Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add macOS pkg installer to deployment (#7554) #7555

Merged
merged 22 commits into from
May 24, 2024
+188 −2
Merged

Add macOS pkg installer to deployment (#7554) #7555

Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
f1c3534
Add macOS pkg installer to deployment
paulober Jun 8, 2023
53c83fd
Merge branch 'trunk' into feature-macos-pkg-installer
paulober Sep 4, 2023
775476d
Fix typo in macOS pkg installer build script
paulober Sep 4, 2023
630ab13
Merge branch 'trunk' into feature-macos-pkg-installer
paulober May 20, 2024
b1a6ce3
Update pkg title
paulober May 21, 2024
aeb0ac7
Update choice title
paulober May 21, 2024
eb23e07
Indentation fix
paulober May 21, 2024
f9d6b1d
Fix indentation
paulober May 21, 2024
80830d7
Fix indentation
paulober May 21, 2024
d2d599d
Undo goreleaser change
paulober May 21, 2024
6e58a2a
Fix indentation
paulober May 21, 2024
18f41db
Removed redundant specifications
paulober May 21, 2024
3830c33
Cleanup pkgmacos build script
paulober May 21, 2024
9454d5e
Change minimum build script macOS version
paulober May 21, 2024
85f424b
Fix directory already exists
paulober May 24, 2024
74392ff
Added make macospkg target
paulober May 24, 2024
1990952
Fix distribution.xml + min macos version requirements
paulober May 24, 2024
27262ff
Added native min os version blocking
paulober May 24, 2024
f66367d
Integrate argument array to remove duplicate code
paulober May 24, 2024
4db8779
Merge branch 'trunk' into feature-macos-pkg-installer
paulober May 24, 2024
279d53a
Remove `v` prefix when `pkgmacos` is called
andyfeller May 24, 2024
bdc40a0
Update readme about MacOS pkg
andyfeller May 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion .github/workflows/deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,19 @@ jobs:
run: |
shopt -s failglob
script/sign dist/gh_*_macOS_*.zip
- name: Build universal macOS pkg installer
if: inputs.environment != 'production'
env:
TAG_NAME: ${{ inputs.tag_name }}
run: script/pkgmacos "$TAG_NAME"
Comment on lines +111 to +115
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How have you been testing script/pkgmacos locally?

I was wondering how large the new .pkg files were, so tried building it locally. I thought about trying to build this locally only to realize we probably want to add a new target to Makefile as this involves multiple steps.

Here's how far I've got so far before realizing I should simply ask 😅

andyfeller@Andys-MBP:cli/cli ‹feature-macos-pkg-installer›$ ./script/pkgmacos 
To build a universal pkg for macOS:
  script/pkgmacos <tag-name>

To build and sign set APPLE_DEVELOPER_INSTALLER_ID environment variable before.
For example, if you have a signing identity with the identifier 
"Developer ID Installer: Your Name (ABC123DEF)" set it in the variable.
andyfeller@Andys-MBP:cli/cli ‹feature-macos-pkg-installer›$ ./script/pkgmacos v0.0.0
build_pkg:7: no matches found: ./share/man/man1/gh*.1
andyfeller@Andys-MBP:cli/cli ‹feature-macos-pkg-installer›$ vim Makefile 
andyfeller@Andys-MBP:cli/cli ‹feature-macos-pkg-installer›$ make
go build -trimpath -ldflags "-X github.com/cli/cli/v2/internal/build.Date=2024-05-23 -X github.com/cli/cli/v2/internal/build.Version=v2.49.2-50-g9454d5e7 " -o bin/gh ./cmd/gh
andyfeller@Andys-MBP:cli/cli ‹feature-macos-pkg-installer›$ ./script/pkgmacos v0.0.0
build_pkg:7: no matches found: ./share/man/man1/gh*.1
andyfeller@Andys-MBP:cli/cli ‹feature-macos-pkg-installer›$ vim Makefile 
andyfeller@Andys-MBP:cli/cli ‹feature-macos-pkg-installer›$ make manpages
go run ./cmd/gen-docs --man-page --doc-path ./share/man/man1/
andyfeller@Andys-MBP:cli/cli ‹feature-macos-pkg-installer›$ ./script/pkgmacos v0.0.0

Copy link
Contributor Author

@paulober paulober May 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concerning the pkg size, its about 24MB:
-rw-r--r--@ 1 paulober staff 24M May 24 14:10 gh_v2.99.8_macOS_universal.pkg

To test it locally:

make manpages
make completions
./script/release --local "v2.99.8" --platform macos
./script/pkgmacos v2.99.8

And for the Makefile target. Maybe i can read into it. But as of now i know nothing about the syntax within a Makefile (only cmake).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I take that back, it wasn't that difficult. You can now build a pkg using make macospkg VERSION=v2.99.8. (goreleaser required)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is really going to help the team, thank you for saving us future time 🫶

- name: Build & notarize universal macOS pkg installer
if: inputs.environment == 'production'
env:
TAG_NAME: ${{ inputs.tag_name }}
APPLE_DEVELOPER_INSTALLER_ID: ${{ vars.APPLE_DEVELOPER_INSTALLER_ID }}
run: |
shopt -s failglob
script/pkgmacos "$TAG_NAME"
- uses: actions/upload-artifact@v4
with:
name: macos
Expand All @@ -116,7 +129,8 @@ jobs:
path: |
dist/*.tar.gz
dist/*.zip

dist/*.pkg

windows:
runs-on: windows-latest
environment: ${{ inputs.environment }}
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
/.goreleaser.generated.yml
/script/build
/script/build.exe
/pkg_payload
/build/macOS/resources

# VS Code
.vscode
Expand Down
16 changes: 16 additions & 0 deletions build/macOS/distribution.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<installer-gui-script minSpecVersion="1">
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For documentation on this file, see Apple Distribution Definition reference

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, i think we can change the minSpecVersion to 2. But i'll check that first.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to be clear, I'm mostly adding reference comments because completely unfamiliar with the spec and I use comments like sticky notes for myself 😅

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, sorry. didn't know that.

<title>GitHub CLI</title>
<license file="LICENSE" mime-type="text/plain"/>
<options hostArchitectures="arm64,x86_64" customize="never" require-scripts="false" allow-external-scripts="false"/>
<domains enable_localSystem="true"/>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should GitHub CLI be system-wide, per-user, or can be anywhere?

GitHub Desktop zips up the application and on start up will ask the user if they want to move it from Downloads (in my case) to Applications.

Screenshot of GitHub Desktop startup, asking if user wants to relocate it to Applications directory

Reference

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@williammartin : would appreciate your 2 cents here as brew installs packages such that any user on the workstation can add /opt/homebrew to their path where the configuration is per user.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I'd be inclined to say /usr/local/bin. When I look at the contents of my /usr/local/bin it feels like a familiar idea. Homebrew seems to have a variety of reasons relating to Apple Silicon to use /opt/homebrew.

I would anticipate the vast majority of users:

  • Don't feel the need to use amd64 and arm versions of gh
  • Have a single user account on their personal machine

So I think I would suggest we sidestep that mess and install into /usr/local/bin, knowing that it's on the path already.

What do you think?


<choices-outline>
<line choice="gh-cli"/>
</choices-outline>
<choice id="gh-cli" title="GitHub CLI (universal)">
<pkg-ref id="com.github.cli.pkg"/>
</choice>

<pkg-ref id="com.github.cli.pkg" auth="root">#com.github.cli.pkg</pkg-ref>
</installer-gui-script>
131 changes: 131 additions & 0 deletions script/pkgmacos
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
#!/bin/zsh
set -e

print_help() {
cat <<EOF
To build a universal pkg for macOS:
script/pkgmacos <tag-name>

To build and sign set APPLE_DEVELOPER_INSTALLER_ID environment variable before.
For example, if you have a signing identity with the identifier
"Developer ID Installer: Your Name (ABC123DEF)" set it in the variable.
EOF
}
Comment on lines +1 to +13
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@paulober : Is this something you've written wholesale or is this based on any existing OSS package script we should reference?

Copy link
Contributor Author

@paulober paulober May 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wrote this but i looked up some of your style in the other build files (like the print_help) while learning your code-base. I did mention the developer environment variable after i found out how the build stuff for macOS targets work to make it easier for others to use this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the insight, just to be clear this was pure curiosity! I am always learning by looking at variations on the same approach, like listening to covers of a specific song to appreciate nuances.


if [ $# -eq 0 ]; then
print_help >&2
exit 1
fi

tag_name=""

while [ $# -gt 0 ]; do
case "$1" in
-h | --help )
print_help
exit 0
;;
-* )
printf "unrecognized flag: %s\n" "$1" >&2
exit 1
;;
* )
tag_name="$1"
shift 1
;;
esac
done
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there any conditions we should short circuit running this script?

  • Running it on unsupported OS
  • If pkgbuild or productbuild aren't installed
  • ...

Copy link
Contributor Author

@paulober paulober May 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really required but it's better.
I adopted your suggested requirements and as unsupported OS i set all macOS versions prior to macOS 12 (Monterey).
For Linux it's not accounted for as it would exit with code 127 at the start anyways as sw_vers is not available on Linux.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think that's sufficient for this build script or should i also write a safe fail for Linux?


# check os requirements: is running macOS 12+ and pkgbuild + productbuild are available
os_version=$(sw_vers -productVersion)
major_version=${os_version%%.*}

if (( major_version < 12 )); then
echo "This script requires macOS 12 or later. You are running macOS ${os_version}." >&2
exit 1
fi

if ! command -v pkgbuild &> /dev/null; then
echo "pkgbuild could not be found. Please install Xcode Command Line Tools." >&2
exit 1
fi

if ! command -v productbuild &> /dev/null; then
echo "productbuild could not be found. Please install Xcode Command Line Tools." >&2
exit 1
fi
# end of os requirements check

# gh-binary paths
bin_path="/bin/gh"
arm64_bin="dist/macos_darwin_arm64$bin_path"
amd64_bin="dist/macos_darwin_amd64_v1$bin_path"
# payload paths
payload_root="pkg_payload"
payload_local_bin="${payload_root}/usr/local/bin"
payload_zsh_site_functions="${payload_root}/usr/local/share/zsh/site-functions"
payload_man1="${payload_root}/usr/local/share/man/man1"

merge_binaries() {
lipo -create -output "${payload_local_bin}/gh" "$arm64_bin" "$amd64_bin"
}

build_pkg() {
# setup payload
mkdir -p "${payload_local_bin}"
mkdir -p "${payload_man1}"
mkdir -p "${payload_zsh_site_functions}"

# copy man pages
for file in ./share/man/man1/gh*.1; do
cp "$file" "${payload_man1}"
done
# Include only Zsh completions,
# the recommended/only option on macOS since Catalina for default shell.
cp "./share/zsh/site-functions/_gh" "${payload_zsh_site_functions}"

# merge binaries
merge_binaries

# build pkg
pkgbuild \
--root "$payload_root" \
--identifier "com.github.cli" \
--version "$tag_name" \
--install-location "/" \
"dist/com.github.cli.pkg"

# setup resources
mkdir "build/macOS/resources"
cp "LICENSE" "build/macOS/resources"

# build distribution
if [ -n "$APPLE_DEVELOPER_INSTALLER_ID" ]; then
# build and sign production package with license
productbuild \
--distribution "./build/macOS/distribution.xml" \
--resources "./build/macOS/resources" \
--package-path "./dist" \
--timestamp \
--sign "${APPLE_DEVELOPER_INSTALLER_ID?}" \
"./dist/gh_${tag_name}_macOS_universal.pkg"
else
echo "skipping macOS pkg code-signing; APPLE_DEVELOPER_INSTALLER_ID not set" >&2

# build production package with license without signing
productbuild \
--distribution "./build/macOS/distribution.xml" \
--resources "./build/macOS/resources" \
--package-path "./dist" \
"./dist/gh_${tag_name}_macOS_universal.pkg"
fi
}

cleanup() {
# remove temp installer so it does not get uploaded
rm -f "dist/com.github.cli.pkg"
}

trap cleanup EXIT

build_pkg