From ed39449a20465628eb4b949920a9e403bd77ec90 Mon Sep 17 00:00:00 2001 From: hstyi Date: Sat, 8 Feb 2025 10:42:41 +0800 Subject: [PATCH] feat: GitHub actions macOS sign (#175) --- .github/workflows/osx-aarch64.yml | 29 +++++++++++++++++++++++++++-- .github/workflows/osx-x86-64.yml | 29 ++++++++++++++++++++++++++++- 2 files changed, 55 insertions(+), 3 deletions(-) diff --git a/.github/workflows/osx-aarch64.yml b/.github/workflows/osx-aarch64.yml index ba2d9a1..ddcd723 100644 --- a/.github/workflows/osx-aarch64.yml +++ b/.github/workflows/osx-aarch64.yml @@ -10,6 +10,28 @@ jobs: with: fetch-depth: 0 + - name: Install the Apple certificate + if: github.event_name == 'push' + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH # download jdk - run: wget -O $RUNNER_TEMP/java_package.tar.gz https://cache-redirector.jetbrains.com/intellij-jbr/jbrsdk-21.0.6-osx-aarch64-b825.69.tar.gz @@ -23,9 +45,12 @@ jobs: java-version: '21.0.6' architecture: aarch64 - # dist - - run: | + - name: Dist + env: + TERMORA_MAC_SIGN: ${{ github.event_name == 'push' }} + TERMORA_MAC_SIGN_USER_NAME: ${{ secrets.TERMORA_MAC_SIGN_USER_NAME }} + run: | ./gradlew dist --no-daemon - name: Upload artifact diff --git a/.github/workflows/osx-x86-64.yml b/.github/workflows/osx-x86-64.yml index a6e02c4..42a3af7 100644 --- a/.github/workflows/osx-x86-64.yml +++ b/.github/workflows/osx-x86-64.yml @@ -10,6 +10,29 @@ jobs: with: fetch-depth: 0 + - name: Install the Apple certificate + if: github.event_name == 'push' + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + # download jdk - run: wget -O $RUNNER_TEMP/java_package.tar.gz https://cache-redirector.jetbrains.com/intellij-jbr/jbrsdk-21.0.6-osx-x64-b825.69.tar.gz @@ -24,7 +47,11 @@ jobs: # dist - - run: | + - name: Dist + env: + TERMORA_MAC_SIGN: ${{ github.event_name == 'push' }} + TERMORA_MAC_SIGN_USER_NAME: ${{ secrets.TERMORA_MAC_SIGN_USER_NAME }} + run: | ./gradlew dist --no-daemon - name: Upload artifact