Update macos signer to be stricter about ensuring the files exist, and failing if they don't

.github/workflows/slsa-releaser.yml

@@ -121,12 +121,6 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@v2
-      # - name: Setup tmate session for debugging
-      #   uses: mxschmitt/action-tmate@v3
-      #   env:
-      #     GH_TOKEN: ${{ github.token }}
-      #   with:
-      #     limit-access-to-actor: true
       - name: Download and sign the latest executables
         env: 
           GH_TOKEN: ${{ github.token }}
@@ -138,8 +132,6 @@ jobs:
           gh run download -n hishtory-darwin-arm64
           pip3 install requests
           brew install md5sha1sum
-          pwd
-          ls 
           python3 scripts/actions-sign.py
       - name: Upload Artifacts
         uses: actions/upload-artifact@v3

scripts/actions-sign.py

@@ -10,11 +10,14 @@ def main():
     print("file:")
     os.system("file hishtory-* 2>&1")
 
-    notAscii("hishtory-darwin-arm64")
+    assertPresentAndNotAscii("hishtory-darwin-arm64")
-    notAscii("hishtory-darwin-amd64")
+    assertPresentAndNotAscii("hishtory-darwin-amd64")
+
+    # TODO: Update this file to fail if the input files don't exist
 
     print("signing...")
     os.system("""
+    set -emo pipefail
     cp hishtory-darwin-arm64 hishtory-darwin-arm64-unsigned
     cp hishtory-darwin-amd64 hishtory-darwin-amd64-unsigned
     echo $MACOS_CERTIFICATE | base64 -d > certificate.p12
@@ -32,10 +35,12 @@ def main():
 
 
 
-def notAscii(fn):
+def assertPresentAndNotAscii(fn):
+    if not os.path.exists(fn):
+        raise Exception(f"{fn=} does not exist, did it fail to download?")
     out = subprocess.check_output(["file", fn]).decode('utf-8')
     if "ASCII text" in out:
-        raise Exception(f"fn={fn} is of type {out}")
+        raise Exception(f"{fn=} is of type {out}")
 
 if __name__ == '__main__':
     main()