Binaries attached to releases about xcresultparser HOT 15 CLOSED

from xcresultparser.

Hi Isaac,
I tried to create the binary in the GitHub action, but the problem is that it is not notarised and therefore is not really safe to run on a different machine.
Last time I tried notarising another app I was not very successful.
Do you have any hints?

from xcresultparser.

I don't know offhand, but I can do some googling. Looks like you've added a new GitHub workflow, so maybe you've figured it out? Let me know if you ned any help testing.

from xcresultparser.

The actions have attachments. The attachment is the binary. You can try those. They are not notarised and thus from "an unknown source". Not exactly, what I would want to publish.
Therefore I distribute it as source and brew takes care of the rest.
We use brew in our buildchains. Why can't you download and build from source or have brew handle that for you?

from xcresultparser.

Gotcha, I'll do some experimentation on my fork and see if I can come up with something workable.

As for using brew, for our build system, I prefer to download specific versions of our tools so we know exactly what we're getting. brew doesn't allow for that, unfortunately. That'd make life way easier.

from xcresultparser.

ok, I did a bit of a deep-dive on this notarization thing, and have learned some interesting information!

So when you download a binary using a browser, the browser adds "quarantine flags" to the item, which tells macOS that the user has to explicitly approve running it, hence the "an unknown source" popup.

BUT, there are a few workarounds:

1. If you download the item using curl or wget or similar, it does not set those quarantine flags.
2. If the item being downloaded is a tarball — .tar, .tar.gz, .tar.xz, etc. — unarchiving that using the tar binary strips off the quarantine flags.
3. You can explicitly remove the quarantine flags after downloading by running the following command:

   xattr -rd com.apple.quarantine "/path/to/xcresultparser"

All that said, perhaps a good way forward would be to archive the binary as a tarball for the release artifacts, and add a note to the README summarizing what I've got above. What do you think? I'm interested enough to do said work if you're open to the change.

from xcresultparser.

Also, side note, I'd recommend also archiving the Actions artifacts prior to uploading them. The upload-artifact action has an annoying side effect of stripping some data from the files, namely in this case, the binaries executable permissions — as in, you have to chmod +x xcresultparser the downloaded binary.

The suggested workaround is to archive as a tarball prior to uploading.

from xcresultparser.

I see you got it notarized! Even better! 🙌

Can I ask how you did it? I couldn't figure it out from my googling around.

from xcresultparser.

from xcresultparser.

Oh I don't see the shell script 🤔

from xcresultparser.

from xcresultparser.

This is awesome! Thank you, and great work!

from xcresultparser.

from xcresultparser.

Nice, we're using it in a similar fashion. We're now pre-converting our code coverage from .xcresult to Cobertura XML before sending it to Codecov. Codecov does do the conversion for us if we just sent the .xcresult, but it's way slower than doing it ahead of time using xcresultparser. 🚀

from xcresultparser.

from xcresultparser.