fix: upload correct jars

kolipakakondal · kolipakakondal · commit d07df7dd3695 · 2024-10-07T10:07:41.000+05:30
diff --git a/.github/workflows/signjars.yml b/.github/workflows/signjars.yml
@@ -20,25 +20,25 @@ jobs:
         java-version: '17'
         distribution: 'temurin'
 
+    # Step 1: Sign JARs and set SIGNED_JARS_DIR as output
     - name: Codesign JARs and Internal Native Libraries
+      id: sign_jars  # Assign an id to reference outputs
       env: 
         MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
         MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
       run: |
-        # Step 1: Decode and import the certificate into a keychain
-        echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
-        /usr/bin/security create-keychain -p espressif build.keychain
-        /usr/bin/security default-keychain -s build.keychain
-        /usr/bin/security unlock-keychain -p espressif build.keychain
-        /usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
-        /usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain
-
-        # Step 2: Define the directory containing the JARs and native libraries and the temp directory for signed JARs
-        LIB_DIR="${PWD}/BUNDLES/com.espressif.idf.serial.monitor/lib"
-        SIGNED_JARS_DIR="${RUNNER_TEMP}/signed-jars"  # Use GitHub's RUNNER_TEMP for storing signed JARs
+        # Create the directory for signed JARs
+        SIGNED_JARS_DIR="${RUNNER_TEMP}/signed-jars"
         mkdir -p "$SIGNED_JARS_DIR"
+        echo "Signed JAR directory: ${SIGNED_JARS_DIR}"
+
+        # Export SIGNED_JARS_DIR as an output
+        echo "::set-output name=signed_jars_dir::$SIGNED_JARS_DIR"
 
-        # Step 3: Extract, sign native libraries, repackage, and sign the JARs with Apple codesign
+        # Define LIB_DIR for JARs
+        LIB_DIR="${PWD}/BUNDLES/com.espressif.idf.serial.monitor/lib"
+
+        # Sign the JARs
         for jar in "${LIB_DIR}"/*.jar; do
           echo "Processing JAR file: ${jar}"
 
@@ -54,37 +54,39 @@ jobs:
           TEMP_DIR=$(mktemp -d)
           unzip -q "$jar" -d "$TEMP_DIR"
 
-          # Find and sign all .jnilib and .dylib files in the extracted JAR directory
+          # Sign any native libraries found in the JAR
           find "$TEMP_DIR" -name "*.jnilib" -o -name "*.dylib" | while read lib; do
             echo "Signing native library: ${lib}"
             /usr/bin/codesign -vvvv --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" --timestamp --deep "$lib"
           done
 
-          # Repackage the signed JAR
+          # Repackage the signed JAR and save it to SIGNED_JARS_DIR
           pushd "$TEMP_DIR"
-          zip -r "${SIGNED_JARS_DIR}/$(basename "$jar")" *  # Save signed JAR to the temporary signed directory
+          zip -r "${SIGNED_JARS_DIR}/$(basename "$jar")" *
           popd
 
-          # Sign the entire JAR with Apple codesign, using the same entitlements
+          # Sign the entire JAR
           echo "Signing repackaged JAR: ${SIGNED_JARS_DIR}/$(basename "$jar")"
           /usr/bin/codesign -vvvv --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --force --deep --options runtime --timestamp -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" "${SIGNED_JARS_DIR}/$(basename "$jar")"
 
           # Verify the signed JAR
           echo "Verifying signed JAR: ${SIGNED_JARS_DIR}/$(basename "$jar")"
           /usr/bin/codesign -dvv "${SIGNED_JARS_DIR}/$(basename "$jar")"
-
-          # Clean up extracted directory (but leave the signed JAR in SIGNED_JARS_DIR)
+          
+          # Clean up the temporary extraction directory
           rm -rf "$TEMP_DIR"
         done
 
+    # Step 2: Check if signed JAR files exist, using the output of the previous step
     - name: Check if signed JAR files exist
       run: |
-        echo "Checking signed JAR files in ${SIGNED_JARS_DIR}:"
-        ls -al ${SIGNED_JARS_DIR}
+        echo "Checking signed JAR files in ${{ steps.sign_jars.outputs.signed_jars_dir }}:"
+        ls -al ${{ steps.sign_jars.outputs.signed_jars_dir }}
 
+    # Step 3: Upload signed JAR files, using the output of the previous step
     - name: Upload Signed JAR Files
       if: ${{ !cancelled() }}
       uses: actions/upload-artifact@v4
       with:
         name: signed-jar-files
-        path: ${{ runner.temp }}/signed-jars/*
+        path: ${{ steps.sign_jars.outputs.signed_jars_dir }}/*
