1#!/usr/bin/env bash
2
3set -e
4
5: "${BUILDX_CMD=docker buildx}"
6: "${DESTDIR=./bin/release}"
7: "${CACHE_FROM=}"
8: "${CACHE_TO=}"
9
10: "${SIGN=}"
11: "${PFX=}"
12: "${PFXPASSWORD=}"
13
14if [ -n "$CACHE_FROM" ]; then
15 for cfrom in $CACHE_FROM; do
16 cacheFlags+=(--set "*.cache-from=$cfrom")
17 done
18fi
19if [ -n "$CACHE_TO" ]; then
20 for cto in $CACHE_TO; do
21 cacheFlags+=(--set "*.cache-to=$cto")
22 done
23fi
24
25dockerpfx=$(mktemp -t dockercredhelper-pfx.XXXXXXXXXX)
26function clean {
27 rm -f "$dockerpfx"
28}
29trap clean EXIT
30
31# release
32(
33 set -x
34 ${BUILDX_CMD} bake "${cacheFlags[@]}" --set "*.output=$DESTDIR" release
35)
36
37# wrap binaries
38mv -f ./${DESTDIR}/**/* ./${DESTDIR}/
39find ./${DESTDIR} -type d -empty -delete
40
41# sign binaries
42if [ -n "$SIGN" ]; then
43 for f in "${DESTDIR}"/*".darwin-"*; do
44 SIGNINGHASH=$(security find-identity -v -p codesigning | grep "Developer ID Application: Docker Inc" | cut -d ' ' -f 4)
45 xcrun -log codesign -s "$SIGNINGHASH" --force --verbose "$f"
46 xcrun codesign --verify --deep --strict --verbose=2 --display "$f"
47 done
48 for f in "${DESTDIR}"/*".windows-"*; do
49 echo ${PFX} | base64 -d > "$dockerpfx"
50 signtool sign /fd SHA256 /a /f pfx /p ${PFXPASSWORD} /d Docker /du https://www.docker.com /t http://timestamp.verisign.com/scripts/timestamp.dll "$f"
51 done
52fi
53
54# checksums
55(
56 cd ${DESTDIR}
57 sha256sum -b docker-credential-* > ./checksums.txt
58 sha256sum -c --strict checksums.txt
59)
View as plain text