first steps toward notarizing binaries

.github/workflows/release.yml

@@ -17,6 +17,11 @@ jobs:
       - run: go install github.com/mitchellh/[email protected]
       - run: echo $(go env GOPATH)/bin >> $GITHUB_PATH
 
+      - name: brew install gon for macOS binary notarization
+      - run: |
+          brew tap mitchellh/gon
+          brew install mitchellh/gon/gon
+
       - name: get release version
         id: get_version
         run: echo ::set-output name=RELEASE_VERSION::${GITHUB_REF#refs/tags/v}
@@ -27,8 +32,6 @@ jobs:
         env:
           RELEASE: ${{ steps.get_version.outputs.RELEASE_VERSION }}
 
-      - run: openssl dgst -sha256 pkg/*
-
       - uses: ncipollo/release-action@v1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

Makefile

@@ -1,3 +1,5 @@
+.PHONY: build clean install lint release-clean release-build release-package-darwin release-package-linux release test clean-test test-macos-interactive test-macos-filesystem-setup coverage test-macos-interactive test-macos-manual-setup-install devel-uninstall devel-setup-install
+
 build:
 	go build ./cmd/puma-dev
 
@@ -10,27 +12,38 @@ install:
 lint:
 	golangci-lint run
 
-release:
+release-clean:
 	rm -rf ./rel
-	mkdir ./rel
-
 	rm -rf ./pkg
+
+release-build:
+	mkdir ./rel
 	mkdir ./pkg
 
 	SDKROOT=$$(xcrun --sdk macosx --show-sdk-path) gox -cgo -os="darwin" -arch="amd64 arm64" -ldflags "-X main.Version=$$RELEASE" ./cmd/puma-dev
 	gox -os="linux" -arch="amd64" -ldflags "-X main.Version=$$RELEASE" ./cmd/puma-dev
 
 	mkdir rel/linux_amd64
 	mv -v puma-dev_linux_amd64 rel/linux_amd64/puma-dev
-	tar -C rel/linux_amd64 -cvzf "pkg/puma-dev-$$RELEASE-linux-amd64.tar.gz" puma-dev
 
 	mkdir rel/darwin_amd64
 	mv -v puma-dev_darwin_amd64 rel/darwin_amd64/puma-dev
-	zip -j -v "pkg/puma-dev-$$RELEASE-darwin-amd64.zip" rel/darwin_amd64/puma-dev
 
 	mkdir rel/darwin_arm64
 	mv -v puma-dev_darwin_arm64 rel/darwin_arm64/puma-dev
-	zip -j -v "pkg/puma-dev-$$RELEASE-darwin-arm64.zip" rel/darwin_arm64/puma-dev
+
+release-package-darwin:
+	gon -log-level=debug -log-json ./gon_amd64.json
+	mv pkg/puma-dev-darwin-amd64.tar.gz "pkg/puma-dev-$$RELEASE-darwin-amd64.zip"
+
+	gon -log-level=debug -log-json ./gon_arm64.json
+	mv pkg/puma-dev-darwin-arm64.tar.gz "pkg/puma-dev-$$RELEASE-darwin-arm64.zip"
+
+release-package-linux:
+	tar -C rel/linux_amd64 -cvzf "pkg/puma-dev-$$RELEASE-linux-amd64.tar.gz" puma-dev
+
+release: release-clean release-build release-package-darwin release-package-linux
+	openssl dgst -sha256 pkg/*
 
 test: clean-test
 	go test -v -race -coverprofile=coverage.out -covermode=atomic ./...
@@ -74,5 +87,3 @@ devel-setup-install: build
 
 devel-uninstall: build
 	./puma-dev -uninstall -d 'test:puma:puma.dev:localhost'
-
-.PHONY: release

gon_amd64.json

@@ -0,0 +1,13 @@
+{
+    "source" : ["./rel/darwin_amd64/puma-dev"],
+    "bundle_id" : "dev.puma.puma-dev",
+    "apple_id": {
+        "password":  "@env:AC_PASSWORD"
+    },
+    "sign" :{
+        "application_identity" : "XXXXX"
+    },
+    "zip" :{
+        "output_path" : "pkg/puma-dev-darwin-amd64.tar.gz"
+    }
+}

gon_arm64.json

@@ -0,0 +1,13 @@
+{
+    "source" : ["./rel/darwin_arm64/puma-dev"],
+    "bundle_id" : "dev.puma.puma-dev",
+    "apple_id": {
+        "password":  "@env:AC_PASSWORD"
+    },
+    "sign" :{
+        "application_identity" : "XXXXX"
+    },
+    "zip" :{
+        "output_path" : "pkg/puma-dev-darwin-arm64.tar.gz"
+    }
+}