SDA-2793: refactor build scripts (#1150)

scripts/build-mac.sh

@@ -1,7 +1,12 @@
 #!/bin/bash
 
+# Unlock the keychain
+echo "Unlocking keychain"
+security -v unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
+
 NODE_REQUIRED_VERSION=v12.13.1
 SNYK_ORG=sda
+SNYK_PROJECT_NAME="Symphony Desktop Application"
 
 # Check basic dependencies
 if ! [ -x "$(command -v git)" ]; then
@@ -85,7 +90,8 @@ codesign --force --options runtime -s "Developer ID Application: Symphony Commun
 
 # Run Snyk Security Tests
 echo "Running snyk security tests"
-snyk test --file=package.json --org="$SNYK_ORG"
+snyk test --file=package-lock.json --org="$SNYK_ORG"
+snyk monitor --file=package-lock.json --org="$SNYK_ORG" --project-name="$SNYK_PROJECT_NAME"
 
 # Replace url in config
 echo "Setting default pod url to https://my.symphony.com"
@@ -113,3 +119,39 @@ npm run unpacked-mac
 # Create .pkg installer
 echo "Creating .pkg"
 /usr/local/bin/packagesbuild -v installer/mac/symphony-mac-packager.pkgproj
+
+PACKAGE=installer/mac/build/Symphony.pkg
+if [ ! -e ${PACKAGE} ]; then
+  echo "BUILD PACKAGE FAILED: package not created: ${PACKAGE}"
+  exit 1
+fi
+echo "Package created: ${PACKAGE}"
+
+# Sign the app
+PKG_VERSION=$(node -e "console.log(require('./package.json').version);")
+echo "Signing Package: ${PACKAGE}"
+SIGNED_PACKAGE=installer/mac/build/Symphony_Signed_${PKG_VERSION}_${PARENT_BUILD_VERSION}.pkg
+productsign --sign "Developer ID Installer: Symphony Communication Services LLC" $PACKAGE $SIGNED_PACKAGE
+echo "Signing Package complete: ${PACKAGE}"
+
+# Notarize the app
+xcrun altool --notarize-app --primary-bundle-id "$BUNDLE_ID" --username "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --file $SIGNED_PACKAGE > /tmp/notarize.txt
+cat /tmp/notarize.txt
+REQUEST_ID=$(sed -n '2p' /tmp/notarize.txt)
+REQUEST_ID=$(echo $REQUEST_ID | cut -d "=" -f 2)
+echo "$REQUEST_ID"
+#xcrun altool --notarization-info $REQUEST_ID --username "$APPLE_ID" --password "$APPLE_ID_PASSWORD"
+#xcrun stapler staple $SIGNED_PACKAGE
+#stapler validate --verbose $SIGNED_PACKAGE
+
+# Create targets directory
+mkdir -p targets
+
+# Attach artifacts to build
+if [ "${EXPIRY_PERIOD}" != "0" ]; then
+  cp $SIGNED_PACKAGE "targets/Symphony-macOS-${PKG_VERSION}-${PARENT_BUILD_VERSION}-TTL-${EXPIRY_PERIOD}.pkg"
+else
+  cp $SIGNED_PACKAGE "targets/Symphony-macOS-${PKG_VERSION}-${PARENT_BUILD_VERSION}.pkg"
+fi
+
+echo "All done, job successfull :)"

scripts/build-win64.bat

@@ -7,6 +7,7 @@ echo %PATH%
 set DISABLE_REBUILD=true
 set NODE_REQUIRED_VERSION=12.13.1
 set SNYK_ORG=sda
+set SNYK_PROJECT_NAME="Symphony Desktop Application"
 
 set PATH=%PATH%;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
 echo %PATH%
@@ -42,9 +43,10 @@ echo D | xcopy /y "C:\jenkins\workspace\tronlibraries\library" "library"
 echo "Installing dependencies..."
 call npm install
 
-:: Run Snyk Security Tests
+# Run Snyk Security Tests
 echo "Running snyk security tests"
-call snyk test --file=package.json --org=%SNYK_ORG%
+call snyk test --file=package-lock.json --org=%SNYK_ORG%
+call snyk monitor --file=package-lock.json --org=%SNYK_ORG% --project-name=%SNYK_PROJECT_NAME%
 
 :: Set expiry if required
 IF "%EXPIRY_PERIOD%"=="" (
@@ -56,3 +58,95 @@ IF "%EXPIRY_PERIOD%"=="" (
 
 echo "Running tests, code coverage, linting and building..."
 call npm run unpacked-win
+
+echo "Updating 64 bit installer file with hashed passwd..."
+
+set hashedPasswdFile=%HASHED_PASSWORD_FILE_PATH%
+
+if NOT EXIST %hashedPasswdFile% (
+  echo "can not find hashed password file in: " %hashedPasswdFile%
+  exit /b -1
+)
+
+set /p hashedPasswd=<%hashedPasswdFile%
+
+set installerFile=installer\win\Symphony-x64.aip
+if NOT EXIST %installerFile% (
+  echo "can not find installer file in: " %installerFile%
+  exit /b -1
+)
+
+call powershell -Command "(get-content %installerFile%) | foreach-object {$_ -replace '4A99BAA4D493EE030480AF53BA42EA11CCFB627AB1800400DA9692073D68C522A10A4FD0B5F78525294E51AC7194D55B5EE1D31F', '%hashedPasswd%'} | set-content %installerFile%"
+
+echo "creating 64 bit msi..."
+
+rem add AdvancedInstaller.com to PATH
+set PATH="%PATH%";C:\Program Files\nodejs\;C:\Program Files (x86)\Caphyon\Advanced Installer 15.9\bin\x86
+echo %PATH%
+
+call node -e "console.log(require('./package.json').version);" > version.txt
+set /p baseVer=<version.txt
+
+set SYMVER=%baseVer%
+if NOT DEFINED SYMVER (
+	echo "environment variable SYMVER not defined"
+	exit /b -1
+)
+
+echo "creating targets directory for symphony version: " %SYMVER%
+rmdir /q /s targets
+mkdir targets
+set targetsDir="%CD%\targets\"
+
+IF "%EXPIRY_PERIOD%"=="0" (
+    set archiveName=Symphony-Win64-%SYMVER%-%PARENT_BUILD_VERSION%
+) else (
+    set archiveName=Symphony-Win64-%SYMVER%-%PARENT_BUILD_VERSION%-TTL-%EXPIRY_PERIOD%
+)
+
+set installerDir="%CD%\installer\win"
+set distDir="%CD%\dist"
+
+if NOT EXIST "%PFX_DIR%\%PFX_FILE%" (
+  echo "can not find .pfx file" "%pfxDir%\%pfxFile%"
+  exit /b -1
+)
+
+copy /y "%PFX_DIR%\%PFX_FILE%" "%installerDir%\%PFX_FILE%"
+
+cd %installerDir%
+
+set AIP=Symphony-x64
+
+if EXIST %AIP%-cache (
+	echo "remove old msi cache file"
+	rmdir /q /s %AIP%-cache
+)
+if EXIST %AIP%-SetupFiles (
+	echo "remove old msi setup files"
+	rmdir /q /s %AIP%-SetupFiles
+)
+
+echo "Running Advanced Installer to build MSI"
+
+call AdvancedInstaller.com /edit %AIP%.aip /SetVersion %SYMVER%
+IF %errorlevel% neq 0 (
+	echo "failed to set advanced installer build version"
+	exit /b -1
+)
+
+call AdvancedInstaller.com /build %AIP%.aip
+IF %errorlevel% neq 0 (
+	echo "error returned from advanced installer:" %errorlevel%
+	exit /b -1
+)
+
+if NOT EXIST %AIP%-SetupFiles/%AIP%.msi (
+	echo "Failure - Did not produce MSI"
+	exit /b -1
+)
+
+echo "Copying MSI result to target dir"
+copy "%AIP%-SetupFiles\%AIP%.msi" "%targetsDir%\%archiveName%.msi"
+
+echo "All done, job successfull :)"