From faf746748e4416f81c99e048ecfee754d135fb9e Mon Sep 17 00:00:00 2001 From: Bernd Ahlers Date: Fri, 17 Feb 2023 12:13:43 +0100 Subject: [PATCH] Sign Windows binary (#37) --- Makefile | 6 ++++++ jenkins.groovy | 46 ++++++++++++++++++++++++++++++++++++---------- 2 files changed, 42 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index a40f7de..b796128 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,12 @@ build-darwin-arm64: build-windows-amd64: GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build $(BUILD_OPTS) -o $(BIN_WINDOWS_AMD64) main.go +sign-binaries: sign-binary-windows-amd64 + # This needs to run in a Docker container with the graylog/internal-codesigntool image + codesigntool sign $(BIN_WINDOWS_AMD64) + +sign-binary-windows-amd64: + install: install-linux install-darwin-amd64 install-darwin-amd64: build-darwin-amd64 diff --git a/jenkins.groovy b/jenkins.groovy index 21cdab1..de719e6 100644 --- a/jenkins.groovy +++ b/jenkins.groovy @@ -29,17 +29,35 @@ pipeline sh "make" } + } + + stage('Sign Windows Binaries') + { + agent + { + docker + { + image 'graylog/internal-codesigntool:latest' + args '-u jenkins:jenkins' + registryCredentialsId 'docker-hub' + alwaysPull true + reuseNode true + } + } + + environment + { + CODESIGN_USER = credentials('codesign-user') + CODESIGN_PASS = credentials('codesign-pass') + CODESIGN_TOTP_SECRET = credentials('codesign-totp-secret') + CODESIGN_CREDENTIAL_ID = credentials('codesign-credential-id') + } + + steps + { + sh 'make sign-binaries' + } - post - { - success - { - archiveArtifacts '*.linux' - archiveArtifacts '*.darwin-amd64' - archiveArtifacts '*.darwin-arm64' - archiveArtifacts '*.exe' - } - } } stage('Release') @@ -76,6 +94,14 @@ pipeline post { + success + { + archiveArtifacts '*.linux' + archiveArtifacts '*.darwin-amd64' + archiveArtifacts '*.darwin-arm64' + archiveArtifacts '*.exe' + } + cleanup { cleanWs()