github.com/mook-as/cf-cli@v7.0.0-beta.28.0.20200120190804-b91c115fae48+incompatible/ci/cli-release/tasks/sign-osx-installer.yml

github.com/mook-as/cf-cli@v7.0.0-beta.28.0.20200120190804-b91c115fae48+incompatible/ci/cli-release/tasks/sign-osx-installer.yml (about)

     1  ---
     2  platform: darwin
     3  
     4  params:
     5    CERT_COMMON_NAME:
     6    CERT_LOCATION:
     7    CERT_PASSWORD_LOCATION:
     8    TARGET_V7:
     9  
    10  inputs:
    11  - name: certificates
    12  - name: cli
    13  - name: edge-osx-installer-64
    14  
    15  outputs:
    16  - name: signed-osx-installer
    17  
    18  run:
    19    path: bash
    20    args:
    21    - -c
    22    - |
    23      set -ex
    24  
    25      if [ "$TARGET_V7" == "true" ]; then
    26        VERSION=$(cat cli/BUILD_VERSION_V7)
    27        SUFFIX="7"
    28      else
    29        VERSION=$(cat cli/BUILD_VERSION)
    30        SUFFIX=""
    31      fi
    32  
    33      CERT_PASSWORD=$(cat certificates/$CERT_PASSWORD_LOCATION)
    34  
    35      security create-keychain -p "" temp-keychain
    36  
    37      trap "security delete-keychain temp-keychain" 0
    38  
    39      security import certificates/$CERT_LOCATION -k temp-keychain -T "$(which productsign)" -P "$CERT_PASSWORD"
    40  
    41      productsign --timestamp \
    42        --sign "$CERT_COMMON_NAME" \
    43        --keychain temp-keychain \
    44        edge-osx-installer-64/cf${SUFFIX}-cli-installer_edge_osx.pkg \
    45        signed-osx-installer/cf${SUFFIX}-cli-installer_${VERSION}_osx.pkg