Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code Signing? #53

Open
martinheidegger opened this issue Jun 29, 2021 · 7 comments
Open

Code Signing? #53

martinheidegger opened this issue Jun 29, 2021 · 7 comments

Comments

@martinheidegger
Copy link

How could code-signing be added to the ci process? Particularly for macOS code signing is relevant.

@wangyoucao577
Copy link
Owner

What kind of code signing? How's it work generally?

@wangyoucao577
Copy link
Owner

Thanks for the information! It seems that mostly the code signing is useful on macOS to avoid the warning, right?
After some search, I saw that the Build, notarize, and sign Golang binaries for MacOS with GitHub Actions shows a very good example. It uses mitchellh/gon to sign mac apps.

To have a try, it requires below steps:

  • prepare your key
  • seperate the go-release-action for macos since it needs to sign the app
    • use pre_command to install mitchellh/gon
    • use post_command to sign the executable binary via mitchellh/gon: it's not exist right now, I can create a branch to add it if you'd like to have a try.

Please let me know if any thoughts. Thanks!

@martinheidegger
Copy link
Author

On macOS the warning is intense, but code signing is also, to a smaller degree, relevant on Windows if i remember right. I would definitely try you branch. About the API//workflow though: wouldn't it be easier to have an optional setting for gon config that runs gon internally if the task is running on macos?

@wangyoucao577
Copy link
Owner

Please have a try with wangyoucao577/go-release-action@feature/code-signing which has added post_command already.

The task will never run on macos, even though build binary that target to macos, the running os is debian.
I agree that it will be easier to use if integrate something like gon in the go-release-action internal. But firstly I think it's better to achieve the functionality, and try to figure out some unified way to solve the problems on all platforms. Then I'll be happy to integrate it in internal.

@wangyoucao577
Copy link
Owner

I checked out the https://github.com/mitchellh/gon and recognized that it can't be achieved currently since the tool depends on Apple Xcode and has to run on macosx, by contrast this actions runs debian inside. We need to figure out new idea.

@afreeland
Copy link

Curious if anyone found a good solution? The dialog is pretty scary would be awesome to find a way to easily sign an executable for macOS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants