Skip to content

Commit 9ef12c3

Browse files
MaxDesiatovMaxDesiatov
authored
Merge pull request #2029 from swiftwasm/katei/package-toolchain
Distribute toolchain as pkg for Darwin
2 parents 2ff0f8a + c9a4e28 commit 9ef12c3

File tree

3 files changed

+141
-5
lines changed

3 files changed

+141
-5
lines changed

.github/workflows/nightly-distribution.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,29 @@ jobs:
77
runs-on: macos-latest
88
steps:
99
- uses: actions/checkout@v1
10+
- name: Setup keychain
11+
run: |
12+
echo "$DARWIN_TOOLCHAIN_APPLICATION_CERT_BASE64" | base64 --decode -o developerID_application.cer
13+
security import developerID_application.cer
14+
echo "$DARWIN_TOOLCHAIN_INSTALLER_CERT_BASE64" | base64 --decode -o developerID_installer.cer
15+
security import developerID_installer.cer
16+
env:
17+
DARWIN_TOOLCHAIN_APPLICATION_CERT: ${{ secrets.DARWIN_TOOLCHAIN_APPLICATION_CERT }}
18+
DARWIN_TOOLCHAIN_APPLICATION_CERT_BASE64: ${{ secrets.DARWIN_TOOLCHAIN_APPLICATION_CERT_BASE64 }}
19+
DARWIN_TOOLCHAIN_INSTALLER_CERT: ${{ secrets.DARWIN_TOOLCHAIN_INSTALLER_CERT }}
20+
DARWIN_TOOLCHAIN_INSTALLER_CERT_BASE64: ${{ secrets.DARWIN_TOOLCHAIN_INSTALLER_CERT_BASE64 }}
1021
- run: ./utils/webassembly/distribute-latest-toolchain.sh swiftwasm DEVELOPMENT
1122
env:
1223
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
24+
DARWIN_TOOLCHAIN_APPLICATION_CERT: ${{ secrets.DARWIN_TOOLCHAIN_APPLICATION_CERT }}
25+
DARWIN_TOOLCHAIN_INSTALLER_CERT: ${{ secrets.DARWIN_TOOLCHAIN_INSTALLER_CERT }}
26+
DARWIN_TOOLCHAIN_NOTARIZE_EMAIL: ${{ secrets.DARWIN_TOOLCHAIN_NOTARIZE_EMAIL }}
27+
DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD: ${{ secrets.DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD }}
1328
if: github.ref == 'refs/heads/swiftwasm'
1429
- run: ./utils/webassembly/distribute-latest-toolchain.sh swiftwasm-release/5.3 5.3
1530
env:
1631
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
32+
DARWIN_TOOLCHAIN_APPLICATION_CERT: ${{ secrets.DARWIN_TOOLCHAIN_APPLICATION_CERT }}
33+
DARWIN_TOOLCHAIN_INSTALLER_CERT: ${{ secrets.DARWIN_TOOLCHAIN_INSTALLER_CERT }}
34+
DARWIN_TOOLCHAIN_NOTARIZE_EMAIL: ${{ secrets.DARWIN_TOOLCHAIN_NOTARIZE_EMAIL }}
35+
DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD: ${{ secrets.DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD }}

utils/webassembly/build-toolchain.sh

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,11 +118,55 @@ merge_toolchains() {
118118
sed -i -e "s@\".*/include@\"../../../../share/wasi-sysroot/include@g" "$DIST_TOOLCHAIN_SDK/usr/lib/swift/wasi/wasm32/wasi.modulemap"
119119
}
120120

121+
create_darwin_info_plist() {
122+
echo "-- Create Info.plist --"
123+
PLISTBUDDY_BIN="/usr/libexec/PlistBuddy"
124+
125+
DARWIN_TOOLCHAIN_VERSION="5.3.${YEAR}${MONTH}${DAY}"
126+
BUNDLE_PREFIX="org.swiftwasm"
127+
DARWIN_TOOLCHAIN_BUNDLE_IDENTIFIER="${BUNDLE_PREFIX}.${YEAR}${MONTH}${DAY}"
128+
DARWIN_TOOLCHAIN_DISPLAY_NAME_SHORT="Swift for WebAssembly Snapshot"
129+
DARWIN_TOOLCHAIN_DISPLAY_NAME="${DARWIN_TOOLCHAIN_DISPLAY_NAME_SHORT} ${YEAR}-${MONTH}-${DAY}"
130+
DARWIN_TOOLCHAIN_ALIAS="swiftwasm"
131+
132+
DARWIN_TOOLCHAIN_INFO_PLIST="${DIST_TOOLCHAIN_SDK}/usr/Info.plist"
133+
DARWIN_TOOLCHAIN_REPORT_URL="https://bugs.swift.org/"
134+
COMPATIBILITY_VERSION=2
135+
COMPATIBILITY_VERSION_DISPLAY_STRING="Xcode 8.0"
136+
DARWIN_TOOLCHAIN_CREATED_DATE="$(date -u +'%a %b %d %T GMT %Y')"
137+
SWIFT_USE_DEVELOPMENT_TOOLCHAIN_RUNTIME="YES"
138+
139+
rm -f "${DARWIN_TOOLCHAIN_INFO_PLIST}"
140+
141+
${PLISTBUDDY_BIN} -c "Add DisplayName string '${DARWIN_TOOLCHAIN_DISPLAY_NAME}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
142+
${PLISTBUDDY_BIN} -c "Add ShortDisplayName string '${DARWIN_TOOLCHAIN_DISPLAY_NAME_SHORT}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
143+
${PLISTBUDDY_BIN} -c "Add CreatedDate date '${DARWIN_TOOLCHAIN_CREATED_DATE}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
144+
${PLISTBUDDY_BIN} -c "Add CompatibilityVersion integer ${COMPATIBILITY_VERSION}" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
145+
${PLISTBUDDY_BIN} -c "Add CompatibilityVersionDisplayString string ${COMPATIBILITY_VERSION_DISPLAY_STRING}" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
146+
${PLISTBUDDY_BIN} -c "Add Version string '${DARWIN_TOOLCHAIN_VERSION}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
147+
${PLISTBUDDY_BIN} -c "Add CFBundleIdentifier string '${DARWIN_TOOLCHAIN_BUNDLE_IDENTIFIER}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
148+
${PLISTBUDDY_BIN} -c "Add ReportProblemURL string '${DARWIN_TOOLCHAIN_REPORT_URL}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
149+
${PLISTBUDDY_BIN} -c "Add Aliases array" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
150+
${PLISTBUDDY_BIN} -c "Add Aliases:0 string '${DARWIN_TOOLCHAIN_ALIAS}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
151+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings dict" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
152+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:ENABLE_BITCODE string 'NO'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
153+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:SWIFT_DISABLE_REQUIRED_ARCLITE string 'YES'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
154+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:SWIFT_LINK_OBJC_RUNTIME string 'YES'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
155+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:SWIFT_DEVELOPMENT_TOOLCHAIN string 'YES'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
156+
${PLISTBUDDY_BIN} -c "Add OverrideBuildSettings:SWIFT_USE_DEVELOPMENT_TOOLCHAIN_RUNTIME string '${SWIFT_USE_DEVELOPMENT_TOOLCHAIN_RUNTIME}'" "${DARWIN_TOOLCHAIN_INFO_PLIST}"
157+
158+
chmod a+r "${DARWIN_TOOLCHAIN_INFO_PLIST}"
159+
}
160+
121161
build_host_toolchain
122162
build_target_toolchain
123163

124164
merge_toolchains
125165

166+
if [[ "$(uname)" == "Darwin" ]]; then
167+
create_darwin_info_plist
168+
fi
169+
126170
cd "$DIST_TOOLCHAIN_DESTDIR"
127171
tar cfz "$PACKAGE_ARTIFACT" "$TOOLCHAIN_NAME"
128172
echo "Toolchain archive created successfully!"

utils/webassembly/distribute-latest-toolchain.sh

Lines changed: 78 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,12 @@ set -xe
44
repository='swiftwasm/swift'
55
workflow_name='main.yml'
66
branch=$1
7+
channel=$2
8+
swift_source_dir="$(cd "$(dirname $0)/../.." && pwd)"
9+
10+
DARWIN_TOOLCHAIN_APPLICATION_CERT=${DARWIN_TOOLCHAIN_APPLICATION_CERT:?"Please set DARWIN_TOOLCHAIN_APPLICATION_CERT"}
11+
DARWIN_TOOLCHAIN_INSTALLER_CERT=${DARWIN_TOOLCHAIN_INSTALLER_CERT:?"Please set DARWIN_TOOLCHAIN_APPLICATION_CERT"}
12+
DARWIN_TOOLCHAIN_NOTARIZE_EMAIL=${DARWIN_TOOLCHAIN_NOTARIZE_EMAIL:?"Please set DARWIN_TOOLCHAIN_NOTARIZE_EMAIL"}
713

814
gh_api=https://api.github.com
915

@@ -94,6 +100,72 @@ upload_tarball() {
94100
"https://uploads.github.com/repos/$repository/releases/$release_id/assets?name=$filename"
95101
}
96102

103+
sign_toolchain() {
104+
local darwin_toolchain=$1
105+
local codesign_bin="/usr/bin/codesign"
106+
107+
codesign_args=(--force --verify --verbose --deep --options runtime --timestamp --sign "${DARWIN_TOOLCHAIN_APPLICATION_CERT}")
108+
for binary in $(find "${darwin_toolchain}" -type f); do
109+
if file "$binary" | grep -q "Mach-O"; then
110+
${codesign_bin} "${codesign_args[@]}" "${binary}"
111+
fi
112+
done
113+
114+
${codesign_bin} "${codesign_args[@]}" "${darwin_toolchain}/usr/"
115+
}
116+
117+
create_installer() {
118+
local darwin_toolchain=$1
119+
local darwin_toolchain_name=$(basename "$darwin_toolchain")
120+
local darwin_toolchain_installer_package="$darwin_toolchain.pkg"
121+
local darwin_toolchain_install_location="/Library/Developer/Toolchains/${darwin_toolchain_name}.xctoolchain"
122+
local darwin_toolchain_version=$(/usr/libexec/PlistBuddy -c "Print Version string" "$darwin_toolchain"/usr/Info.plist)
123+
local darwin_toolchain_bundle_identifier=$(/usr/libexec/PlistBuddy -c "Print CFBundleIdentifier string" "$darwin_toolchain"/usr/Info.plist)
124+
125+
"${swift_source_dir}/utils/toolchain-installer" "${darwin_toolchain}/" "${darwin_toolchain_bundle_identifier}" \
126+
"${DARWIN_TOOLCHAIN_INSTALLER_CERT}" "${darwin_toolchain_installer_package}" "${darwin_toolchain_install_location}" \
127+
"${darwin_toolchain_version}" "${swift_source_dir}/utils/darwin-installer-scripts"
128+
129+
# Notarize the toolchain installer
130+
local request_output=$(xcrun altool --notarize-app --type osx \
131+
--file "${darwin_toolchain_installer_package}" \
132+
--primary-bundle-id "${darwin_toolchain_bundle_identifier}" \
133+
-u "${DARWIN_TOOLCHAIN_NOTARIZE_EMAIL}" \
134+
-p "@env:DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD")
135+
local request_uuid=$(echo "$request_output" | grep "RequestUUID = " | awk '{print $3}')
136+
137+
local request_status=$(xcrun altool --notarization-info "$request_uuid" \
138+
-u "${DARWIN_TOOLCHAIN_NOTARIZE_EMAIL}" \
139+
-p "@env:DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD")
140+
# Wait until finished
141+
while echo "$request_status" | grep -q "Status: in progress" ; do
142+
sleep 60
143+
request_status=$(xcrun altool --notarization-info "$request_uuid" \
144+
-u "${DARWIN_TOOLCHAIN_NOTARIZE_EMAIL}" \
145+
-p "@env:DARWIN_TOOLCHAIN_NOTARIZE_PASSWORD")
146+
done
147+
148+
if echo "$request_status" | grep -q "Status: success"; then
149+
xcrun stapler staple "${darwin_toolchain_installer_package}"
150+
else
151+
echo "Failed to notarize the toolchain $darwin_toolchain_installer_package: $request_status"
152+
fi
153+
}
154+
155+
package_darwin_toolchain() {
156+
local toolchain_tar=$1
157+
local destination=$2
158+
local toolchain_name=$(basename $(tar tfz "$toolchain_tar" | head -n1))
159+
local workdir=$(mktemp -d)
160+
161+
tar xfz "$toolchain_tar" -C "$workdir"
162+
sign_toolchain "$workdir/$toolchain_name"
163+
create_installer "$workdir/$toolchain_name"
164+
165+
mv "$workdir/$toolchain_name.pkg" "$destination"
166+
rm -rf "$workdir"
167+
}
168+
97169
tmp_dir=$(mktemp -d)
98170
pushd $tmp_dir
99171
download_artifact ubuntu18.04-installable
@@ -103,22 +175,23 @@ unzip ubuntu18.04-installable.zip
103175
unzip ubuntu20.04-installable.zip
104176
unzip macos-installable.zip
105177

106-
toolchain_name=$(basename $(tar tfz swift-wasm-$2-SNAPSHOT-ubuntu18.04-x86_64.tar.gz | head -n1))
178+
toolchain_name=$(basename $(tar tfz swift-wasm-$channel-SNAPSHOT-ubuntu18.04-x86_64.tar.gz | head -n1))
107179

108180
if is_released $toolchain_name; then
109181
echo "Latest toolchain $toolchain_name has been already released"
110182
exit 0
111183
fi
112184

113-
mv swift-wasm-$2-SNAPSHOT-ubuntu18.04-x86_64.tar.gz "$toolchain_name-ubuntu18.04-x86_64.tar.gz"
114-
mv swift-wasm-$2-SNAPSHOT-ubuntu20.04-x86_64.tar.gz "$toolchain_name-ubuntu20.04-x86_64.tar.gz"
115-
mv swift-wasm-$2-SNAPSHOT-macos-x86_64.tar.gz "$toolchain_name-macos-x86_64.tar.gz"
185+
186+
mv swift-wasm-$channel-SNAPSHOT-ubuntu18.04-x86_64.tar.gz "$toolchain_name-ubuntu18.04-x86_64.tar.gz"
187+
mv swift-wasm-$channel-SNAPSHOT-ubuntu20.04-x86_64.tar.gz "$toolchain_name-ubuntu20.04-x86_64.tar.gz"
188+
package_darwin_toolchain "swift-wasm-$channel-SNAPSHOT-macos-x86_64.tar.gz" "$toolchain_name-macos-x86_64.pkg"
116189

117190
create_tag $toolchain_name $head_sha
118191
release_id=$(create_release $toolchain_name $toolchain_name $head_sha)
119192

120193
upload_tarball $release_id "$toolchain_name-ubuntu18.04-x86_64.tar.gz"
121194
upload_tarball $release_id "$toolchain_name-ubuntu20.04-x86_64.tar.gz"
122-
upload_tarball $release_id "$toolchain_name-macos-x86_64.tar.gz"
195+
upload_tarball $release_id "$toolchain_name-macos-x86_64.pkg"
123196

124197
popd

0 commit comments

Comments
 (0)