@@ -13,33 +13,73 @@ jobs:
1313 steps :
1414 - name : Checkout Repository
1515 uses : actions/checkout@v2
16-
16+ - name : Install codesign certificate
17+ env :
18+ # DEV_CERT_B64: Base64-encoded developer certificate as .p12
19+ # DEV_CERT_PWD: Developer certificate .p12 password
20+ # PROVISION_PROFILE_B64: Base64-encoded provisioning profile as .provisionprofile
21+ # KEYCHAIN_TIMEOUT: Lock keychain after timeout interval
22+ # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
23+ DEV_CERT_B64 : ${{ secrets.DEV_CERT_B64 }}
24+ DEV_CERT_PWD : ${{ secrets.DEV_CERT_PWD }}
25+ KEYCHAIN_TIMEOUT : 21600
26+ run : |
27+ DEV_CERT_P12="$RUNNER_TEMP/dev_cert.p12"
28+ KEYCHAIN_DB="$RUNNER_TEMP/keychain.keychain-db"
29+ KEYCHAIN_PWD=$(openssl rand -base64 24)
30+ security create-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_DB"
31+ security set-keychain-settings -lut "$KEYCHAIN_TIMEOUT" "$KEYCHAIN_DB"
32+ security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_DB"
33+ echo -n "$DEV_CERT_B64" | base64 --decode --output "$DEV_CERT_P12"
34+ security import "$DEV_CERT_P12" -P "$DEV_CERT_PWD" -A -t cert -f pkcs12 -k "$KEYCHAIN_DB"
35+ security list-keychain -d user -s "$KEYCHAIN_DB"
1736name : Building
1837 run : |
1938 swift build -c release --arch arm64 --arch x86_64
20- cd .build/apple/Products/Release/
21- zip codeedit-cli.zip codeedit-cli
22- cd ../../../../
23-
2439# CODESIGN & NOTARIZE THE BINARY
25-
26- - name : Create Release
27- id : create_release
28- uses : actions/create-release@v1
40+ - name : Sign
2941 env :
30- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
31- with :
32- tag_name : ${{ github.ref }}
33- release_name : ${{ github.ref }}
34- draft : false
35- prerelease : false
36-
37- - name : Upload Release Asset
38- uses : actions/upload-release-asset@v1
42+ CODESIGN_SIGN : ${{ secrets.CODESIGN_SIGN }}
43+ run : |
44+ codesign --sign "$CODESIGN_SIGN" --prefix austincondiff.CodeEdit. --options=runtime --verbose --timestamp .build/apple/Products/Release/codeedit-cli
45+ name : Zip
46+ run : zip -r .build/apple/Products/Release/codeedit-cli.zip .build/apple/Products/Release/codeedit-cli
47+ - name : Notarize
3948 env :
40- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
41- with :
42- upload_url : ${{ steps.create_release.outputs.upload_url }}
43- asset_path : .build/apple/Products/Release/codeedit-cli.zip
44- asset_name : codeedit-cli-binary.zip
45- asset_content_type : application/zip
49+ APPLE_ID : ${{ secrets.APPLE_ID }}
50+ APPLE_ID_PWD : ${{ secrets.APPLE_ID_PWD }}
51+ APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
52+ run : |
53+ xcrun notarytool submit ".build/apple/Products/Release/codeedit-cli.zip" --apple-id "$APPLE_ID" --password "$APPLE_ID_PWD" --team-id "$APPLE_TEAM_ID" --verbose --wait --output-format plist > "NotarizationResponse.plist"
54+ echo "**RESPONSE**"
55+ cat NotarizationResponse.plist
56+ id=`/usr/libexec/PlistBuddy -c "Print :id" "NotarizationResponse.plist"`
57+ xcrun notarytool log --verbose --apple-id "$APPLE_ID" --password "$APPLE_ID_PWD" --team-id "$APPLE_TEAM_ID" "$id"
58+ status=`/usr/libexec/PlistBuddy -c "Print :status" "NotarizationResponse.plist"`
59+ if [[ $status != "Accepted" ]]; then
60+ exit 999
61+ fi
62+ # - name: Create Release
63+ # id: create_release
64+ # uses: actions/create-release@v1
65+ # env:
66+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
67+ # with:
68+ # tag_name: ${{ github.ref }}
69+ # release_name: ${{ github.ref }}
70+ # draft: false
71+ # prerelease: false
72+
73+ # - name: Upload Release Asset
74+ # uses: actions/upload-release-asset@v1
75+ # env:
76+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
77+ # with:
78+ # upload_url: ${{ steps.create_release.outputs.upload_url }}
79+ # asset_path: .build/apple/Products/Release/codeedit-cli.zip
80+ # asset_name: codeedit-cli-binary.zip
81+ # asset_content_type: application/zip
82+ - name : Clean up keychain
83+ if : ${{ always() }}
84+ run : |
85+ security delete-keychain "$RUNNER_TEMP/keychain.keychain-db"
0 commit comments