@@ -277,9 +277,6 @@ jobs:
277277 TAURI_SIGNING_PRIVATE_KEY : ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
278278 TAURI_SIGNING_PRIVATE_KEY_PASSWORD : ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
279279 APPLE_SIGNING_IDENTITY : ${{ secrets.APPLE_SIGNING_IDENTITY }}
280- APPLE_ID : ${{ secrets.APPLE_ID }}
281- APPLE_PASSWORD : ${{ secrets.APPLE_PASSWORD }}
282- APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
283280 with :
284281 tagName : note-gen-v__VERSION__
285282 releaseName : ' NoteGen v__VERSION__'
@@ -288,6 +285,37 @@ jobs:
288285 prerelease : false
289286 args : ${{ matrix.args }}
290287
288+ - name : Notarize app (macOS only)
289+ if : matrix.platform == 'macos-latest'
290+ env :
291+ APPLE_ID : ${{ secrets.APPLE_ID }}
292+ APPLE_PASSWORD : ${{ secrets.APPLE_PASSWORD }}
293+ APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
294+ run : |
295+ # 获取构建的 app 路径
296+ APP_PATH="src-tauri/target/${{ matrix.args == '--target aarch64-apple-darwin' && 'aarch64-apple-darwin' || matrix.args == '--target x86_64-apple-darwin' && 'x86_64-apple-darwin' || '' }}/release/bundle/macos/NoteGen.app"
297+
298+ if [ -f "$APP_PATH" ]; then
299+ echo "🔐 开始公证 $APP_PATH"
300+
301+ # 使用 xcrun notarytool 进行公证(更快)
302+ # 设置 10 分钟超时
303+ timeout 600 xcrun notarytool submit "$APP_PATH" \
304+ --apple-id "$APPLE_ID" \
305+ --password "$APPLE_PASSWORD" \
306+ --team-id "$APPLE_TEAM_ID" \
307+ --wait \
308+ --output-format json || echo "⚠️ 公证超时,但代码签名已完成"
309+
310+ # 获取公证结果并附加票据
311+ echo "📎 附加公证票据"
312+ xcrun stapler staple "$APP_PATH"
313+
314+ echo "✅ 公证完成"
315+ else
316+ echo "❌ 找不到应用文件: $APP_PATH"
317+ fi
318+
291319name : Generate release tag
292320 id : save_tag
293321 if : matrix.platform == 'ubuntu-24.04'
0 commit comments