Skip to content

Commit

Permalink
Added codesing with apple certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
@munishchouhan
munishchouhan committed Sep 13, 2023
1 parent 3b982a5 commit 5846e39
Showing 1 changed file with 32 additions and 0 deletions.
32 changes: 32 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ jobs:
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
include:
- os: macos-latest
codesign: enabled
steps:
- uses: actions/checkout@v3

Expand All @@ -38,6 +41,35 @@ jobs:
name: nativeCompile-${{ matrix.os }}
path: ./app/build/native/nativeCompile

- name: Codesign binary
env:
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime ./app/build/native/nativeCompile/nativeCompile-${{ matrix.os }} -v
if: ${{ matrix.codesign }}

- name: Notarize binary
env:
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
run: |
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
echo "Creating temp notarization archive"
ditto -c -k --keepParent "./app/build/native/nativeCompile" "notarization.zip"
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
xcrun stapler staple "./app/build/native/nativeCompile/nativeCompile-${{ matrix.os }}"
if: ${{ matrix.codesign }}

- name: Publish tests report
if: failure()
uses: actions/upload-artifact@v3
Expand Down

0 comments on commit 5846e39

Please sign in to comment.