Remove signer recipe.
Signer recipe functionality was implemented as a reusable module.
Change-Id: I4b5c67208f546e3fc14fa259343c755d8f624e0c
Reviewed-on: https://flutter-review.googlesource.com/c/recipes/+/42222
Commit-Queue: Godofredo Contreras <godofredoc@google.com>
Reviewed-by: Xilai Zhang <xilaizhang@google.com>
diff --git a/recipes/engine_v2/signer.expected/config_from_file.json b/recipes/engine_v2/signer.expected/config_from_file.json
deleted file mode 100644
index 1a8e114..0000000
--- a/recipes/engine_v2/signer.expected/config_from_file.json
+++ /dev/null
@@ -1,530 +0,0 @@
-[
- {
- "cmd": [],
- "name": "Dependencies"
- },
- {
- "cmd": [],
- "name": "Dependencies.Installing Mac codesign CIPD pkg",
- "~followup_annotations": [
- "@@@STEP_NEST_LEVEL@1@@@"
- ]
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[CLEANUP]/tmp_tmp_1",
- "-ensure-file",
- "flutter/codesign/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "Dependencies.Installing Mac codesign CIPD pkg.ensure_installed",
- "~followup_annotations": [
- "@@@STEP_NEST_LEVEL@2@@@",
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"flutter/codesign/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/flutter_p12.encrypted",
- "[CLEANUP]/flutter_p12.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/flutter_p12.encrypted",
- "-output",
- "[CLEANUP]/FLUTTER_P12",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key"
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed (2)",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/p12_password.encrypted",
- "[CLEANUP]/p12_password.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download (2)"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/p12_password.encrypted",
- "-output",
- "[CLEANUP]/FLUTTER_P12_PASSWORD",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key (2)"
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed (3)",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/codesign_team_id.encrypted",
- "[CLEANUP]/codesign_team_id.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download (3)"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/codesign_team_id.encrypted",
- "-output",
- "[CLEANUP]/CODESIGN_TEAM_ID",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key (3)"
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed (4)",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/codesign_app_specific_password.encrypted",
- "[CLEANUP]/codesign_app_specific_password.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download (4)"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/codesign_app_specific_password.encrypted",
- "-output",
- "[CLEANUP]/CODESIGN_APP_SPECIFIC_PASSWORD",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key (4)"
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed (5)",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/codesign_app_store_id.encrypted",
- "[CLEANUP]/codesign_app_store_id.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download (5)"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/codesign_app_store_id.encrypted",
- "-output",
- "[CLEANUP]/CODESIGN_APP_STORE_ID",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key (5)"
- },
- {
- "cmd": [
- "security",
- "delete-keychain",
- "build.keychain"
- ],
- "name": "delete previous keychain"
- },
- {
- "cmd": [
- "security",
- "create-keychain",
- "-p",
- "",
- "build.keychain"
- ],
- "name": "create keychain"
- },
- {
- "cmd": [
- "security",
- "default-keychain",
- "-s",
- "build.keychain"
- ],
- "name": "default keychain"
- },
- {
- "cmd": [
- "security",
- "unlock-keychain",
- "-p",
- "",
- "build.keychain"
- ],
- "name": "unlock build keychain"
- },
- {
- "cmd": [
- "chmod",
- "755",
- "RECIPE[flutter::engine_v2/signer].resources/import_certificate.sh"
- ],
- "infra_step": true,
- "name": "Set execute permission"
- },
- {
- "cmd": [
- "RECIPE[flutter::engine_v2/signer].resources/import_certificate.sh"
- ],
- "env": {
- "CODESIGN_APP_SPECIFIC_PASSWORD": "[CLEANUP]/CODESIGN_APP_SPECIFIC_PASSWORD",
- "CODESIGN_APP_STORE_ID": "[CLEANUP]/CODESIGN_APP_STORE_ID",
- "CODESIGN_PATH": "[CLEANUP]/tmp_tmp_1/codesign",
- "CODESIGN_TEAM_ID": "[CLEANUP]/CODESIGN_TEAM_ID",
- "FLUTTER_P12": "[CLEANUP]/FLUTTER_P12",
- "FLUTTER_P12_PASSWORD": "[CLEANUP]/FLUTTER_P12_PASSWORD",
- "P12_SUFFIX_FILEPATH": "[CLEANUP]/flutter.p12"
- },
- "env_prefixes": {
- "PATH": [
- "[CLEANUP]/tmp_tmp_1"
- ]
- },
- "name": "import certificate"
- },
- {
- "cmd": [
- "security",
- "set-key-partition-list",
- "-S",
- "apple-tool:,apple:,codesign:",
- "-s",
- "-k",
- "",
- "build.keychain"
- ],
- "name": "set key partition list"
- },
- {
- "cmd": [
- "security",
- "find-identity",
- "-v"
- ],
- "name": "show-identities"
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://a/b/c/artifact.zip",
- "[CLEANUP]/tmp_tmp_2/unsigned_artifact.zip"
- ],
- "infra_step": true,
- "name": "gsutil download gs://a/b/c/artifact.zip"
- },
- {
- "cmd": [
- "security",
- "unlock-keychain",
- "-p",
- "",
- "build.keychain"
- ],
- "name": "unlock build keychain (2)"
- },
- {
- "cmd": [
- "[CLEANUP]/tmp_tmp_1/codesign",
- "--codesign-cert-name",
- "FLUTTER.IO LLC",
- "--no-dryrun",
- "--app-specific-password-file-path",
- "[CLEANUP]/CODESIGN_APP_SPECIFIC_PASSWORD",
- "--codesign-appstore-id-file-path",
- "[CLEANUP]/CODESIGN_APP_STORE_ID",
- "--codesign-team-id-file-path",
- "[CLEANUP]/CODESIGN_TEAM_ID",
- "--input-zip-file-path",
- "[CLEANUP]/tmp_tmp_2/unsigned_artifact.zip",
- "--output-zip-file-path",
- "[CLEANUP]/tmp_tmp_2/artifact.zip"
- ],
- "env": {
- "CODESIGN_APP_SPECIFIC_PASSWORD": "[CLEANUP]/CODESIGN_APP_SPECIFIC_PASSWORD",
- "CODESIGN_APP_STORE_ID": "[CLEANUP]/CODESIGN_APP_STORE_ID",
- "CODESIGN_PATH": "[CLEANUP]/tmp_tmp_1/codesign",
- "CODESIGN_TEAM_ID": "[CLEANUP]/CODESIGN_TEAM_ID",
- "FLUTTER_P12": "[CLEANUP]/FLUTTER_P12",
- "FLUTTER_P12_PASSWORD": "[CLEANUP]/FLUTTER_P12_PASSWORD",
- "P12_SUFFIX_FILEPATH": "[CLEANUP]/flutter.p12"
- },
- "env_prefixes": {
- "PATH": [
- "[CLEANUP]/tmp_tmp_1"
- ]
- },
- "name": "codesign Apple engine binaries"
- },
- {
- "cmd": [
- "vpython3",
- "-u",
- "RECIPE_MODULE[recipe_engine::file]/resources/fileutil.py",
- "--json-output",
- "/path/to/tmp/json",
- "ensure-directory",
- "--mode",
- "0777",
- "[CLEANUP]/tmp_tmp_3/b/c"
- ],
- "infra_step": true,
- "name": "Ensure b/c"
- },
- {
- "cmd": [
- "vpython3",
- "-u",
- "RECIPE_MODULE[recipe_engine::file]/resources/fileutil.py",
- "--json-output",
- "/path/to/tmp/json",
- "copy",
- "[CLEANUP]/tmp_tmp_2/artifact.zip",
- "[CLEANUP]/tmp_tmp_3/b/c"
- ],
- "infra_step": true,
- "name": "Copy [CLEANUP]/tmp_tmp_2/artifact.zip to tmp location"
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "-r",
- "[CLEANUP]/tmp_tmp_3/*",
- "gs://a/"
- ],
- "infra_step": true,
- "name": "gsutil Upload [CLEANUP]/tmp_tmp_2/artifact.zip to gs://a/b/c/artifact.zip",
- "~followup_annotations": [
- "@@@STEP_LINK@gsutil.upload@https://console.cloud.google.com/storage/browser/a/@@@"
- ]
- },
- {
- "cmd": [
- "security",
- "delete-keychain",
- "build.keychain"
- ],
- "name": "delete keychain"
- },
- {
- "cmd": [
- "security",
- "default-keychain",
- "-s",
- "login.keychain"
- ],
- "name": "restore default keychain"
- },
- {
- "name": "$result"
- }
-]
\ No newline at end of file
diff --git a/recipes/engine_v2/signer.expected/import_flutter_identity_failure.json b/recipes/engine_v2/signer.expected/import_flutter_identity_failure.json
deleted file mode 100644
index 392890c..0000000
--- a/recipes/engine_v2/signer.expected/import_flutter_identity_failure.json
+++ /dev/null
@@ -1,442 +0,0 @@
-[
- {
- "cmd": [],
- "name": "Dependencies"
- },
- {
- "cmd": [],
- "name": "Dependencies.Installing Mac codesign CIPD pkg",
- "~followup_annotations": [
- "@@@STEP_NEST_LEVEL@1@@@"
- ]
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[CLEANUP]/tmp_tmp_1",
- "-ensure-file",
- "flutter/codesign/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "Dependencies.Installing Mac codesign CIPD pkg.ensure_installed",
- "~followup_annotations": [
- "@@@STEP_NEST_LEVEL@2@@@",
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"flutter/codesign/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/flutter_p12.encrypted",
- "[CLEANUP]/flutter_p12.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/flutter_p12.encrypted",
- "-output",
- "[CLEANUP]/FLUTTER_P12",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key"
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed (2)",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/p12_password.encrypted",
- "[CLEANUP]/p12_password.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download (2)"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/p12_password.encrypted",
- "-output",
- "[CLEANUP]/FLUTTER_P12_PASSWORD",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key (2)"
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed (3)",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/codesign_team_id.encrypted",
- "[CLEANUP]/codesign_team_id.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download (3)"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/codesign_team_id.encrypted",
- "-output",
- "[CLEANUP]/CODESIGN_TEAM_ID",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key (3)"
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed (4)",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/codesign_app_specific_password.encrypted",
- "[CLEANUP]/codesign_app_specific_password.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download (4)"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/codesign_app_specific_password.encrypted",
- "-output",
- "[CLEANUP]/CODESIGN_APP_SPECIFIC_PASSWORD",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key (4)"
- },
- {
- "cmd": [
- "cipd",
- "ensure",
- "-root",
- "[START_DIR]/cloudkms",
- "-ensure-file",
- "infra/tools/luci/cloudkms/${platform} latest",
- "-max-threads",
- "0",
- "-json-output",
- "/path/to/tmp/json"
- ],
- "name": "ensure_installed (5)",
- "~followup_annotations": [
- "@@@STEP_LOG_LINE@json.output@{@@@",
- "@@@STEP_LOG_LINE@json.output@ \"result\": {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"\": [@@@",
- "@@@STEP_LOG_LINE@json.output@ {@@@",
- "@@@STEP_LOG_LINE@json.output@ \"instance_id\": \"resolved-instance_id-of-latest----------\", @@@",
- "@@@STEP_LOG_LINE@json.output@ \"package\": \"infra/tools/luci/cloudkms/resolved-platform\"@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@ ]@@@",
- "@@@STEP_LOG_LINE@json.output@ }@@@",
- "@@@STEP_LOG_LINE@json.output@}@@@",
- "@@@STEP_LOG_END@json.output@@@"
- ]
- },
- {
- "cmd": [
- "python3",
- "-u",
- "RECIPE_MODULE[depot_tools::gsutil]/resources/gsutil_smart_retry.py",
- "--",
- "RECIPE_REPO[depot_tools]/gsutil.py",
- "----",
- "cp",
- "gs://flutter_configs/codesign_app_store_id.encrypted",
- "[CLEANUP]/codesign_app_store_id.encrypted"
- ],
- "infra_step": true,
- "name": "gsutil download (5)"
- },
- {
- "cmd": [
- "[START_DIR]/cloudkms/cloudkms",
- "decrypt",
- "-input",
- "[CLEANUP]/codesign_app_store_id.encrypted",
- "-output",
- "[CLEANUP]/CODESIGN_APP_STORE_ID",
- "projects/flutter-infra-staging/locations/global/keyRings/luci/cryptoKeys/flutter-infra"
- ],
- "name": "cloudkms get key (5)"
- },
- {
- "cmd": [
- "security",
- "delete-keychain",
- "build.keychain"
- ],
- "name": "delete previous keychain"
- },
- {
- "cmd": [
- "security",
- "create-keychain",
- "-p",
- "",
- "build.keychain"
- ],
- "name": "create keychain"
- },
- {
- "cmd": [
- "security",
- "default-keychain",
- "-s",
- "build.keychain"
- ],
- "name": "default keychain"
- },
- {
- "cmd": [
- "security",
- "unlock-keychain",
- "-p",
- "",
- "build.keychain"
- ],
- "name": "unlock build keychain"
- },
- {
- "cmd": [
- "chmod",
- "755",
- "RECIPE[flutter::engine_v2/signer].resources/import_certificate.sh"
- ],
- "infra_step": true,
- "name": "Set execute permission"
- },
- {
- "cmd": [
- "RECIPE[flutter::engine_v2/signer].resources/import_certificate.sh"
- ],
- "env": {
- "CODESIGN_APP_SPECIFIC_PASSWORD": "[CLEANUP]/CODESIGN_APP_SPECIFIC_PASSWORD",
- "CODESIGN_APP_STORE_ID": "[CLEANUP]/CODESIGN_APP_STORE_ID",
- "CODESIGN_PATH": "[CLEANUP]/tmp_tmp_1/codesign",
- "CODESIGN_TEAM_ID": "[CLEANUP]/CODESIGN_TEAM_ID",
- "FLUTTER_P12": "[CLEANUP]/FLUTTER_P12",
- "FLUTTER_P12_PASSWORD": "[CLEANUP]/FLUTTER_P12_PASSWORD",
- "P12_SUFFIX_FILEPATH": "[CLEANUP]/flutter.p12"
- },
- "env_prefixes": {
- "PATH": [
- "[CLEANUP]/tmp_tmp_1"
- ]
- },
- "name": "import certificate"
- },
- {
- "cmd": [
- "security",
- "set-key-partition-list",
- "-S",
- "apple-tool:,apple:,codesign:",
- "-s",
- "-k",
- "",
- "build.keychain"
- ],
- "name": "set key partition list"
- },
- {
- "cmd": [
- "security",
- "find-identity",
- "-v"
- ],
- "name": "show-identities"
- },
- {
- "cmd": [
- "security",
- "delete-keychain",
- "build.keychain"
- ],
- "name": "delete keychain"
- },
- {
- "cmd": [
- "security",
- "default-keychain",
- "-s",
- "login.keychain"
- ],
- "name": "restore default keychain"
- },
- {
- "cmd": [],
- "name": "RECIPE CRASH (Uncaught exception)",
- "~followup_annotations": [
- "@@@STEP_EXCEPTION@@@",
- "The recipe has crashed at point 'Uncaught exception'!",
- "",
- "Traceback (most recent call last):",
- " File \"RECIPE_REPO[flutter]/recipes/engine_v2/signer.py\", line 56, in RunSteps",
- " KeychainSetup(api, env, env_prefixes)",
- " File \"RECIPE_REPO[flutter]/recipes/engine_v2/signer.py\", line 106, in KeychainSetup",
- " raise ValueError(",
- "ValueError('identities are , does not include flutter identity')"
- ]
- },
- {
- "failure": {
- "humanReason": "Uncaught Exception: ValueError('identities are , does not include flutter identity')"
- },
- "name": "$result"
- }
-]
\ No newline at end of file
diff --git a/recipes/engine_v2/signer.py b/recipes/engine_v2/signer.py
deleted file mode 100644
index ec7534c..0000000
--- a/recipes/engine_v2/signer.py
+++ /dev/null
@@ -1,271 +0,0 @@
-# Copyright 2022 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-# Recipe that executes apple code signing on a mac bot.
-#
-# This recipe receives as properties the list of google cloud bucket paths
-# of engine artifacts, and reads code sign related passwords from
-# kms securely. The engine artifact bucket paths and codesign credentials
-# are then supplied to a codesign standalone app, which communicates with
-# Apple notary server to finish code signing. The codesign standalone app
-# is run as a cipd package, and the codesigned artifacts are uploaded back
-# to the same google cloud bucket path.
-
-DEPS = [
- 'depot_tools/gsutil',
- 'flutter/archives',
- 'flutter/flutter_deps',
- 'recipe_engine/context',
- 'recipe_engine/futures',
- 'flutter/kms',
- 'flutter/osx_sdk',
- 'recipe_engine/file',
- 'recipe_engine/path',
- 'recipe_engine/platform',
- 'recipe_engine/properties',
- 'recipe_engine/raw_io',
- 'recipe_engine/step',
-]
-
-
-def RunSteps(api):
- if not api.platform.is_mac:
- pass
-
- # Install dependencies for code sign.
- env = {}
- env_prefixes = {}
- with api.step.nest('Dependencies'):
- codesign_path = api.flutter_deps.codesign(env, env_prefixes)
-
- secrets_dict = {
- 'FLUTTER_P12': 'flutter_p12.encrypted',
- 'FLUTTER_P12_PASSWORD': 'p12_password.encrypted',
- 'CODESIGN_TEAM_ID': 'codesign_team_id.encrypted',
- 'CODESIGN_APP_SPECIFIC_PASSWORD':
- 'codesign_app_specific_password.encrypted',
- 'CODESIGN_APP_STORE_ID': 'codesign_app_store_id.encrypted'
- }
-
- api.kms.decrypt_secrets(env, secrets_dict)
-
- env['CODESIGN_PATH'] = codesign_path
-
- try:
- KeychainSetup(api, env, env_prefixes)
-
- SignerBuilds(
- api, codesign_path, env, env_prefixes
- )
-
- finally:
- KeychainCleanup(api)
-
-
-def KeychainSetup(api, env, env_prefixes):
- """KeychainSetup adds flutter .p12 to a temporary keychain named 'build'.
-
- Args:
- codesign_path (str): path of codesign cipd package.
- p12_filepath (str) : path of the .p12 file that has flutter credentials.
- p12_password_raw (str) : the password to decode the .p12 flutter file.
- """
- api.step(
- 'delete previous keychain',
- ['security', 'delete-keychain', 'build.keychain'],
- ok_ret='any'
- )
- api.step(
- 'create keychain',
- ['security', 'create-keychain', '-p', '', 'build.keychain']
- )
- api.step(
- 'default keychain',
- ['security', 'default-keychain', '-s', 'build.keychain']
- )
- api.step(
- 'unlock build keychain',
- ['security', 'unlock-keychain', '-p', '', 'build.keychain']
- )
- ImportCertificate(api, env, env_prefixes)
- api.step(
- 'set key partition list', [
- 'security', 'set-key-partition-list', '-S',
- 'apple-tool:,apple:,codesign:', '-s', '-k', '', 'build.keychain'
- ]
- )
- show_identities_step = api.step(
- 'show-identities', ['security', 'find-identity', '-v'],
- ok_ret='any',
- stdout=api.raw_io.output_text(),
- stderr=api.raw_io.output_text()
- )
- flutter_identity_name = 'FLUTTER.IO LLC'
- if flutter_identity_name not in show_identities_step.stdout:
- raise ValueError(
- 'identities are %s, does not include flutter identity' %
- (show_identities_step.stdout)
- )
-
-
-def ImportCertificate(api, env, env_prefixes):
- """Import flutter codesign identity into keychain.
-
- This function triggers a shell script that supplies p12 password,
- and grants codesign cipd and system codesign the correct access controls.
- The p12 password is hidden from stdout.
-
- Args:
- env (dict): environment variables.
- env_prefixes (dict) : environment paths.
- """
- resource_name = api.resource('import_certificate.sh')
- api.step(
- 'Set execute permission',
- ['chmod', '755', resource_name],
- infra_step=True,
- )
- # Only filepath with a .p12 suffix will be recognized.
- p12_suffix_filepath = api.path['cleanup'].join('flutter.p12')
- env['P12_SUFFIX_FILEPATH'] = p12_suffix_filepath
- with api.context(env=env, env_prefixes=env_prefixes):
- api.step('import certificate', [resource_name])
-
-
-def SignerBuilds(
- api, codesign_path, env, env_prefixes
-):
- """Concurrently creates jobs to codesign each binary.
-
- Args:
- codesign_path (str): path of codesign cipd package.
- env (dict): environment variables.
- env_prefixes (dict) : environment paths.
- """
- # The list is iterated running one signer tool command per file. This can be
- # optimized using the multiprocessing API.
- final_sources_list = api.properties.get('signing_file_list', [])
-
- # keep track of the output zip files in separate temp folders to avoid name
- # conflicts
- output_zips = {}
-
- codesign_string_path = "%s" % codesign_path
- app_specific_password_filepath = env['CODESIGN_APP_SPECIFIC_PASSWORD']
- appstore_id_filepath = env['CODESIGN_APP_STORE_ID']
- team_id_filepath = env['CODESIGN_TEAM_ID']
- signer_builds = []
- with api.osx_sdk('ios'):
- for source_path in final_sources_list:
- input_tmp_folder = api.path.mkdtemp()
- _, artifact_base_name = api.path.split(source_path)
- local_zip_path = input_tmp_folder.join('unsigned_%s' % artifact_base_name)
- local_zip_string_path = str(local_zip_path)
-
- output_zip_path = input_tmp_folder.join(artifact_base_name)
- output_zip_string_path = str(output_zip_path)
- output_zips[source_path] = output_zip_string_path
- api.archives.download(source_path, local_zip_path)
- signer_builds.append(
- api.futures.spawn(
- RunSignerToolCommand, api, env, env_prefixes,
- local_zip_string_path, output_zip_string_path,
- app_specific_password_filepath, appstore_id_filepath,
- team_id_filepath, codesign_string_path
- )
- )
-
- futures = api.futures.wait(signer_builds)
- for future in futures:
- future.result()
-
- for source_path, output_zip_path in output_zips.items():
- api.archives.upload_artifact(src=output_zip_path, dst=source_path)
-
-
-def RunSignerToolCommand(
- api, env, env_prefixes, input_zip_string_path, output_zip_string_path,
- app_specific_password_filepath, appstore_id_filepath, team_id_filepath,
- codesign_string_path
-):
- """Runs code sign standalone app.
-
- Args:
- input_zip_string_path (str): path of the unsigned artifact in the file system.
- output_zip_string_path (str): path of the signed artifact in the file system.
- app_specific_password_filepath (str) : path of app specific password, one of
- the code sign credentials.
- appstore_id_filepath (str) : path of apple store id, one of the codesign
- credentials.
- team_id_filepath (str) : path of flutter team id used for codesign, one of the
- codesign credentials.
- codesign_string_path (str): the absolute path of the codesign standalone app
- cipd package. This is to differentiate codesign cipd from mac system codesign.
- """
- flutter_certificate_name = 'FLUTTER.IO LLC'
- api.step(
- 'unlock build keychain',
- ['security', 'unlock-keychain', '-p', '', 'build.keychain']
- )
- with api.context(env=env, env_prefixes=env_prefixes):
- api.step(
- 'codesign Apple engine binaries',
- [
- codesign_string_path,
- '--codesign-cert-name',
- flutter_certificate_name,
- '--no-dryrun',
- '--app-specific-password-file-path',
- app_specific_password_filepath,
- '--codesign-appstore-id-file-path',
- appstore_id_filepath,
- '--codesign-team-id-file-path',
- team_id_filepath,
- '--input-zip-file-path',
- input_zip_string_path,
- '--output-zip-file-path',
- output_zip_string_path,
- ],
- )
-
-
-def KeychainCleanup(api):
- """Clean up temporary keychain used in codesign process."""
- api.step('delete keychain', ['security', 'delete-keychain', 'build.keychain'])
- api.step(
- 'restore default keychain',
- ['security', 'default-keychain', '-s', 'login.keychain']
- )
-
-
-def GenTests(api):
-
- yield api.test(
- 'config_from_file',
- api.properties(
- dependencies=[{
- 'dependency': 'codesign',
- 'version': 'latest',
- }],
- signing_file_list=["gs://a/b/c/artifact.zip"]
- ),
- api.step_data(
- 'show-identities',
- stdout=api.raw_io.output_text(
- '1) ABCD "Developer ID Application: FLUTTER.IO LLC (ABCD)"'
- )
- ),
- )
-
- yield api.test(
- 'import_flutter_identity_failure',
- api.properties(
- dependencies=[{
- 'dependency': 'codesign',
- 'version': 'latest',
- }],
- signing_file_list=["gs://a/b/c/artifact.zip"]
- ),
- api.expect_exception('ValueError'),
- )
