From a900f7c3cc29ae00789def7528cdc8e90e6bb00c Mon Sep 17 00:00:00 2001
From: Kyle Carberry <kyle@carberry.com>
Date: Tue, 3 Nov 2020 13:06:39 -0600
Subject: [PATCH 1/2] Add notarization of MacOS binary to CI

---
 .github/workflows/build.yaml |  9 +++++++++
 ci/gon.json                  | 10 ++++++++++
 ci/steps/build.sh            | 26 ++++++++++++++++++--------
 3 files changed, 37 insertions(+), 8 deletions(-)
 create mode 100644 ci/gon.json

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 50cdd7d9..31eb3a17 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -7,6 +7,15 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v1
+      - name: Install Gon
+        run: |
+          brew tap mitchellh/gon
+          brew install mitchellh/gon/gon
+      - name: Import Signing Certificates
+        uses: Apple-Actions/import-codesign-certs@v1
+        with:
+          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
+          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
       - name: Build
         run: ./ci/steps/build.sh
       - name: Upload
diff --git a/ci/gon.json b/ci/gon.json
new file mode 100644
index 00000000..0762638f
--- /dev/null
+++ b/ci/gon.json
@@ -0,0 +1,10 @@
+{
+    "source": ["./coder"],
+    "bundle_id": "com.coder.cli",
+    "sign": {
+        "application_identity": "3C4F31D15F9D57461A8D7D0BD970D23CE1F7C2BE"
+    },
+    "zip": {
+        "output_path": "coder.zip"
+    }
+}
\ No newline at end of file
diff --git a/ci/steps/build.sh b/ci/steps/build.sh
index 64ef65b2..8d7f5315 100755
--- a/ci/steps/build.sh
+++ b/ci/steps/build.sh
@@ -14,16 +14,26 @@ build() {
 
 	tmpdir=$(mktemp -d)
 	go build -ldflags "-X cdr.dev/coder-cli/internal/version.Version=${tag}" -o "$tmpdir/coder" ../../cmd/coder
+	# For MacOS builds to be notarized.
+	cp ../gon.json $tmpdir/gon.json
 
 	pushd "$tmpdir"
-	if [[ "$GOOS" == "windows" ]]; then
-		artifact="coder-cli-$GOOS-$GOARCH.zip"
-		mv coder coder.exe
-		zip "$artifact" coder.exe
-	else
-		artifact="coder-cli-$GOOS-$GOARCH.tar.gz"
-		tar -czf "$artifact" coder
-	fi
+	case "$GOOS" in
+		"windows")
+			artifact="coder-cli-$GOOS-$GOARCH.zip"
+			mv coder coder.exe
+			zip "$artifact" coder.exe
+			;;
+		"linux")
+			artifact="coder-cli-$GOOS-$GOARCH.tar.gz"
+			tar -czf "$artifact" coder	
+			;;
+		"darwin")
+			artifact="coder-cli-$GOOS-$GOARCH.zip"
+			gon -log-level debug ./gon.json
+			mv coder.zip $artifact
+			;;
+	esac
 	popd
 
 	mkdir -p ../bin

From e0df2e4ed2cd792f6a4ce70fbf990afe847ce508 Mon Sep 17 00:00:00 2001
From: Kyle Carberry <kyle@carberry.com>
Date: Tue, 3 Nov 2020 13:09:26 -0600
Subject: [PATCH 2/2] Provide AC username and password to CI

---
 .github/workflows/build.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 31eb3a17..ee48521d 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -18,6 +18,9 @@ jobs:
           p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
       - name: Build
         run: ./ci/steps/build.sh
+        env:
+          AC_USERNAME: ${{ secrets.AC_USERNAME }}
+          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
       - name: Upload
         uses: actions/upload-artifact@v2
         with: