From b0a96efa19e575f9b97d506d0c3a26c4a7ed6310 Mon Sep 17 00:00:00 2001 From: Marina Limeira Date: Fri, 11 Aug 2023 11:42:29 +0200 Subject: [PATCH 1/4] Add config of circleci to sign macos binaries --- .circleci/config.yml | 43 +++++++++++++++++++++++++++++++++++++++---- .gon_amd64.hcl | 19 +++++++++++++++++++ .gon_arm64.hcl | 19 +++++++++++++++++++ 3 files changed, 77 insertions(+), 4 deletions(-) create mode 100644 .gon_amd64.hcl create mode 100644 .gon_arm64.hcl diff --git a/.circleci/config.yml b/.circleci/config.yml index baf36f3db8..01775b454e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,6 +2,12 @@ orbs: # The Windows orb gives us everything we need to start using the Windows executor. win: circleci/windows@2.4.0 +# The "sign binary" rubs in a MacOS environment, so it's necessary to download GW's binaries +env: &env + environment: + GRUNTWORK_INSTALLER_VERSION: v0.0.39 + MODULE_CI_VERSION: v0.52.6 + defaults: &defaults docker: - image: 087285199408.dkr.ecr.us-east-1.amazonaws.com/circle-ci-test-image-base:go1.20-tf1.5-tg39.1-pck1.8-ci50.7 @@ -105,12 +111,40 @@ jobs: - checkout - run: build-go-binaries --app-name terragrunt --dest-path bin --ld-flags "-X github.com/gruntwork-io/go-commons/version.Version=$CIRCLE_TAG -extldflags '-static'" deploy: - resource_class: large - <<: *defaults + <<: *env + macos: + xcode: 14.2.0 + resource_class: macos.x86.medium.gen2 steps: - checkout - - run: build-go-binaries --app-name terragrunt --dest-path bin --ld-flags "-X github.com/gruntwork-io/go-commons/version.Version=$CIRCLE_TAG -extldflags '-static'" - - run: cd bin && sha256sum * > SHA256SUMS + - attach_workspace: + at: . + - go/install: + version: "1.20.5" + - run: + name: Install sign-binary-helpers + command: | + curl -Ls https://raw.githubusercontent.com/gruntwork-io/gruntwork-installer/master/bootstrap-gruntwork-installer.sh | bash /dev/stdin --version "${GRUNTWORK_INSTALLER_VERSION}" + gruntwork-install --module-name "gruntwork-module-circleci-helpers" --repo "https://github.com/gruntwork-io/terraform-aws-ci" --tag "${MODULE_CI_VERSION}" + gruntwork-install --module-name "sign-binary-helpers" --repo "https://github.com/gruntwork-io/terraform-aws-ci" --tag "${MODULE_CI_VERSION}" + - run: + name: Compile and sign the binaries + command: | + sign-binary --install-macos-sign-dependencies --os mac .gon_amd64.hcl + sign-binary --os mac .gon_arm64.hcl + echo "Done signing the binary" + + # Replace the files in bin. These are the same file names generated from .gon_amd64.hcl and .gon_arm64.hcl + unzip terragrunt_darwin_amd64.zip + mv terragrunt_darwin_amd64 bin/ + + unzip terragrunt_darwin_arm64.zip + mv terragrunt_darwin_arm64 bin/ + - run: + name: Run SHA256SUM + command: | + brew install coreutils + cd bin && sha256sum * > SHA256SUMS - run: upload-github-release-assets bin/* workflows: version: 2 @@ -165,3 +199,4 @@ workflows: - GITHUB__PAT__gruntwork-ci - GCP__automated-tests - GITHUB__PAT__gruntwork-ci + - APPLE__OSX__code-signing diff --git a/.gon_amd64.hcl b/.gon_amd64.hcl new file mode 100644 index 0000000000..5537254619 --- /dev/null +++ b/.gon_amd64.hcl @@ -0,0 +1,19 @@ +# See https://github.com/gruntwork-io/terraform-aws-ci/blob/main/modules/sign-binary-helpers/ +# for further instructions on how to sign the binary + submitting for notarization. + +source = ["./bin/terragrunt_darwin_amd64"] + +bundle_id = "io.gruntwork.app.terragrunt" + +apple_id { + username = "machine.apple@gruntwork.io" + password = "@env:MACOS_AC_PASSWORD" +} + +sign { + application_identity = "Developer ID Application: Gruntwork, Inc." +} + +zip { + output_path = "terragrunt_darwin_amd64.zip" +} diff --git a/.gon_arm64.hcl b/.gon_arm64.hcl new file mode 100644 index 0000000000..b1ff28595f --- /dev/null +++ b/.gon_arm64.hcl @@ -0,0 +1,19 @@ +# See https://github.com/gruntwork-io/terraform-aws-ci/blob/main/modules/sign-binary-helpers/ +# for further instructions on how to sign the binary + submitting for notarization. + +source = ["./bin/terragrunt_darwin_arm64"] + +bundle_id = "io.gruntwork.app.terragrunt" + +apple_id { + username = "machine.apple@gruntwork.io" + password = "@env:MACOS_AC_PASSWORD" +} + +sign { + application_identity = "Developer ID Application: Gruntwork, Inc." +} + +zip { + output_path = "terragrunt_darwin_arm64.zip" +} From 166977969bb68b47fba51cc6a55604ab86ba7107 Mon Sep 17 00:00:00 2001 From: Marina Limeira Date: Fri, 11 Aug 2023 11:51:34 +0200 Subject: [PATCH 2/4] Add go orb --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 01775b454e..ca3a1d7a19 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,6 +1,7 @@ orbs: # The Windows orb gives us everything we need to start using the Windows executor. win: circleci/windows@2.4.0 + go: circleci/go@1.7.3 # The "sign binary" rubs in a MacOS environment, so it's necessary to download GW's binaries env: &env From 3da2836cfcdca6c5f0fb932450f4c576dba60041 Mon Sep 17 00:00:00 2001 From: Marina Limeira Date: Fri, 11 Aug 2023 12:01:19 +0200 Subject: [PATCH 3/4] Persist workspace between jobs --- .circleci/config.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index ca3a1d7a19..9cd3e31ceb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -111,6 +111,9 @@ jobs: steps: - checkout - run: build-go-binaries --app-name terragrunt --dest-path bin --ld-flags "-X github.com/gruntwork-io/go-commons/version.Version=$CIRCLE_TAG -extldflags '-static'" + - persist_to_workspace: + root: . + paths: bin deploy: <<: *env macos: From 28f539191f491782c343ef335f143d48567e4f4b Mon Sep 17 00:00:00 2001 From: Marina Limeira Date: Fri, 11 Aug 2023 12:07:47 +0200 Subject: [PATCH 4/4] Fix spacing in persist_to_workspace --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9cd3e31ceb..eaffc5eb87 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -112,8 +112,8 @@ jobs: - checkout - run: build-go-binaries --app-name terragrunt --dest-path bin --ld-flags "-X github.com/gruntwork-io/go-commons/version.Version=$CIRCLE_TAG -extldflags '-static'" - persist_to_workspace: - root: . - paths: bin + root: . + paths: bin deploy: <<: *env macos: