Closed jnross closed 5 years ago
berkcebi
commented
5 years ago Sorry for the delay on this @jnross. This is pretty interesting, we've never ran into this issue. 🤔
I was just thinking if there could be a downside to stapling before the operation is marked as successful. Looking through the docs, I feel like it makes sense though.
Is there way you can reproduce this issue, so that I can give it a try as well?
jnross
commented
5 years ago Thanks for taking a look at this. I can certainly understand being cautious about this, so let me tell you about the motivation:
We had everything set up on our automated build machine, including the use of this plugin, and we were ready to release a new build. But the build job would never complete. It seemed like the notarize plugin kept reporting the status as in progress, but it would never succeed. We tried reproducing this locally and manually by invoking xcrun altool ourselves and got the same results - the request reported as in-progress for over an hour. But in each attempt we could staple successfully about 5 minutes after the upload. So at last we compromised and modified our automated build job to archive the artifact even though the notarize plugin action had to be cancelled. We were able to get our release to our users and everything worked fine. All in all we submitted 5 builds for notarization. Later that evening, all of requests switched to report success and we received emails for each. But this was more than eight hours after the first build was submitted.
I haven't seen this problem since, but I have no desire to repeat the anxiety of that day.
Since we don't control the service I can't reproduce the 8-hour request delay I described, but I can tell you that it should be pretty easy to see the early staple succeed. I just ran four build+notarize actions and in each case, early stapling was successful before the notarization-info call returned success(see attachment below). The success email was delivered a few minutes after early stapling succeeded.
berkcebi
commented
5 years ago Last couple of weeks have been pretty hectic @jnross, sorry again for not following up sooner.
I understand the frustration, the plugin should definitely be able to early staple in such cases. After discussing this with a few developers though, I think we should keep the default as is and add early stapling as an option.
If this makes sense to you as well, I'll add this as a comment to the pull request and we can continue from there.
jnross
commented
5 years ago Thanks, that is totally reasonable. I'll push an update to #6.
I notice that sometimes the request for notarization info stays stuck in the "in-progress" state, but the staple operation succeeds anyway. This has caused automated build jobs which notarize to get stuck.
Would you consider adding an attempt to staple after the notarization-info reports "in-progress" to work around this issue in Apple's notarization-info service?