swisskyrepo
/
ashirt
mirror of https://github.com/swisskyrepo/ashirt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

JK Sign and Notarize (#76) 

* trying sign

* gon

* signing only on release tag

* fixing creds and upload

* including master

* testing conditions

Co-authored-by: John Kennedy <jkennedy@verizonmedia.com>
main
jkennedyvz 2021-02-23 16:48:39 -08:00 committed by GitHub
parent 9570561ee3
commit 6d59b332fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
.github/workflows/ci.yaml vendored
View File

@ -2,7 +2,7 @@ name: ci
on: on:
push: push:
branches: [ master ] branches: [ master, release-* ]
tags: tags:
'v*' 'v*'
pull_request: pull_request:
@ -22,7 +22,6 @@ jobs:
id: calc-short id: calc-short
run: echo "::set-output name=sha8::${GITHUB_SHA::8}" run: echo "::set-output name=sha8::${GITHUB_SHA::8}"
build: build:
name: Build name: Build
needs: [store-sha8] needs: [store-sha8]
@ -40,8 +39,8 @@ jobs:
with: with:
submodules: true submodules: true
- name: Build (mac) - name: Build PR (mac)
if: matrix.os == 'macos-latest' if: matrix.os == 'macos-latest' && !contains(github.ref, 'tags/v') && !contains(github.ref, 'refs/heads/master') && !contains(github.ref, 'refs/heads/release-')
run: | run: |
brew install qt brew install qt
export PATH="/usr/local/opt/qt/bin:$PATH" export PATH="/usr/local/opt/qt/bin:$PATH"
@ -50,10 +49,41 @@ jobs:
make make
macdeployqt ashirt.app -dmg macdeployqt ashirt.app -dmg
mkdir dist mkdir dist
cp -r ashirt.dmg dist/ cp ashirt.dmg dist/ashirt.dmg
cp LICENSE dist/LICENSE cp LICENSE dist/LICENSE
cp README.md dist/README.md cp README.md dist/README.md
- name: Import Code-Signing Certificates
if: matrix.os == 'macos-latest' && (contains(github.ref, 'tags/v') || contains(github.ref, 'refs/heads/master') || contains(github.ref, 'refs/heads/release-'))
uses: Apple-Actions/import-codesign-certs@v1
with:
p12-file-base64: ${{ secrets.MACOS_CERT }}
p12-password: ${{ secrets.MACOS_PASS }}
- name: Build and Sign Release (mac)
if: matrix.os == 'macos-latest' && (contains(github.ref, 'tags/v') || contains(github.ref, 'refs/heads/master') || contains(github.ref, 'refs/heads/release-'))
run: |
brew install qt
export PATH="/usr/local/opt/qt/bin:$PATH"
brew link -f qt
qmake -config release
make
macdeployqt ashirt.app -dmg -always-overwrite -sign-for-notarization="John Kennedy"
mkdir dist
cp ashirt.dmg dist/ashirt.dmg
cp LICENSE dist/LICENSE
cp README.md dist/README.md
- name: Install gon via HomeBrew and Notarize Release (mac)
if: matrix.os == 'macos-latest' && (contains(github.ref, 'tags/v') || contains(github.ref, 'refs/heads/master') || contains(github.ref, 'refs/heads/release-'))
env:
GON_CONF: ${{ secrets.GON_CONF }}
run: |
brew tap mitchellh/gon
brew install mitchellh/gon/gon
echo "$GON_CONF" | base64 -D -i - > notarize.json
gon notarize.json
- name: Archive production artifacts - name: Archive production artifacts
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:

1
ashirt.pro
View File

@ -134,6 +134,7 @@ include(tools/UGlobalHotkey/uglobalhotkey.pri)
macx { macx {
ICON = icons/ashirt.icns ICON = icons/ashirt.icns
QMAKE_TARGET_BUNDLE_PREFIX = com.theparanoids
} }
# Default rules for deployment. # Default rules for deployment.