config for codesign macOS App
This commit is contained in:
an-lee
43
.github/workflows/build-enjoy-app.yml
vendored
Normal file
43
.github/workflows/build-enjoy-app.yml
vendored
Normal file
@@ -0,0 +1,43 @@
|
||||
name: Build Enjoy App
|
||||
on: workflow_dispatch
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
os: [macos-latest, windows-latest, ubuntu-latest]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: 20
|
||||
- name: Install dependencies
|
||||
run: yarn install
|
||||
- name: Build
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
|
||||
APPLE_ID: ${{ secrets.APPLE_ID }}
|
||||
APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
|
||||
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
||||
CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
|
||||
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
|
||||
run: yarn make:enjoy
|
||||
- if: matrix.os == 'macos-latest'
|
||||
name: Build macOS arm64
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
|
||||
APPLE_ID: ${{ secrets.APPLE_ID }}
|
||||
APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
|
||||
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
||||
CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
|
||||
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
|
||||
PACKAGE_OS_ARCH: arm64
|
||||
run: |
|
||||
./enjoy/scripts/add-macos-cert.sh
|
||||
yarn run make:enjoy --arch=arm64
|
||||
- name: Upload artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: Enjoy-${{ matrix.os }}
|
||||
path: ./enjoy/output/make/**/*
|
||||
@@ -25,7 +25,7 @@ const config = {
|
||||
name: "Enjoy",
|
||||
setupIcon: "./assets/icon.ico",
|
||||
}),
|
||||
new MakerZIP({}, ["darwin", "win32"]),
|
||||
new MakerZIP(["darwin", "win32"]),
|
||||
new MakerDeb({
|
||||
options: {
|
||||
name: "enjoy",
|
||||
@@ -51,6 +51,7 @@ const config = {
|
||||
owner: "xiaolai",
|
||||
name: "everyone-can-use-english",
|
||||
},
|
||||
generateReleaseNotes: true,
|
||||
draft: true,
|
||||
},
|
||||
},
|
||||
@@ -91,4 +92,25 @@ const config = {
|
||||
],
|
||||
};
|
||||
|
||||
const macOsCodesignConfig = {
|
||||
osxSign: {},
|
||||
osxNotarize: {
|
||||
tool: "notarytool",
|
||||
appleId: process.env.APPLE_ID,
|
||||
appleIdPassword: process.env.APPLE_APP_PASSWORD,
|
||||
teamId: process.env.APPLE_TEAM_ID,
|
||||
},
|
||||
};
|
||||
|
||||
if (
|
||||
process.env.APPLE_ID &&
|
||||
process.env.APPLE_APP_PASSWORD &&
|
||||
process.env.APPLE_TEAM_ID
|
||||
) {
|
||||
config.packagerConfig = {
|
||||
...config.packagerConfig,
|
||||
...macOsCodesignConfig,
|
||||
};
|
||||
}
|
||||
|
||||
export default config;
|
||||
|
||||
23
enjoy/scripts/add-macos-cert.sh
Executable file
23
enjoy/scripts/add-macos-cert.sh
Executable file
@@ -0,0 +1,23 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
KEY_CHAIN=build.keychain
|
||||
CERTIFICATE_P12=certificate.p12
|
||||
|
||||
# Recreate the certificate from the secure environment variable
|
||||
echo $CERTIFICATE_OSX_APPLICATION | base64 --decode > $CERTIFICATE_P12
|
||||
|
||||
#create a keychain
|
||||
security create-keychain -p actions $KEY_CHAIN
|
||||
|
||||
# Make the keychain the default so identities are found
|
||||
security default-keychain -s $KEY_CHAIN
|
||||
|
||||
# Unlock the keychain
|
||||
security unlock-keychain -p actions $KEY_CHAIN
|
||||
|
||||
security import $CERTIFICATE_P12 -k $KEY_CHAIN -P $CERTIFICATE_PASSWORD -T /usr/bin/codesign;
|
||||
|
||||
security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEY_CHAIN
|
||||
|
||||
# remove certs
|
||||
rm -fr *.p12
|
||||
Reference in New Issue
Block a user