add test to verify binaries are signed on release branches#50074
add test to verify binaries are signed on release branches#50074christopherfujino merged 6 commits intoflutter:masterfrom
Conversation
fluttergithubbot
added
the
c: contributor-productivity
|
It looks like this pull request may not have tests. Please make sure to add tests before merging. If you need an exemption to this rule, contact Hixie. Reviewers: Read the Tree Hygiene page and make sure this patch meets those guidelines before LGTMing. |
christopherfujino
force-pushed
the
test-binaries-are-signed
branch
from
69cb6c8 to
589ee51
Compare
dev/bots/codesign.dart
Outdated
| final List<String> binaries = <String>[ | ||
| path.join('bin', 'cache', 'dart-sdk', 'bin', 'dart'), | ||
| path.join('bin', 'cache', 'artifacts', 'engine', 'darwin-x64', 'flutter_tester'), | ||
| path.join('bin', 'cache', 'artifacts', 'engine', 'darwin-x64', 'gen_snapshot'), |
There was a problem hiding this comment.
font-subset?
Do we need to verify the ios-deploy and imobiledevice are signed asd well?
There was a problem hiding this comment.
I was gonna (in a future PR) have this script parse the actual manifest file of all binaries in the engine to sign, but now I realize that that won't be easily accessible from the framework. I will hard-code them all here.
There was a problem hiding this comment.
Talked offline - it should be possible to just find all the binaries in bin/cache with the right MIME type and check those.
|
I think this would be worth cherry picking onto the hot fix branch - both to test it out and to make sure we don't end up releasing a hotfix without this. |
.cirrus.yml
Outdated
|
|
||
| - name: verify_binaries_codesigned-macos # macos-only | ||
| # TODO(fujino): remove this `only_if` after https://github.com/flutter/flutter/issues/44372 | ||
| only_if: "$CIRRUS_BRANCH == 'dev' || $CIRRUS_BRANCH == 'beta' || $CIRRUS_BRANCH == 'stable'" |
There was a problem hiding this comment.
Late add - we should make this run on hotfix branches too.
There was a problem hiding this comment.
Oh yeah, that'd be nice. Can you do pattern matching in the .cirrus.yml file @fkorotkov?
There was a problem hiding this comment.
Yes, you can do something like $CIRRUS_BRANCH =~ '.*hotfix.*'
Yeah, that's my plan. |
6 participants
Description
This creates a cirrus test that will run on release branches and verify that the engine binaries are codesigned on macos.
Related Issues
This test would prevent issues like #50066.
Tests
I added an integration test file
dev/bots/codesign.dartthat verifies that certain cache binaries are codesigned.Checklist
Before you create this PR confirm that it meets all requirements listed below by checking the relevant checkboxes (
[x]). This will ensure a smooth and quick review process.///).flutter analyze --flutter-repo) does not report any problems on my PR.Breaking Change
Did any tests fail when you ran them? Please read [Handling breaking changes].