feat: initial

Author: ViRb3

.github/dependabot.yml

@@ -0,0 +1,25 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "fix"
+      include: "scope"

.github/workflows/release.yml

@@ -0,0 +1,29 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  binaries:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.API_GITHUB_TOKEN }}
+
+      - name: Setup Go environment
+        uses: actions/[email protected]
+        with:
+          go-version: "1.16"
+
+      - name: Binaries Release
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: ~> 0.159
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.API_GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -0,0 +1,38 @@
+name: Test
+
+on:
+  push:
+    branches: [master, develop]
+  pull_request:
+    branches: [master, develop]
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout with token
+        if: github.event_name != 'pull_request'
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.API_GITHUB_TOKEN }}
+
+      - name: Checkout without token
+        if: github.event_name == 'pull_request'
+        uses: actions/checkout@v2
+
+      - name: Setup Go environment
+        uses: actions/[email protected]
+        with:
+          go-version: "1.16"
+
+      - name: Program Test
+        run: go test ./...
+
+      - name: Version
+        if: github.event_name != 'pull_request'
+        uses: cycjimmy/[email protected]
+        with:
+          semantic_version: 17.4
+        env:
+          GITHUB_TOKEN: ${{ secrets.API_GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,123 @@
+
+# Created by https://www.toptal.com/developers/gitignore/api/go,intellij+all,vscode
+# Edit at https://www.toptal.com/developers/gitignore?templates=go,intellij+all,vscode
+
+### Go ###
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+### Go Patch ###
+/vendor/
+/Godeps/
+
+### Intellij+all ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### Intellij+all Patch ###
+# Ignores the whole .idea folder and all .iml files
+# See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360
+
+.idea/
+
+# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
+
+*.iml
+modules.xml
+.idea/misc.xml
+*.ipr
+
+# Sonarlint plugin
+.idea/sonarlint
+
+### vscode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+# End of https://www.toptal.com/developers/gitignore/api/go,intellij+all,vscode

.goreleaser.yml

@@ -0,0 +1,22 @@
+before:
+builds:
+  - env:
+      - CGO_ENABLED=0
+    ldflags:
+      - -s -w
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - 386
+      - amd64
+      - arm
+      - arm64
+    goarm:
+      - 6
+      - 7
+archives:
+  - format: binary
+checksum:
+  name_template: "checksums.txt"

.releaserc.json

@@ -0,0 +1,22 @@
+{
+  "branches": [
+    {
+      "name": "master"
+    },
+    {
+      "name": "develop",
+      "prerelease": true
+    }
+  ],
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/github",
+      {
+        "successComment": false,
+        "failComment": false
+      }
+    ]
+  ]
+}

README.md

@@ -0,0 +1,63 @@
+# iOS Signer Builder
+
+This is a free and simple builder server for [ios-signer-service](https://github.com/SignTools/ios-signer-service). This project is the self-hosted alternative of [ios-signer-ci](https://github.com/SignTools/ios-signer-ci) - instead of using a Continuous Integration (CI) provider, this server turns one of your very own Macs into a builder used to pull, sign, and upload any iOS apps to your `ios-signer-service`.
+
+You only need to configure one builder. If you already configured a CI provider as your builder, you don't need to do anything here. This project is aimed at people who want to have a self-hosted builder.
+
+## Setup
+
+All the steps should be performed on your builder Mac.
+
+1. Install the following dependencies:
+   - [Xcode](https://developer.apple.com/xcode/)
+   - curl
+   - p7zip (optional, but recommended)
+2. Download the correct [binary release](https://github.com/SignTools/ios-signer-builder/releases)
+3. Make the binary executable by running: `chmod +x ios-signer-builder`. Replace the name with the file that you just downloaded
+4. Download the archive of `ios-signer-ci` and extract it in the same folder as the binary from the previous step. These will be your **signing files**. The whole step can be accomplished with the following commands:
+   ```bash
+   curl -sL https://github.com/SignTools/ios-signer-ci/archive/master.zip -o master.zip
+   unzip master.zip
+   rm master.zip
+   ```
+
+Important:
+
+> :warning: **Remember to update the signing files from above every time that you update the signing service. Otherwise you may experience random issues.**
+
+This server requires the use of an authentication key so that only the web service can control your builder. However, there is no built-in support for HTTPS or any other form of encryption. Therefore:
+
+> :warning: **Anybody with access to the builder's network can potentially manipulate the builder to execute any code that they want on your machine.**
+
+To prevent this, only deploy this server in a trusted environment, or even better, wrap the server in HTTPS yourself using a reverse proxy like nginx.
+
+The authentication key has to be at least 8 characters long. Note it down - you will need to put it in your `ios-signer-service`'s configuration file later on.
+
+## Running
+
+When starting the server, you will want to use the same auth key and signing files from above and pass them as arguments:
+
+```bash
+./ios-signer-builder -key "SOME_SECRET_KEY" -files "ios-signer-ci-master"
+```
+
+The first time you run the server, you will have to [allow](https://www.macworld.co.uk/how-to/mac-app-unidentified-developer-3669596/) the unrecognized binary to run on your machine. After that it will run with no interruptions.
+
+Additionally, the first time you attempt to sign an app using a developer account, macOS will ask you to grant permission for UI automation. You need to grant this permission or signing can't work. The prompt may break the current signing process, so just re-upload the app on the web service once more - it will work the next time.
+
+For reference, these all of the arguments that will be used:
+
+```bash
+  -files string
+    	Path to directory whose files will be included in each sign job. Should at least contain a signer script 'sign.sh'
+  -host string
+    	Listen host, empty for all
+  -key string
+    	Auth key the web service must use to talk to this server
+  -port uint
+    	Listen port (default 8090)
+  -timeout uint
+    	Job timeout in minutes (default 15)
+```
+
+You can always print them by running with `-help`.

go.mod

@@ -0,0 +1,11 @@
+module ios-signer-builder
+
+go 1.16
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/google/uuid v1.2.0
+	github.com/labstack/echo/v4 v4.2.1
+	github.com/otiai10/copy v1.5.0 // indirect
+	github.com/pkg/errors v0.9.1
+)