mirror of
https://github.com/finos/SymphonyElectron.git
synced 2024-12-26 00:41:11 -06:00
168 lines
5.9 KiB
Bash
Executable File
168 lines
5.9 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Unlock the keychain
|
|
echo "Unlocking keychain"
|
|
security -v unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
|
|
|
|
NODE_REQUIRED_VERSION=v18.16.0
|
|
SNYK_ORG=sda
|
|
SNYK_PROJECT_NAME="Symphony Desktop Application"
|
|
|
|
# Check basic dependencies
|
|
if ! [ -x "$(command -v git)" ]; then
|
|
echo 'GIT does not exist! Please set it up before running this script!' >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Switch to the appropriate node version for the branch using NVM
|
|
if [ -x "$(command -v nvm)" ]; then
|
|
echo 'NVM does not not exist! Install it to switch to the appropriate node version!' >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Source all the profile files to ensure nvm is in path
|
|
source $HOME/.nvm/nvm.sh
|
|
|
|
NODE_CURRENT_VERSION=$(nvm current)
|
|
if [ "$NODE_REQUIRED_VERSION" != "$NODE_CURRENT_VERSION" ]; then
|
|
echo 'Node version does not match required version! Installing the required version' >&2
|
|
nvm install $NODE_REQUIRED_VERSION
|
|
nvm use $NODE_REQUIRED_VERSION
|
|
fi
|
|
|
|
if ! [ -x "$(command -v node)" ]; then
|
|
echo 'NODE does not exist! Please set it up before running this script!' >&2
|
|
exit 1
|
|
fi
|
|
|
|
if ! [ -x "$(command -v npm)" ]; then
|
|
echo 'NPM does not exist! Please set it up before running this script!' >&2
|
|
exit 1
|
|
fi
|
|
|
|
if ! [ -x "$(command -v gulp)" ]; then
|
|
echo 'Gulp does not exist! Installing it!' >&2
|
|
npm install -g gulp gulp-cli
|
|
fi
|
|
|
|
if ! [ -x "$(command -v snyk)" ]; then
|
|
echo 'Snyk does not exist! Installing and setting it up' >&2
|
|
npm install -g snyk
|
|
fi
|
|
echo "Setting snyk org to $SNYK_ORG and api token to $SNYK_API_TOKEN"
|
|
snyk config set org="$SNYK_ORG"
|
|
snyk config set api="$SNYK_API_TOKEN"
|
|
|
|
if ! [ -x "$(command -v /usr/local/bin/packagesbuild)" ]; then
|
|
echo 'Packages build does not exist! Please set it up before running this script!' >&2
|
|
exit 1
|
|
fi
|
|
|
|
# If we don't get parent build number from parent job, set it to 0
|
|
if [ -z "$PARENT_BUILD_VERSION" ]; then
|
|
echo "PARENT_BUILD_VERSION is empty, setting default"
|
|
PARENT_BUILD_VERSION="0"
|
|
fi
|
|
|
|
NODE_VERSION=$(node --version)
|
|
echo "Executing using Node Version: ${NODE_VERSION}"
|
|
|
|
PKG_VERSION=$(node -e "console.log(require('./package.json').version);")
|
|
|
|
# Install app dependencies
|
|
echo "Installing dependencies"
|
|
npm install
|
|
|
|
echo "Signing screen share indicator"
|
|
codesign --force --options runtime -s "Developer ID Application: Symphony Communication Services LLC" node_modules/screen-share-indicator-frame/SymphonyScreenShareIndicator
|
|
|
|
# Run Snyk Security Tests
|
|
echo "Running snyk security tests"
|
|
snyk test --file=package-lock.json --org="$SNYK_ORG"
|
|
snyk monitor --file=package-lock.json --org="$SNYK_ORG" --project-name="$SNYK_PROJECT_NAME"
|
|
|
|
# Replace url in config
|
|
echo "Setting default pod url to https://my.symphony.com"
|
|
sed -i -e 's/\"url\"[[:space:]]*\:[[:space:]]*\".*\"/\"url\":\"https:\/\/my.symphony.com\"/g' config/Symphony.config
|
|
|
|
# Setup the build version
|
|
echo "Setting build version to ${PARENT_BUILD_VERSION}"
|
|
sed -i -e "s/\"buildNumber\"[[:space:]]*\:[[:space:]]*\".*\"/\"buildNumber\": \"${PARENT_BUILD_VERSION}\"/g" package.json
|
|
sed -i -e "s/\"version\"[[:space:]]*\:[[:space:]]\"\(.*\)\"/\"version\": \"\1-${PARENT_BUILD_VERSION}\"/g" package.json
|
|
|
|
# Replace version number in pre-install script
|
|
echo "Setting package version in pre install script to ${PKG_VERSION}"
|
|
sed -i -e "s/CURRENT_VERSION=APP_VERSION/CURRENT_VERSION=${PKG_VERSION}/g" ./installer/mac/preinstall.sh
|
|
|
|
# Set expiry period for TTL builds
|
|
if [ "$EXPIRY_PERIOD" == "0" ] || [ "$EXPIRY_PERIOD" == 0 ]; then
|
|
echo 'Expiry period not set, so, not creating expiry for the build'
|
|
else
|
|
gulp setExpiry --period ${EXPIRY_PERIOD}
|
|
fi
|
|
|
|
# Build the app
|
|
echo "Running tests, code coverage, linting and building..."
|
|
npm run unpacked-mac
|
|
|
|
# Create .pkg installer
|
|
echo "Creating .pkg"
|
|
/usr/local/bin/packagesbuild -v installer/mac/symphony-mac-packager.pkgproj
|
|
|
|
PACKAGE=installer/mac/build/Symphony.pkg
|
|
if [ ! -e ${PACKAGE} ]; then
|
|
echo "BUILD PACKAGE FAILED: package not created: ${PACKAGE}"
|
|
exit 1
|
|
fi
|
|
echo "Package created: ${PACKAGE}"
|
|
|
|
# Sign the app
|
|
PKG_VERSION=$(node -e "console.log(require('./package.json').version);")
|
|
echo "Signing Package: ${PACKAGE}"
|
|
SIGNED_PACKAGE=installer/mac/build/Symphony_Signed_${PKG_VERSION}.pkg
|
|
productsign --sign "Developer ID Installer: Symphony Communication Services LLC" $PACKAGE $SIGNED_PACKAGE
|
|
echo "Signing Package complete: ${PACKAGE}"
|
|
|
|
# Notarize the app
|
|
# xcrun altool --notarize-app --primary-bundle-id "$pwd" --username "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --file $SIGNED_PACKAGE > /tmp/notarize.txt
|
|
xcrun notarytool submit --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$TEAM_ID" $SIGNED_PACKAGE --wait > /tmp/notarize.txt
|
|
|
|
cat /tmp/notarize.txt
|
|
REQUEST_ID=$(sed -n '2p' /tmp/notarize.txt)
|
|
REQUEST_ID=$(echo $REQUEST_ID | cut -d "=" -f 2)
|
|
echo "$REQUEST_ID"
|
|
#xcrun altool --notarization-info $REQUEST_ID --username "$APPLE_ID" --password "$APPLE_ID_PASSWORD"
|
|
#xcrun stapler staple $SIGNED_PACKAGE
|
|
#stapler validate --verbose $SIGNED_PACKAGE
|
|
|
|
# Generate Installation Instructions PDF
|
|
if ! [ -x "$(command -v markdown-pdf)" ]; then
|
|
echo 'Markdown PDF does not exist! Installing it' >&2
|
|
npm install -g markdown-pdf
|
|
fi
|
|
|
|
echo "Updating auto-update yml file"
|
|
node scripts/macos_update_yml.js "dist/latest-mac.yml"
|
|
|
|
echo "Generating PDF for installation instructions"
|
|
markdown-pdf installer/mac/install_instructions_mac.md
|
|
|
|
echo "Generate release notes"
|
|
markdown-pdf RELEASE_NOTES.md
|
|
|
|
# Create targets directory
|
|
mkdir -p targets
|
|
|
|
# Attach artifacts to build
|
|
if [ "${EXPIRY_PERIOD}" != "0" ]; then
|
|
cp $SIGNED_PACKAGE "targets/Symphony-macOS-${PKG_VERSION}-TTL-${EXPIRY_PERIOD}.pkg"
|
|
cp installer/mac/install_instructions_mac.pdf "targets/Install-Instructions-macOS-${PKG_VERSION}-TTL-${EXPIRY_PERIOD}.pdf"
|
|
cp RELEASE_NOTES.pdf "targets/Release-Notes-macOS-${PKG_VERSION}-TTL-${EXPIRY_PERIOD}.pdf"
|
|
else
|
|
cp $SIGNED_PACKAGE "targets/Symphony-macOS-${PKG_VERSION}.pkg"
|
|
cp installer/mac/install_instructions_mac.pdf "targets/Install-Instructions-macOS-${PKG_VERSION}.pdf"
|
|
cp RELEASE_NOTES.pdf "targets/Release-Notes-macOS-${PKG_VERSION}-.pdf"
|
|
fi
|
|
|
|
echo "All done, job successfull :)"
|