File tree Expand file tree Collapse file tree 2 files changed +56
-0
lines changed Expand file tree Collapse file tree 2 files changed +56
-0
lines changed Original file line number Diff line number Diff line change @@ -399,6 +399,31 @@ jobs:
399399 run : |
400400 make codesign CODE_SIGN=true DEVELOPER_ID="${{ secrets.DEVELOPER_ID }}"
401401
402+ name : Install Quill for notarization
403+ if : runner.os == 'macOS'
404+ run : |
405+ curl -sSfL https://raw.githubusercontent.com/anchore/quill/main/install.sh | sh -s -- -b /usr/local/bin
406+ quill --version
407+
408+ name : Prepare notary key
409+ if : runner.os == 'macOS'
410+ run : |
411+ base64 -d <<< "$NOTARIZE_P8_BASE64" > /tmp/notary-key.p8
412+ chmod 600 /tmp/notary-key.p8
413+ env :
414+ NOTARIZE_P8_BASE64 : ${{ secrets.NOTARIZE_P8_BASE64 }}
415+
416+ - name : Notarize macOS binaries
417+ if : runner.os == 'macOS'
418+ run : |
419+ make notarize NOTARIZE=true QUILL_NOTARY_KEY_ID="${{ secrets.NOTARY_KEY_ID }}" QUILL_NOTARY_ISSUER="${{ secrets.NOTARY_ISSUER }}" QUILL_NOTARY_KEY="/tmp/notary-key.p8"
420+
421+ name : Cleanup notary key
422+ if : runner.os == 'macOS'
423+ run : |
424+ rm -f /tmp/notary-key.p8
425+ echo "Notary key cleaned up"
426+
402427name : Code Signing Windows
403428 if : runner.os == 'Windows'
404429 shell : cmd
Original file line number Diff line number Diff line change @@ -11,6 +11,10 @@ AZURE_TENANT_ID ?= xxxx
1111AZURE_CLIENT_SECRET ?= xxxx
1212AZURE_CERT_NAME ?= xxxx
1313DEVELOPER_ID ?= xxxx
14+ NOTARIZE ?= false
15+ QUILL_NOTARY_KEY_ID ?= ""
16+ QUILL_NOTARY_ISSUER ?= ""
17+ QUILL_NOTARY_KEY ?= "/tmp/notary-key.p8"
1418
1519# Default target, does nothing
1620all :
4549 find "build/bin" -type f -exec codesign --force -s "$(DEVELOPER_ID)" --options=runtime {} \;
4650endif
4751
52+ notarize :
53+ ifeq ($(NOTARIZE ) ,false)
54+ @echo "Skipping Notarization"
55+ @exit 0
56+ endif
57+
58+ ifeq ($(OS ) ,Windows_NT)
59+ @echo "Skipping Notarization for Windows"
60+ @exit 0
61+ else ifeq ($(shell uname -s),Linux)
62+ @echo "Skipping Notarization for Linux"
63+ @exit 0
64+ else
65+ @echo "Starting notarization for macOS binaries..."
66+ @find build/bin -type f -exec | while read binary; do \
67+ echo "Notarizing $$(basename $$binary)..."; \
68+ quill notarize "$$binary"; \
69+ if [ $$? -eq 0 ]; then \
70+ echo "Successfully notarized $$(basename $$binary)"; \
71+ else \
72+ echo Failed to notarize $$(basename $$binary)"; \
73+ exit 1; \
74+ fi; \
75+ done
76+ @echo "All macOS binaries notarized successfully"
77+ endif
78+
4879package :
4980ifeq ($(OS ) ,Windows_NT)
5081 @powershell -Command "7z a -ttar temp.tar build\bin\*; 7z a -tgzip llama.tar.gz temp.tar;"
You can’t perform that action at this time.
0 commit comments