Sign and notarize macOS binaries

Close #2408
2021-04-06 18:09:06 +09:00 · 2021-04-06 18:09:06 +09:00 · c440418ce6
parent 3d37a5ba1d
commit c440418ce6
2 changed files with 62 additions and 17 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@ -12,27 +12,20 @@ builds:
      - darwin
    goarch:
      - amd64
+    ldflags:
+      - "-s -w -X main.version={{ .Version }} -X main.revision={{ .ShortCommit }}"
+
+  - id: fzf-macos-arm
+    binary: fzf
+    goos:
+      - darwin
+    goarch:
      - arm64
    ldflags:
      - "-s -w -X main.version={{ .Version }} -X main.revision={{ .ShortCommit }}"
-    hooks:
-      post: |-
-        sh -c '
-        cat > /tmp/fzf-gon.hcl << EOF
-        source = ["./dist/fzf-macos_darwin_{{ .Arch }}/fzf"]
-        bundle_id = "kr.junegunn.fzf"
-        apple_id {
-          username = "junegunn.c@gmail.com"
-          password = "@env:AC_PASSWORD"
-        }
-        sign {
-          application_identity = "Apple Development: junegunn.c@gmail.com"
-        }
-        EOF
-        gon /tmp/fzf-gon.hcl
-        '

-  - goos:
+  - id: fzf
+    goos:
      - linux
      - windows
      - freebsd
@ -59,6 +52,8 @@ builds:

 archives:
  - name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+    builds:
+      - fzf
    format: tar.gz
    format_overrides:
      - goos: windows
@ -66,12 +61,61 @@ archives:
    files:
      - non-existent*

+signs:
+  - id: fzf-macos-sign
+    ids: [fzf-macos]
+    artifacts: all
+    cmd: sh
+    args:
+      - "-c"
+      - |-
+        cat > /tmp/fzf-gon-amd64.hcl << EOF
+        source = ["./dist/fzf-macos_darwin_amd64/fzf"]
+        bundle_id = "kr.junegunn.fzf"
+        apple_id {
+          username = "junegunn.c@gmail.com"
+          password = "@env:AC_PASSWORD"
+        }
+        sign {
+          application_identity = "Developer ID Application: Junegunn Choi (Y254DRW44Z)"
+        }
+        zip {
+          output_path = "./dist/fzf-{{ .Version }}-darwin_amd64.zip"
+        }
+        EOF
+        gon /tmp/fzf-gon-amd64.hcl
+
+  - id: fzf-macos-arm-sign
+    ids: [fzf-macos-arm]
+    artifacts: all
+    cmd: sh
+    args:
+      - "-c"
+      - |-
+        cat > /tmp/fzf-gon-arm64.hcl << EOF
+        source = ["./dist/fzf-macos-arm_darwin_arm64/fzf"]
+        bundle_id = "kr.junegunn.fzf"
+        apple_id {
+          username = "junegunn.c@gmail.com"
+          password = "@env:AC_PASSWORD"
+        }
+        sign {
+          application_identity = "Developer ID Application: Junegunn Choi (Y254DRW44Z)"
+        }
+        zip {
+          output_path = "./dist/fzf-{{ .Version }}-darwin_arm64.zip"
+        }
+        EOF
+        gon /tmp/fzf-gon-arm64.hcl
+
 release:
  github:
    owner: junegunn
    name: fzf
  prerelease: auto
  name_template: '{{ .Tag }}'
+  extra_files:
+    - glob: ./dist/fzf-*darwin*.zip

 snapshot:
  name_template: "{{ .Tag }}-devel"
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@ CHANGELOG
  fzf --preview 'cat {}' --preview-window top:border-bottom
  fzf --preview 'cat {}' --preview-window top:border-horizontal
  ```
+- Signed and notarized macOS binaries (thanks to [BACKERS.md](https://github.com/junegunn/junegunn/blob/main/BACKERS.md))

 0.26.0
 ------