Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Resolve security warning for macOS users #249

Merged
merged 2 commits into from
Nov 4, 2020
Merged

Resolve security warning for macOS users #249

merged 2 commits into from
Nov 4, 2020

Conversation

luhring
Copy link
Contributor

@luhring luhring commented Nov 4, 2020

  • Adds signing and notarization to the release process to replace the Darwin .tar.gz asset with a .dmgasset
  • Moves several pipeline steps from a Linux runner to a macOS runner and adapts the pipeline logic accordingly
  • Makes minor improvements and adds clarifying comments to various release-related files

This implements https://github.com/anchore/project-toolbox/issues/27 for syft. Other released executables will need similar changes.

@luhring
Add support for macOS signing and notarization
0f32e00 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
@luhring luhring added the bug Something isn't working label Nov 4, 2020
@luhring luhring self-assigned this Nov 4, 2020
wagoodman
wagoodman reviewed Nov 4, 2020
View reviewed changes
Makefile Outdated
@@ -241,8 +244,7 @@ changelog-release:

.PHONY: changelog-unreleased
changelog-unreleased: ## show the current changelog that will be produced on the next release (note: requires GITHUB_TOKEN set)
@docker run -it --rm \
-v "$(shell pwd)":/usr/local/src/your-app ferrarimarco/github-changelog-generator \
@github_changelog_generator \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the changelog-unreleased is a target meant for local developers to be able to (optionally) use to see what the changelog would be before cutting a release. By leveraging the docker image dev's don't need to install the right version of ruby, install the gem, and get pathing correct. With the new change that would be required.

(The changelog-release target is OK, since this env is setup with ci-bootstrap-mac)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, reverting this.

wagoodman
wagoodman approved these changes Nov 4, 2020
View reviewed changes
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice addition 🚀

@luhring
Use Docker to run the changelog generator locally
fb813ea 
Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
@luhring luhring merged commit ecfc471 into main Nov 4, 2020
@luhring luhring deleted the macos-notarization branch November 4, 2020 20:47
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@luhring
Resolve security warning for macOS users (anchore#249)
86cd173 
* Add support for macOS signing and notarization

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

* Use Docker to run the changelog generator locally

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

@Toure Toure Awaiting requested review from Toure

@alfredodeza alfredodeza Awaiting requested review from alfredodeza

Assignees

@luhring luhring

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@luhring @wagoodman