mirror of
https://github.com/ivabus/pantry
synced 2024-11-23 00:45:07 +03:00
faster codesigning with file extension blacklisting
second test repeat second test repeat first test repeat repeating second test more test two test 2 test 3 test 3.1 test 3.2 test 3.2.1 test 3.2.2 test 3.2.3 test 3.3 test 4 test 4.1 test 4.2 test 4.3 test 4.4 (I hate shell escaping)
This commit is contained in:
parent
212a592e09
commit
3248e8fa30
2 changed files with 36 additions and 6 deletions
BIN
.DS_Store
vendored
BIN
.DS_Store
vendored
Binary file not shown.
42
.github/actions/codesign/action.yml
vendored
42
.github/actions/codesign/action.yml
vendored
|
@ -45,21 +45,51 @@ runs:
|
|||
p12-file-base64: ${{ inputs.p12-file-base64 }}
|
||||
p12-password: ${{ inputs.p12-password }}
|
||||
|
||||
- name: Codesign files
|
||||
- name: Create file list
|
||||
shell: sh
|
||||
run: find $PATHS -type f -print0 | xargs -0 codesign -s "$IDENTITY" --force -v --timestamp || true
|
||||
id: files
|
||||
run: |
|
||||
echo "sign<<EOF" >> $GITHUB_OUTPUT
|
||||
/usr/bin/find $PATHS \
|
||||
-type f \
|
||||
-not -name '*.py' \
|
||||
-not -name '*.pyc' \
|
||||
-not -name '*.txt' \
|
||||
-not -name '*.h' | \
|
||||
/usr/bin/sed -e 's/ /\\ /g' >> $GITHUB_OUTPUT
|
||||
echo "EOF" >> $GITHUB_OUTPUT
|
||||
|
||||
# `tea` won't pass strict checking due to a deno bug with the way
|
||||
# MachO headers are created
|
||||
# https://github.com/denoland/deno/issues/17753
|
||||
echo "check<<EOF" >> $GITHUB_OUTPUT
|
||||
/usr/bin/find $PATHS \
|
||||
-type f \
|
||||
-not -name '*.py' \
|
||||
-not -name '*.pyc' \
|
||||
-not -name '*.txt' \
|
||||
-not -name '*.h' \
|
||||
-not -name tea | \
|
||||
/usr/bin/sed -e 's/ /\\ /g' >> $GITHUB_OUTPUT
|
||||
echo "EOF" >> $GITHUB_OUTPUT
|
||||
env:
|
||||
PATHS: ${{ inputs.paths }}
|
||||
|
||||
- name: Codesign files
|
||||
shell: sh
|
||||
run: |
|
||||
echo "$FILES" | \
|
||||
/usr/bin/xargs /usr/bin/codesign -s "$IDENTITY" --force -v --timestamp || true
|
||||
env:
|
||||
FILES: ${{ steps.files.outputs.sign }}
|
||||
IDENTITY: ${{ inputs.identity }}
|
||||
|
||||
# This isn't very informative, but even a no-op is safer than none
|
||||
- name: Check codesigning
|
||||
shell: sh
|
||||
# FIXME: `deno` compiled binaries don't currently pass validation.
|
||||
# https://github.com/denoland/deno/issues/17753
|
||||
run: find $PATHS -type f ! -name tea -print0 | xargs -0 codesign -vvv --strict
|
||||
run: echo "$FILES" | /usr/bin/xargs /usr/bin/codesign -vvv --strict
|
||||
env:
|
||||
PATHS: ${{ inputs.paths }}
|
||||
FILES: ${{ steps.files.outputs.check }}
|
||||
|
||||
# Needed for self-hosted runner, since it doesn't destroy itself automatically.
|
||||
- name: Delete keychain
|
||||
|
|
Loading…
Reference in a new issue