Add macOS code signing and notarization for new compiler #8867
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign and notarize the roc binary for macOS builds so users can download and run it without Gatekeeper warnings. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds code signing and notarization to the nightly new compiler workflow for macOS builds. When users download the roc binary on macOS, it will run without Gatekeeper warnings.
-o runtime)ci/MACOS_CODE_SIGNING.mdRequired Secrets
Before this works, these secrets need to be configured:
MACOS_CERTIFICATE- Base64-encoded .p12 Developer ID certificateMACOS_CERTIFICATE_PWD- Password for the .p12 fileMACOS_CERTIFICATE_NAME- Certificate identity nameMACOS_CI_KEYCHAIN_PWD- Password for temp keychainAPPLE_NOTARIZATION_KEY_ID- App Store Connect API key IDAPPLE_NOTARIZATION_ISSUER- App Store Connect issuer UUIDAPPLE_NOTARIZATION_KEY- Private key content (.p8)Co-authored by Claude Opus 4.5