,8 @@ async def _notarize_all(context, path, workdir):
 async def apple_notarize(context, path, *args, **kwargs):
     """
     Notarizes given package(s) using rcodesign.
+
+    @Deprecated: This function is deprecated and will be removed in the future. Use apple_notarize_stacked instead.
     """
     # Setup workdir
     notarization_workdir = os.path.join(context.config["work_dir"], "apple_notarize")
@@ -1707,6 +1713,7 @@ async def apple_notarize_stacked(context, filelist_dict):
             retry_exceptions=RCodesignError,
         )
 
+    # Staple files
     for path in submissions_map.keys():
         await retry_async(
             func=rcodesign_staple,
@@ -1715,13 +1722,14 @@ async def apple_notarize_stacked(context, filelist_dict):
             retry_exceptions=RCodesignError,
         )
 
-    # Staple + create tarball where necessary
+    # Wrap up
     stapled_files = []
     for relpath, path_dict in filelist_dict.items():
         task_index = relpath_index_map[relpath]
         notarization_workdir = os.path.join(context.config["work_dir"], f"apple_notarize-{task_index}")
         target_path = os.path.join(context.config["work_dir"], relpath)
         _, extension = os.path.splitext(relpath)
+        # Pkgs don't need to be tarred
         if extension == ".pkg":
             utils.copy_to_dir(os.path.join(notarization_workdir, relpath), os.path.dirname(target_path))
         else:

signingscript/src/signingscript/task.py

@@ -35,9 +35,6 @@
 log = logging.getLogger(__name__)
 
 
-async def noop_sign(*args, **kwargs):
-    return []
-
 FORMAT_TO_SIGNING_FUNCTION = immutabledict(
     {
         "autograph_hash_only_mar384": sign_mar384_with_autograph_hash,
@@ -63,7 +60,6 @@ async def noop_sign(*args, **kwargs):
         "apple_notarization_geckodriver": apple_notarize_geckodriver,
         # This format is handled in script.py
         # "apple_notarization_stacked": apple_notarize_stacked,
-        "apple_notarization_stacked": noop_sign,
         "default": sign_file,
     }
 )