@@ -87,13 +87,43 @@ jobs:
8787 run : |
8888 sed -i '' 's/version = \"dev\"/version = \"${{ github.ref_name }}\"/' cli/root.go
8989
90+ - name : Import certificates and provisioning profile
91+ env :
92+ APPLE_WWDR_CERT : ${{ secrets.APPLE_WWDR_CERT }}
93+ DEVELOPER_ID_APPLICATION_CERT : ${{ secrets.DEVELOPER_ID_APPLICATION_CERT }}
94+ DEVELOPER_ID_APPLICATION_PASSWORD : ${{ secrets.DEVELOPER_ID_APPLICATION_PASSWORD }}
95+ run : |
96+ # Create keychain
97+ security create-keychain -p "" build.keychain
98+ security default-keychain -s build.keychain
99+ security unlock-keychain -p "" build.keychain
100+
101+ echo -n "$APPLE_WWDR_CERT" | base64 --decode > apple_wwdr.cer
102+ security import apple_wwdr.cer -k build.keychain -T /usr/bin/codesign
103+
104+ echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12
105+ security import certificate.p12 -k build.keychain -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12
106+
107+ security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain
108+
109+ # List identities to verify import
110+ security find-identity -v -p codesigning
111+
112+ security default-keychain -s build.keychain
113+
90114 - name : Build
115+ env :
116+ CODE_SIGN_IDENTITY : ${{ secrets.CODE_SIGN_IDENTITY }}
91117 run : |
92118 GOARCH=arm64 go build -ldflags="-s -w" -o mobilecli-arm64
93119 GOARCH=amd64 go build -ldflags="-s -w" -o mobilecli-amd64
94120 lipo mobilecli-arm64 mobilecli-amd64 -create -output mobilecli-darwin
95121 rm mobilecli-arm64 mobilecli-amd64
96122 ./mobilecli-darwin --version
123+ # codesign this binary
124+ codesign --sign "$CODE_SIGN_IDENTITY" --timestamp --options runtime ./mobilecli
125+ # make sure spctl passes
126+ spctl -a -vv -t install ./mobilecli-darwin
97127
98128 - name : Upload macos build artifact
99129 uses : actions/upload-artifact@v4
0 commit comments