path = require 'path' fs = require 'fs-plus' # Edgehill introduces the KEYCHAIN_ACCESS environment variable. This is # injected via Jenkins. It is of the form: # # /full/keychain/path/login.keychain:password # # The KEYCHAIN_ACCESS variable is saved in a Jenkins Credential and # injected via the Credentials Binding Plugin. # module.exports = (grunt) -> {spawn} = require('./task-helpers')(grunt) grunt.registerTask 'codesign', 'Codesign the app', -> done = @async() if process.platform is 'darwin' and (process.env.XCODE_KEYCHAIN or process.env.KEYCHAIN_ACCESS) unlockKeychain (error) -> if error? done(error) else signApp(done) else signApp(done) unlockKeychain = (callback) -> cmd = 'security' {XCODE_KEYCHAIN_PASSWORD, XCODE_KEYCHAIN, KEYCHAIN_ACCESS} = process.env if KEYCHAIN_ACCESS? [XCODE_KEYCHAIN, XCODE_KEYCHAIN_PASSWORD] = KEYCHAIN_ACCESS.split(":") args = ['unlock-keychain', '-p', XCODE_KEYCHAIN_PASSWORD, XCODE_KEYCHAIN] spawn {cmd, args}, (error) -> callback(error) signApp = (callback) -> switch process.platform when 'darwin' cmd = 'codesign' args = ['--deep', '--force', '--verbose', '--sign', 'Developer ID Application: InboxApp, Inc.', grunt.config.get('atom.shellAppDir')] spawn {cmd, args}, (error) -> callback(error) when 'win32' # TODO: Don't do anything now, because we need a certificate pfx file # issued from a certificate authority, and we don't have one. return callback() spawn {cmd: 'taskkill', args: ['/F', '/IM', 'atom.exe']}, -> cmd = process.env.JANKY_SIGNTOOL ? 'signtool' args = ['sign', path.join(grunt.config.get('atom.shellAppDir'), 'atom.exe')] spawn {cmd, args}, (error) -> return callback(error) if error? setupExePath = path.resolve(grunt.config.get('atom.buildDir'), 'installer', 'AtomSetup.exe') if fs.isFileSync(setupExePath) args = ['sign', setupExePath] spawn {cmd, args}, (error) -> callback(error) else callback() else callback()