Skip to content

Commit 0414e5d

Browse files
peterjahpeterjah
committed
add signatures for plugin
1 parent e4eaa1c commit 0414e5d

File tree

1 file changed

+59
-2
lines changed

1 file changed

+59
-2
lines changed

.github/workflows/plugin.yml

Lines changed: 59 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,15 @@ jobs:
121121
OS: ${{ matrix.target }}
122122
ARCH: ${{ matrix.arch }}
123123

124+
- name: Sign Macos binary
125+
uses: massalabs/massa/.github/actions/sign-macos@ccc3f02e34544f722634a6fb7732cc4bb515e90b
126+
if: ${{ runner.os == 'macOS' }}
127+
with:
128+
paths: "plugin/build/deweb-plugin"
129+
certificate-p12-base64: ${{ secrets.APPLE_CERTIFICATE_P12_BASE64 }}
130+
certificate-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
131+
signing-identity: ${{ vars.APPLE_DEVELOPER_ID_APPLICATION }}
132+
124133
- name: Rename Plugin artifact
125134
run: mv build/deweb-plugin${{ matrix.ext }} deweb-plugin_${{ matrix.target }}_${{ matrix.arch }}${{ matrix.ext }}
126135

@@ -138,11 +147,59 @@ jobs:
138147
run: |
139148
cd platform_${{ matrix.target }}_${{ matrix.arch }}
140149
zip -r ../deweb-plugin_${{ matrix.target }}_${{ matrix.arch }}.zip *
141-
cd ..
142-
ls -la deweb-plugin_${{ matrix.target }}_${{ matrix.arch }}.zip
150+
151+
- name: Notarize zip for MacOS ${{ matrix.arch }}
152+
uses: massalabs/massa/.github/actions/notarize-macos@ccc3f02e34544f722634a6fb7732cc4bb515e90b
153+
if: matrix.target == 'darwin'
154+
with:
155+
paths: "./plugin/deweb-plugin_${{ matrix.target }}_${{ matrix.arch }}.zip"
156+
apple-id: ${{ secrets.APPLE_ID }}
157+
apple-team-id: ${{ secrets.APPLE_TEAM_ID }}
158+
apple-app-password: ${{ secrets.APPLE_APP_PASSWORD }}
143159

144160
- name: Upload Plugin zip package
145161
uses: actions/upload-artifact@v4
146162
with:
147163
name: deweb-plugin_${{ matrix.target }}_${{ matrix.arch }}
148164
path: plugin/deweb-plugin_${{ matrix.target }}_${{ matrix.arch }}.zip
165+
166+
sign-windows-binary:
167+
name: Sign Windows binary
168+
needs: build
169+
runs-on: windows-latest
170+
permissions:
171+
contents: write
172+
id-token: write
173+
steps:
174+
- name: Download Windows artifacts
175+
uses: actions/download-artifact@v4
176+
with:
177+
name: deweb-plugin_windows_amd64
178+
path: .
179+
180+
- name: Unzip Plugin zip package
181+
shell: bash
182+
run: |
183+
unzip deweb-plugin_windows_amd64.zip -d windows-package
184+
185+
- name: Sign Windows binary
186+
uses: massalabs/station/.github/actions/sign-file-digicert@413d4c0bbd042d5e797fbb66bcd2c96be5c3e71a
187+
with:
188+
files: ./windows-package/deweb-plugin_windows_amd64.exe
189+
SM_API_KEY: ${{ secrets.SM_API_KEY }}
190+
SM_CLIENT_CERT_FILE_B64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }}
191+
SM_CLIENT_CERT_PASSWORD: ${{ secrets.SM_CLIENT_CERT_PASSWORD }}
192+
SM_CERT_FINGERPRINT: ${{ secrets.SM_CERT_FINGERPRINT }}
193+
SM_HOST: ${{ secrets.SM_HOST }}
194+
195+
- name: zip again
196+
shell: pwsh
197+
run: |
198+
Compress-Archive -Path "windows-package\*" -DestinationPath "deweb-plugin_windows_amd64.zip" -Force
199+
200+
- name: Upload signed Windows zip (overwrite original)
201+
uses: actions/upload-artifact@v4
202+
with:
203+
name: deweb-plugin_windows_amd64
204+
path: ./deweb-plugin_windows_amd64.zip
205+
overwrite: true

0 commit comments

Comments
 (0)