middleware-labs
diff --git a/‎.github/workflows/host-agent-macos.yaml
+90 b/‎.github/workflows/host-agent-macos.yaml
+90
diff --git a/‎Makefile
+7 b/‎Makefile
+7
diff --git a/‎cmd/host-agent/main.go
+16-3 b/‎cmd/host-agent/main.go
+16-3
diff --git a/‎go.mod
+2-2 b/‎go.mod
+2-2
diff --git a/‎go.sum
+4 b/‎go.sum
+4
diff --git a/‎package-tooling/darwin/create_installer.sh
+99 b/‎package-tooling/darwin/create_installer.sh
+99
diff --git a/‎package-tooling/darwin/distribution.xml
+18 b/‎package-tooling/darwin/distribution.xml
+18
diff --git a/‎package-tooling/darwin/io.middleware.mw-agent.plist
+26 b/‎package-tooling/darwin/io.middleware.mw-agent.plist
+26
@@ -0,0 +1,90 @@
+name: Build and Notarize macOS Installer
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'Release number for MW Agent for macOS'
+        required: true
+  push:
+    paths-ignore:
+      - '.github/**'
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        include:
+          - arch: arm64
+            image: macos-latest
+          - arch: amd64
+            image: macos-latest-large
+      max-parallel: 1
+    runs-on: ${{ matrix.image }}   
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+      with:
+        token: ${{ secrets.GHCR_TOKEN }}
+        ssh-key: ${{ secrets.CHECK_AGENT_ACCESS }}
+        submodules: 'recursive'
+
+    - name: Set up Git credentials
+      run: |
+        git config --global url."https://${{ secrets.GHCR_TOKEN }}:@github.com/".insteadOf "https://github.com/"
+      env:
+        GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}
+    
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: '^1.23.1' # The Go version to download (if necessary) and use.
+
+    - name: Setting Release Number
+      run: |
+        if [ -n "${{ github.event.inputs.release_version }}" ]; then
+          echo "RELEASE_VERSION=${{ github.event.inputs.release_version }}" >> $GITHUB_ENV
+        else
+          echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+        fi
+
+    - name: Set up signing certificates
+      run: |
+        echo "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE" | base64 --decode > signing_certificate_application.p12
+        echo "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE" | base64 --decode > signing_certificate_installer.p12
+        security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_NAME
+        security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_NAME
+        security import signing_certificate_application.p12 -k $KEYCHAIN_NAME -P "$APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
+        security import signing_certificate_installer.p12 -k $KEYCHAIN_NAME -P "$APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD" -T /usr/bin/productbuild
+        security list-keychains -s $KEYCHAIN_NAME
+        security set-keychain-settings -t 3600 -u $KEYCHAIN_NAME
+        security set-key-partition-list -S apple-tool:,apple: -s -k "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_NAME
+      env:
+        APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_BASE64 }}
+        APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_BASE64 }}
+        APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }}
+        APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+        KEYCHAIN_NAME: "build.keychain"
+
+    - name: Build and notarize installer
+      run: |
+        CGO_ENABLED=1 GOPRIVATE=github.com/middleware-labs GOOS=darwin GOARCH=${{ matrix.arch }} go build -ldflags="-s -w -X main.agentVersion=${RELEASE_VERSION}" -v -a -o build/mw-host-agent cmd/host-agent/main.go
+        bash package-tooling/darwin/create_installer.sh ${{ env.RELEASE_VERSION }}
+      env:
+        APPLE_DEVELOPER_ID_APPLICATION: "Developer ID Application: Middleware Labs Inc (AV4NQ68UX8)"
+        APPLE_DEVELOPER_ID_INSTALLER: "Developer ID Installer: Middleware Labs Inc (AV4NQ68UX8)"
+        APPLE_ID: ${{ secrets.APPLE_ID }}
+        APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+        APPLE_DEVELOPER_TEAM_ID: ${{ secrets.APPLE_DEVELOPER_TEAM_ID }}
+        KEYCHAIN_PROFILE: "Middleware MacOS Agent"
+        KEYCHAIN_NAME: "build.keychain"
+        RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
+        ARCH: ${{ matrix.arch }}
+
+    - name: Upload installer package
+      uses: actions/upload-artifact@v4
+      with:
+        name: mw-macos-agent-setup-${{ matrix.arch }}.pkg
+        path: build/mw-macos-agent-setup-${{ matrix.arch }}.pkg
@@ -4,6 +4,10 @@ build-windows:
 	GOOS=windows CGO_ENABLED=0 go build -ldflags=${LD_FLAGS} -o build/mw-windows-agent.exe cmd/host-agent/main.go
 build-linux:
 	GOOS=linux CGO_ENABLED=0 go build -ldflags=${LD_FLAGS} -o build/mw-host-agent cmd/host-agent/main.go
+build-darwin-amd64:
+	GOOS=darwin GOARCH=amd64 CGO_ENABLED=1 go build -ldflags=${LD_FLAGS} -o build/mw-host-agent cmd/host-agent/main.go
+build-darwin-arm64:
+	GOOS=darwin GOARCH=arm64 CGO_ENABLED=1 go build -ldflags=${LD_FLAGS} -o build/mw-host-agent cmd/host-agent/main.go
 build-linux-amd64:
 	GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=${LD_FLAGS} -o build/mw-host-agent-amd64 cmd/host-agent/main.go
 build-linux-arm64:
@@ -26,6 +30,9 @@ package-linux: package-linux-deb package-linux-rpm package-linux-docker
 package-linux-docker:
 	Dockerfiles/docker-build.sh build local Dockerfiles/DockerfileLinux
 
+package-darwin: build-darwin-arm64
+	package-tooling/darwin/create_installer.sh ${RELEASE_VERSION}
+
 package: package-windows package-linux
 
 clean:
 
@@ -185,7 +185,11 @@ func getFlags(execPath string, cfg *agent.HostConfig) []cli.Flag {
 			DefaultText: func() string {
 				switch runtime.GOOS {
 				case "linux":
-					return filepath.Join("/etc", "mw-agent", "mw-agent.yaml")
+					return filepath.Join("/etc", "mw-agent", "agent-config.yaml")
+				case "darwin":
+					return filepath.Join("/etc", "mw-agent", "agent-config.yaml")
+				case "windows":
+					return filepath.Join(filepath.Dir(execPath), "agent-config.yaml")
 				}
 
 				return ""
@@ -200,6 +204,8 @@ func getFlags(execPath string, cfg *agent.HostConfig) []cli.Flag {
 				switch runtime.GOOS {
 				case "linux":
 					return filepath.Join("/etc", "mw-agent", "otel-config.yaml")
+				case "darwin":
+					return filepath.Join("/etc", "mw-agent", "otel-config.yaml")
 				case "windows":
 					return filepath.Join(filepath.Dir(execPath), "otel-config.yaml")
 				}
@@ -210,6 +216,10 @@ func getFlags(execPath string, cfg *agent.HostConfig) []cli.Flag {
 				switch runtime.GOOS {
 				case "linux":
 					return filepath.Join("/etc", "mw-agent", "otel-config.yaml")
+				case "darwin":
+					return filepath.Join("/etc", "mw-agent", "otel-config.yaml")
+				case "windows":
+					return filepath.Join(filepath.Dir(execPath), "otel-config.yaml")
 				}
 
 				return ""
@@ -305,8 +315,11 @@ func main() {
 						hostname = "unknown"
 					}
 
-					logger.Info("starting host agent", zap.String("agent location", execPath),
-						zap.String("hostname", hostname))
+					logger.Info("starting host agent",
+						zap.String("agent location", execPath),
+						zap.String("hostname", hostname),
+						zap.String("OS", runtime.GOOS),
+						zap.String("arch", runtime.GOARCH))
 
 					logger.Info("host agent config", zap.Stringer("config", cfg),
 						zap.String("version", agentVersion),
 
@@ -172,7 +172,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
 	github.com/gophercloud/gophercloud v1.8.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
-	github.com/grafana/pyroscope-go/godeltaprof v0.1.6 // indirect
+	github.com/grafana/pyroscope-go/godeltaprof v0.1.8 // indirect
 	github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/consul/api v1.28.3 // indirect
@@ -206,7 +206,7 @@ require (
 	github.com/jpillora/backoff v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/k0kubun/pp v3.0.1+incompatible // indirect
-	github.com/klauspost/compress v1.17.8 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/knadh/koanf v1.5.0 // indirect
 	github.com/knadh/koanf/v2 v2.1.1 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 
@@ -379,6 +379,8 @@ github.com/grafana/pyroscope-go v1.1.1 h1:PQoUU9oWtO3ve/fgIiklYuGilvsm8qaGhlY4Vw
 github.com/grafana/pyroscope-go v1.1.1/go.mod h1:Mw26jU7jsL/KStNSGGuuVYdUq7Qghem5P8aXYXSXG88=
 github.com/grafana/pyroscope-go/godeltaprof v0.1.6 h1:nEdZ8louGAplSvIJi1HVp7kWvFvdiiYg3COLlTwJiFo=
 github.com/grafana/pyroscope-go/godeltaprof v0.1.6/go.mod h1:Tk376Nbldo4Cha9RgiU7ik8WKFkNpfds98aUzS8omLE=
+github.com/grafana/pyroscope-go/godeltaprof v0.1.8 h1:iwOtYXeeVSAeYefJNaxDytgjKtUuKQbJqgAIjlnicKg=
+github.com/grafana/pyroscope-go/godeltaprof v0.1.8/go.mod h1:2+l7K7twW49Ct4wFluZD3tZ6e0SjanjcUUBPVD/UuGU=
 github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd h1:PpuIBO5P3e9hpqBD0O/HjhShYuM6XE0i/lbE6J94kww=
 github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
@@ -522,6 +524,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
 github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/knadh/koanf v1.5.0 h1:q2TSd/3Pyc/5yP9ldIrSdIz26MCcyNQzW0pEAugLPNs=
 github.com/knadh/koanf v1.5.0/go.mod h1:Hgyjp4y8v44hpZtPzs7JZfRAW5AhN7KfZcwv1RYggDs=
 github.com/knadh/koanf/v2 v2.1.1 h1:/R8eXqasSTsmDCsAyYj+81Wteg8AqrV9CP6gvsTsOmM=
 
@@ -0,0 +1,99 @@
+#!/bin/bash
+
+# Check if required environment variables are set
+if [ -z "$APPLE_DEVELOPER_ID_APPLICATION" ] || [ -z "$APPLE_DEVELOPER_ID_INSTALLER" ] || [ -z "$APPLE_ID" ] || [ -z "$APPLE_ID_PASSWORD" ] || [ -z "$KEYCHAIN_PROFILE" ] || [ -z "$KEYCHAIN_NAME" ]; then
+  echo "Error: One or more required environment variables are not set."
+  echo "Required variables: APPLE_DEVELOPER_ID_APPLICATION, APPLE_DEVELOPER_ID_INSTALLER, APPLE_ID, APPLE_ID_PASSWORD, KEYCHAIN_PROFILE, KEYCHAIN_NAME"
+  exit 1
+fi
+
+# Set variables
+REPO_ROOT=$(git rev-parse --show-toplevel)
+BASE_DIR="/tmp/mw-agent-pkg"
+INSTALLER_DIR="$REPO_ROOT/build"
+ROOT_DIR="$BASE_DIR/root"
+SCRIPTS_DIR="$BASE_DIR/scripts"
+RESOURCE_DIR="$BASE_DIR/resources"
+IDENTIFIER="io.middleware.mw-agent"
+INSTALLER_NAME="mw-macos-agent-setup-${ARCH}.pkg"
+RELEASE_VERSION=$1
+
+# Unlock the keychain
+security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_NAME
+# Prepare directories for the installer
+mkdir -p $BASE_DIR
+mkdir -p $RESOURCE_DIR
+mkdir -p $ROOT_DIR/Library/LaunchDaemons
+mkdir -p $ROOT_DIR/opt/mw-agent/
+mkdir -p $ROOT_DIR/etc/mw-agent/
+mkdir -p $SCRIPTS_DIR
+sudo cp $REPO_ROOT/build/mw-host-agent $ROOT_DIR/opt/mw-agent/mw-agent
+sudo cp $REPO_ROOT/package-tooling/agent-config.yaml.sample $ROOT_DIR/etc/mw-agent/agent-config.yaml
+sudo cp -r $REPO_ROOT/package-tooling/darwin/resources/* $RESOURCE_DIR
+sudo cp -r $REPO_ROOT/package-tooling/darwin/preinstall $SCRIPTS_DIR
+sudo chmod +x $SCRIPTS_DIR/preinstall
+
+sudo cp -r $REPO_ROOT/package-tooling/darwin/prompt_user.applescript $SCRIPTS_DIR
+
+sudo cp -r $REPO_ROOT/package-tooling/darwin/postinstall $SCRIPTS_DIR
+sudo chmod +x $SCRIPTS_DIR/postinstall
+
+sudo cp -r $REPO_ROOT/package-tooling/darwin/uninstall.sh $ROOT_DIR/opt/mw-agent/uninstall.sh
+sudo chmod +x $ROOT_DIR/opt/mw-agent/uninstall.sh
+
+sudo cp -r $REPO_ROOT/package-tooling/darwin/io.middleware.mw-agent.plist $ROOT_DIR/Library/LaunchDaemons/ 
+
+sudo cp -r $REPO_ROOT/package-tooling/darwin/distribution.xml $BASE_DIR/distribution.xml
+
+echo "Signing the mw-agent binary with hardened runtime"
+sudo codesign --sign "$APPLE_DEVELOPER_ID_APPLICATION" --options runtime --timestamp "$ROOT_DIR/opt/mw-agent/mw-agent"
+# Create component package for the installer
+sudo pkgbuild --root $ROOT_DIR \
+         --identifier $IDENTIFIER \
+         --version $RELEASE_VERSION \
+         --install-location / \
+         --scripts $SCRIPTS_DIR \
+         $BASE_DIR/middleware_agent.pkg
+
+# Check if pkgbuild command failed
+if [ $? -ne 0 ]; then
+  echo "Error: pkgbuild command failed"
+  exit 1
+fi
+
+# Create and sign the installer package
+echo "Signing the installer package"
+sudo productbuild --distribution $BASE_DIR/distribution.xml \
+             --package-path $BASE_DIR \
+             --resources $RESOURCE_DIR \
+             --sign "$APPLE_DEVELOPER_ID_INSTALLER" \
+             --keychain $KEYCHAIN_NAME \
+             $INSTALLER_DIR/$INSTALLER_NAME
+
+# Check if productbuild command failed
+if [ $? -ne 0 ]; then
+  echo "Error: productbuild command failed"
+  exit 1
+fi
+
+echo "Notarizing the installer package, team id: $APPLE_DEVELOPER_TEAM_ID"
+xcrun notarytool store-credentials "$KEYCHAIN_PROFILE" --apple-id $APPLE_ID --password $APPLE_ID_PASSWORD --team-id "$APPLE_DEVELOPER_TEAM_ID"
+
+echo "Submitting the installer package for notarization"
+sudo xcrun notarytool submit $INSTALLER_DIR/$INSTALLER_NAME --keychain-profile "$KEYCHAIN_PROFILE" --wait
+
+# Check if notarytool command failed
+if [ $? -ne 0 ]; then
+  echo "Error: notarytool command failed"
+  exit 1
+fi
+
+echo "Stapling the notarization ticket to the installer package"
+sudo xcrun stapler staple $INSTALLER_DIR/$INSTALLER_NAME
+
+# Check if stapler command failed
+if [ $? -ne 0 ]; then
+  echo "Error: stapler command failed"
+  exit 1
+fi
+echo "Installer package created at $INSTALLER_DIR/$INSTALLER_NAME"
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<installer-gui-script minSpecVersion="1">
+    <title>Middleware Agent</title>
+    <welcome mime-type="text/html" file="welcome.html"/>
+    <license file="LICENSE"/>
+    <conclusion mime-type="text/html" file="conclusion.html"/>
+    <background mime-type="image/png" alignment="bottomleft" scaling="proportional" file="logo.png"/>
+    <background-darkAqua mime-type="image/png" alignment="bottomleft" scaling="proportional" file="logo.png"/>
+    <options rootVolumeOnly="true" hostArchitectures="arm64"/>
+    <choices-outline>
+        <line choice="default"/>
+    </choices-outline>
+    <choice id="default" title="Install Middleware Agent">
+        <pkg-ref id="io.middleware.mw-agent"/>
+    </choice>
+
+    <pkg-ref id="io.middleware.mw-agent" version="1.7.6" auth="root" onConclusion="none">#middleware_agent.pkg</pkg-ref>
+</installer-gui-script>
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.7.4">
+<dict>
+    <key>Label</key>
+    <string>io.middleware.mw-agent</string>
+    <key>ProgramArguments</key>
+    <array>
+        <string>/opt/mw-agent/mw-agent</string>
+        <string>start</string>
+        <string>--config-file=/etc/mw-agent/agent-config.yaml</string>
+    </array>
+    <key>UserName</key>
+    <string>root</string>
+    <key>GroupName</key>
+    <string>wheel</string>
+    <key>RunAtLoad</key>
+    <true/>
+    <key>KeepAlive</key>
+    <true/>
+    <key>StandardErrorPath</key>
+    <string>/var/log/mw-agent.log</string>
+    <key>StandardOutPath</key>
+    <string>/var/log/mw-agent.log</string>
+</dict>
+</plist>