Skip to content

Commit 979a7c7

Browse files
ChxGuillaumeChxGuillaume
committed
chore: update macOS workflow to use macos-14 and improve code signing process
1 parent 5caa395 commit 979a7c7

File tree

1 file changed

+28
-25
lines changed

1 file changed

+28
-25
lines changed

.github/workflows/build-mac.yml

Lines changed: 28 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ on:
77
jobs:
88
mac:
99
name: macos
10-
runs-on: macos-latest
10+
runs-on: macos-14
1111
permissions:
1212
contents: write
1313
steps:
@@ -32,33 +32,36 @@ jobs:
3232

3333
- name: Install Apple Code Signing Certificate
3434
env:
35-
APPLE_THIRD_PARTY_INSTALLER_SIGNING_CERTIFICATE_BASE64: ${{ secrets.APPLE_3RD_PARTY_INSTALLER_SIGNING_CERTIFICATE_BASE64 }}
36-
APPLE_THIRD_PARTY_SIGNING_CERTIFICATE_BASE64: ${{ secrets.APPLE_3RD_PARTY_SIGNING_CERTIFICATE_BASE64 }}
37-
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_SIGNING_CERTIFICATE_BASE64 }}
38-
P12_PASSWORD: ${{ secrets.APPLE_SIGNING_CERTIFICATE_PASSWORD }}
35+
MAC_INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_3RD_PARTY_INSTALLER_SIGNING_CERTIFICATE_BASE64 }}
36+
MAC_DEVELOPMENT_CERTIFICATE_BASE64: ${{ secrets.APPLE_3RD_PARTY_SIGNING_CERTIFICATE_BASE64 }}
37+
MAC_APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_SIGNING_CERTIFICATE_BASE64 }}
38+
MAC_INSTALLER_CERTIFICATE_PATH: ${{ runner.temp }}/mac_installer_certificate.p12
39+
MAC_DEVELOPMENT_CERTIFICATE_PATH: ${{ runner.temp }}/mac_development_certificate.p12
40+
MAC_APP_CERTIFICATE_PATH: ${{ runner.temp }}/mac_app_certificate.p12
41+
KEYCHAIN_PATH: ${{ runner.temp }}/app-signing.keychain-db
3942
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
4043
run: |
41-
THIRD_PARTY_INSTALLER_CERTIFICATE_PATH=$RUNNER_TEMP/3rd_party_installer_certificate.p12
42-
THIRD_PARTY_CERTIFICATE_PATH=$RUNNER_TEMP/3rd_party_certificate.p12
43-
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
44-
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
44+
echo -n "$MAC_INSTALLER_CERTIFICATE_BASE64" | base64 --decode -o $MAC_INSTALLER_CERTIFICATE_PATH
45+
echo -n "$MAC_DEVELOPMENT_CERTIFICATE_BASE64" | base64 --decode -o $MAC_DEVELOPMENT_CERTIFICATE_PATH
46+
echo -n "$MAC_APP_CERTIFICATE_BASE64" | base64 --decode -o $MAC_APP_CERTIFICATE_PATH
4547
46-
# import certificate and provisioning profile from secrets
47-
echo -n "$APPLE_THIRD_PARTY_INSTALLER_SIGNING_CERTIFICATE_BASE64" | base64 --decode -o $THIRD_PARTY_INSTALLER_CERTIFICATE_PATH
48-
echo -n "$APPLE_THIRD_PARTY_SIGNING_CERTIFICATE_BASE64" | base64 --decode -o $THIRD_PARTY_CERTIFICATE_PATH
49-
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
50-
51-
# create temporary keychain
5248
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
5349
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
5450
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
5551
56-
# import certificate to keychain
57-
security import $THIRD_PARTY_INSTALLER_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
58-
security import $THIRD_PARTY_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
59-
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
52+
security import $MAC_INSTALLER_CERTIFICATE_PATH -A -t cert -k $KEYCHAIN_PATH
53+
security import $MAC_DEVELOPMENT_CERTIFICATE_PATH -A -t cert -k $KEYCHAIN_PATH
54+
security import $MAC_APP_CERTIFICATE_PATH -A -t cert -k $KEYCHAIN_PATH
6055
security list-keychain -d user -s $KEYCHAIN_PATH
6156
57+
- name: Install Apple Code Signing Certificate
58+
env:
59+
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
60+
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
61+
run: |
62+
mkdir -p ~/private_keys/
63+
echo -n "$APPLE_API_KEY" | base64 --decode > ~/private_keys/AuthKey_$APPLE_API_KEY_ID.p8
64+
6265
- name: Install Mac Profiles
6366
env:
6467
APPLE_APPLE_DEVELOPMENT_PROFILE: ${{ secrets.APPLE_APPLE_DEVELOPMENT_PROFILE }}
@@ -92,14 +95,14 @@ jobs:
9295
env:
9396
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
9497
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
95-
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
9698
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9799
run: |
98-
mkdir -p ~/.private_keys
99-
echo -n "$APPLE_API_KEY" ~/.private_keys/Auth_$APPLE_API_KEY_ID.p8
100-
101-
xcrun altool --validate-app -f dist/**/*.pkg --apiKey "$APPLE_API_KEY_ID" --apiIssuer "$APPLE_API_ISSUER"
102-
xcrun altool --upload-app -f dist/**/*.pkg --apiKey "$APPLE_API_KEY_ID" --apiIssuer "$APPLE_API_ISSUER"
100+
xcrun altool \
101+
--notarize-app \
102+
--file path/to/your/package.pkg \
103+
--apiKey "$APPLE_API_KEY_ID" \
104+
--apiIssuer "$APPLE_API_ISSUER" \
105+
--output-format xml
103106
104107
- name: Upload artifacts
105108
uses: actions/upload-artifact@v4

0 commit comments

Comments
 (0)