Skip to content

Commit 957ae1a

Browse files
author
Ali
committed
Fix sudo-less builds
1 parent 6e01f69 commit 957ae1a

File tree

7 files changed

+146
-6
lines changed

7 files changed

+146
-6
lines changed

‎.gitmodules

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
url=../rlottie.git
55
[submodule "build-system/bazel-rules/rules_apple"]
66
path = build-system/bazel-rules/rules_apple
7-
url=https://github.com/bazelbuild/rules_apple.git
7+
url=https://github.com/ali-fareed/rules_apple.git
88
[submodule "build-system/bazel-rules/rules_swift"]
99
path = build-system/bazel-rules/rules_swift
1010
url=https://github.com/bazelbuild/rules_swift.git

‎WORKSPACE

+2-2
Original file line numberDiff line numberDiff line change
@@ -53,8 +53,8 @@ bazel_skylib_workspace()
5353

5454
http_file(
5555
name = "cmake_tar_gz",
56-
urls = ["https://github.com/Kitware/CMake/releases/download/v3.19.2/cmake-3.19.2-macos-universal.tar.gz"],
57-
sha256 = "50afa2cb66bea6a0314ef28034f3ff1647325e30cf5940f97906a56fd9640bd8",
56+
urls = ["https://github.com/Kitware/CMake/releases/download/v3.23.1/cmake-3.23.1-macos-universal.tar.gz"],
57+
sha256 = "f794ed92ccb4e9b6619a77328f313497d7decf8fb7e047ba35a348b838e0e1e2",
5858
)
5959

6060
http_archive(

‎build-system/AppleWWDRCAG3.cer

1.08 KB
Binary file not shown.

‎buildbox/build-telegram-next.sh

+137
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,137 @@
1+
#!/bin/bash
2+
3+
set -e
4+
5+
MACOS_VERSION="12"
6+
XCODE_VERSION="13.2.1"
7+
GUEST_SHELL="bash"
8+
9+
if [ -z "$VIRTUALBUILD_HOST" ]; then
10+
echo "VIRTUALBUILD_HOST is not defined"
11+
exit 1
12+
fi
13+
14+
VM_BASE_NAME="macos$(echo $MACOS_VERSION | sed -e 's/\.'/_/g)-Xcode$(echo $XCODE_VERSION | sed -e 's/\.'/_/g)"
15+
echo "Base VM: \"$VM_BASE_NAME\""
16+
17+
if [ -z "$BAZEL" ]; then
18+
echo "BAZEL is not defined"
19+
exit 1
20+
fi
21+
22+
if [ ! -f "$BAZEL" ]; then
23+
echo "bazel not found at $BAZEL"
24+
exit 1
25+
fi
26+
27+
BUILDBOX_DIR="buildbox"
28+
29+
mkdir -p "$BUILDBOX_DIR/transient-data"
30+
31+
rm -f "tools/bazel"
32+
cp "$BAZEL" "tools/bazel"
33+
34+
BUILD_CONFIGURATION="$1"
35+
36+
if [ "$BUILD_CONFIGURATION" == "hockeyapp" ] || [ "$BUILD_CONFIGURATION" == "appcenter-experimental" ] || [ "$BUILD_CONFIGURATION" == "appcenter-experimental-2" ]; then
37+
CODESIGNING_SUBPATH="$BUILDBOX_DIR/transient-data/telegram-codesigning/codesigning"
38+
elif [ "$BUILD_CONFIGURATION" == "appstore" ]; then
39+
CODESIGNING_SUBPATH="$BUILDBOX_DIR/transient-data/telegram-codesigning/codesigning"
40+
elif [ "$BUILD_CONFIGURATION" == "verify" ]; then
41+
CODESIGNING_SUBPATH="build-system/fake-codesigning"
42+
else
43+
echo "Unknown configuration $1"
44+
exit 1
45+
fi
46+
47+
COMMIT_COMMENT="$(git log -1 --pretty=%B)"
48+
case "$COMMIT_COMMENT" in
49+
*"[nocache]"*)
50+
export BAZEL_HTTP_CACHE_URL=""
51+
;;
52+
esac
53+
54+
COMMIT_ID="$(git rev-parse HEAD)"
55+
COMMIT_AUTHOR=$(git log -1 --pretty=format:'%an')
56+
if [ -z "$2" ]; then
57+
COMMIT_COUNT=$(git rev-list --count HEAD)
58+
BUILD_NUMBER_OFFSET="$(cat build_number_offset)"
59+
COMMIT_COUNT="$(($COMMIT_COUNT+$BUILD_NUMBER_OFFSET))"
60+
BUILD_NUMBER="$COMMIT_COUNT"
61+
else
62+
BUILD_NUMBER="$2"
63+
fi
64+
65+
BASE_DIR=$(pwd)
66+
67+
if [ "$BUILD_CONFIGURATION" == "hockeyapp" ] || [ "$BUILD_CONFIGURATION" == "appcenter-experimental" ] || [ "$BUILD_CONFIGURATION" == "appcenter-experimental-2" ] || [ "$BUILD_CONFIGURATION" == "appstore" ]; then
68+
if [ ! `which generate-configuration.sh` ]; then
69+
echo "generate-configuration.sh not found in PATH $PATH"
70+
exit 1
71+
fi
72+
73+
mkdir -p "$BASE_DIR/$BUILDBOX_DIR/transient-data/telegram-codesigning"
74+
mkdir -p "$BASE_DIR/$BUILDBOX_DIR/transient-data/build-configuration"
75+
76+
case "$BUILD_CONFIGURATION" in
77+
"hockeyapp"|"appcenter-experimental"|"appcenter-experimental-2")
78+
generate-configuration.sh internal release "$BASE_DIR/$BUILDBOX_DIR/transient-data/telegram-codesigning" "$BASE_DIR/$BUILDBOX_DIR/transient-data/build-configuration"
79+
;;
80+
81+
"appstore")
82+
generate-configuration.sh appstore release "$BASE_DIR/$BUILDBOX_DIR/transient-data/telegram-codesigning" "$BASE_DIR/$BUILDBOX_DIR/transient-data/build-configuration"
83+
;;
84+
85+
*)
86+
echo "Unknown build configuration $BUILD_CONFIGURATION"
87+
exit 1
88+
;;
89+
esac
90+
elif [ "$BUILD_CONFIGURATION" == "verify" ]; then
91+
mkdir -p "$BASE_DIR/$BUILDBOX_DIR/transient-data/telegram-codesigning"
92+
mkdir -p "$BASE_DIR/$BUILDBOX_DIR/transient-data/build-configuration"
93+
94+
cp -R build-system/fake-codesigning/* "$BASE_DIR/$BUILDBOX_DIR/transient-data/telegram-codesigning/"
95+
cp -R build-system/example-configuration/* "$BASE_DIR/$BUILDBOX_DIR/transient-data/build-configuration/"
96+
fi
97+
98+
if [ ! -d "$CODESIGNING_SUBPATH" ]; then
99+
echo "$CODESIGNING_SUBPATH does not exist"
100+
exit 1
101+
fi
102+
103+
SOURCE_DIR=$(basename "$BASE_DIR")
104+
rm -f "$BUILDBOX_DIR/transient-data/source.tar"
105+
set -x
106+
find . -type f -a -not -regex "\\." -a -not -regex ".*\\./git" -a -not -regex ".*\\./git/.*" -a -not -regex "\\./bazel-bin" -a -not -regex "\\./bazel-bin/.*" -a -not -regex "\\./bazel-out" -a -not -regex "\\./bazel-out/.*" -a -not -regex "\\./bazel-testlogs" -a -not -regex "\\./bazel-testlogs/.*" -a -not -regex "\\./bazel-telegram-ios" -a -not -regex "\\./bazel-telegram-ios/.*" -a -not -regex "\\./buildbox" -a -not -regex "\\./buildbox/.*" -a -not -regex "\\./buck-out" -a -not -regex "\\./buck-out/.*" -a -not -regex "\\./\\.buckd" -a -not -regex "\\./\\.buckd/.*" -a -not -regex "\\./build" -a -not -regex "\\./build/.*" -print0 | tar cf "$BUILDBOX_DIR/transient-data/source.tar" --null -T -
107+
108+
PROCESS_ID="$$"
109+
110+
initialization_params="$VM_BASE_NAME"
111+
initialization_params="$initialization_params&watchpid=$PROCESS_ID"
112+
113+
ssh_credentials=$(curl --fail --insecure "https://$VIRTUALBUILD_HOST/run-image?name=$initialization_params")
114+
115+
ssh_username=$(echo "$ssh_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin)['sshCredentials']['username'])")
116+
ssh_host=$(echo "$ssh_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin)['sshCredentials']['host'])")
117+
ssh_privateKey=$(echo "$ssh_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin)['sshCredentials']['privateKey'])")
118+
119+
ssh_privateKeyFile=$(mktemp)
120+
echo "$ssh_privateKey" | base64 --decode > "$ssh_privateKeyFile"
121+
122+
scp -i "$ssh_privateKeyFile" -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -pr "$CODESIGNING_SUBPATH" $ssh_username@"$ssh_host":codesigning_data
123+
scp -i "$ssh_privateKeyFile" -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -pr "$BASE_DIR/$BUILDBOX_DIR/transient-data/build-configuration" $ssh_username@"$ssh_host":telegram-configuration
124+
125+
scp -i "$ssh_privateKeyFile" -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -pr "$BUILDBOX_DIR/guest-build-telegram.sh" "$BUILDBOX_DIR/transient-data/source.tar" $ssh_username@"$ssh_host":
126+
127+
ssh -i "$ssh_privateKeyFile" -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $ssh_username@"$ssh_host" -o ServerAliveInterval=60 -t "export BUILD_NUMBER=\"$BUILD_NUMBER\"; export BAZEL_HTTP_CACHE_URL=\"$BAZEL_HTTP_CACHE_URL\"; $GUEST_SHELL -l guest-build-telegram.sh $BUILD_CONFIGURATION" || true
128+
129+
OUTPUT_PATH="build/artifacts"
130+
rm -rf "$OUTPUT_PATH"
131+
mkdir -p "$OUTPUT_PATH"
132+
133+
scp -i "$ssh_privateKeyFile" -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -pr $ssh_username@"$ssh_host":"telegram-ios/build/artifacts/*" "$OUTPUT_PATH/"
134+
135+
if [ ! -f "$OUTPUT_PATH/Telegram.ipa" ]; then
136+
exit 1
137+
fi

‎buildbox/guest-build-telegram.sh

+4-1
Original file line numberDiff line numberDiff line change
@@ -73,9 +73,12 @@ for f in "$CERTS_PATH"/*.p12; do
7373
done
7474

7575
for f in "$CERTS_PATH"/*.cer; do
76-
sudo security add-trusted-cert -d -r trustRoot -p codeSign -k "$MY_KEYCHAIN" "$f"
76+
#sudo security add-trusted-cert -d -r trustRoot -p codeSign -k "$MY_KEYCHAIN" "$f"
77+
security import "$f" -k "$MY_KEYCHAIN" -P "" -T /usr/bin/codesign -T /usr/bin/security
7778
done
7879

80+
security import "build-system/AppleWWDRCAG3.cer" -k "$MY_KEYCHAIN" -P "" -T /usr/bin/codesign -T /usr/bin/security
81+
7982
security set-key-partition-list -S apple-tool:,apple: -k "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN"
8083

8184
if [ "$1" == "hockeyapp" ] || [ "$1" == "appcenter-experimental" ] || [ "$1" == "appcenter-experimental-2" ]; then

‎third-party/mozjpeg/BUILD

+1-1
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ genrule(
5757
5858
mkdir -p "$$BUILD_DIR/Public/mozjpeg"
5959
60-
PATH="$$PATH:$$CMAKE_DIR/cmake-3.19.2-macos-universal/CMake.app/Contents/bin" sh $$BUILD_DIR/build-mozjpeg-bazel.sh $$BUILD_ARCH "$$BUILD_DIR/mozjpeg" "$$BUILD_DIR"
60+
PATH="$$PATH:$$CMAKE_DIR/cmake-3.23.1-macos-universal/CMake.app/Contents/bin" sh $$BUILD_DIR/build-mozjpeg-bazel.sh $$BUILD_ARCH "$$BUILD_DIR/mozjpeg" "$$BUILD_DIR"
6161
""" +
6262
"\n".join([
6363
"cp -f \"$$BUILD_DIR/mozjpeg/{}\" \"$(location Public/mozjpeg/{})\"".format(header, header) for header in headers

‎third-party/yasm/BUILD

+1-1
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ set -x
2323
pushd "$$BUILD_DIR/yasm-1.3.0"
2424
mkdir build
2525
cd build
26-
PATH="$$PATH:$$CMAKE_DIR/cmake-3.19.2-macos-universal/CMake.app/Contents/bin" cmake .. -DYASM_BUILD_TESTS=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF
26+
PATH="$$PATH:$$CMAKE_DIR/cmake-3.23.1-macos-universal/CMake.app/Contents/bin" cmake .. -DYASM_BUILD_TESTS=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DPYTHON_EXECUTABLE="$$(which python3)"
2727
make -j $$core_count
2828
popd
2929

0 commit comments

Comments
 (0)