Jenkins tooling for the Estranged build:
- Estranged.Build.Notarizer - Completely automates the macOS
codesign
and Notarization process for an app bundle - Estranged.Build.Symbols - Extracts symbols with
symstore
and uploads them to Amazon S3, so that they can be served for Visual Studio and other debugging tools
Completely automates the macOS codesign
and Notarization process for an app bundle.
- At least .NET Core 2.1 SDK
- A Mac running macOS with Xcode
- The
codesign
andxcrun
commands available on the $PATH - A valid Apple Developer account with an application password
- A Developer ID certificate available in the keychain certificate store of the macOS installation
Example usage with an Unreal Engine 4 packaged game:
dotnet run --project "depot/Tools/Estranged.Build.Notarizer"
--appPath "Path/To/My/AppBundle.app"
--certificateId "My Certificate ID"
--entitlements "AppBundle.app=com.apple.security.cs.allow-dyld-environment-variables"
--developerUsername $USERNAME --developerPassword $PASSWORD
- Certificate ID is the name of your Developer ID certificate in KeyChain to be passed to
codesign
- see https://developer.apple.com/support/developer-id/ - Entitlements that your app needs in the hardened run time - see https://developer.apple.com/documentation/security/hardened_runtime_entitlements
- The developer username is usually an email address, and the password is an app-password generated in your Apple ID settings
This process will:
- Recursively sign each library and binary in your app bundle
- Sign the app bundle itself
- Put all binaries into a separate zip folder for notarization
- Submit the zip folder for notarization
- Wait for the notarization process to complete
- Staple the result of the notarization process to the app bundle
To specify multiple entitlements for the bundle, use a semicolon:
--entitlements "AppBundle.app=com.apple.security.cs.allow-dyld-environment-variables;com.apple.security.app-sandbox"
Extracts symbols with symstore
and uploads them to Amazon S3, so that they can be served for Visual Studio and other debugging tools.
- A pre-built Windows executable with .pdb symbol files
- At least .NET Core 2.1 SDK
- The Windows SDK
Example usage with an Unreal Engine 4 packaged game:
dotnet run --project "Depot\\Tools\\Estranged.Build.Symbols"
--bucket my-bucket
--symbols "Path\\To\\Binaries\\Win64"
--symstore "C:\\Program Files (x86)\\Windows Kits\\10\\Debuggers\\x86\\symstore.exe"
--properties:BUILD_LABEL "my build label"
Your build environment should set up the appropriate AWS credentials and region. This can be specified using the withCredentials
helper in Jenkins Pipelines:
env.AWS_REGION = 'us-east-1'
withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: '<my credential>']]) {
// dotnet run ...
}