Skip to content

Commit

Permalink
ci: trust self-signed certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
G07cha committed Nov 3, 2024
1 parent e1ed2f1 commit 2ab4845
Showing 1 changed file with 18 additions and 7 deletions.
25 changes: 18 additions & 7 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
on:
push:
branches:
- ci/fix-mac-signing
tags:
- '*'
workflow_dispatch:
Expand Down Expand Up @@ -32,17 +34,26 @@ jobs:
uses: ./.github/actions/setup-env
- name: Add target
run: rustup target add ${{ matrix.platform.target }}
- uses: apple-actions/import-codesign-certs@v2
- name: Import Apple Developer Certificate
if: startsWith(matrix.platform.target, 'aarch64-apple-darwin') || startsWith(matrix.platform.target, 'x86_64-apple-darwin')
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- name: Verify certificate
if: startsWith(matrix.platform.target, 'aarch64-apple-darwin') || startsWith(matrix.platform.target, 'x86_64-apple-darwin')
run: security find-identity -v -p codesigning ${{ runner.temp }}/build.keychain
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
openssl pkcs12 -in certificate.p12 -password ${APPLE_CERTIFICATE_PASSWORD} -clcerts -nokeys -out certificate.crt
security add-trusted-cert -d -r trustRoot -k build.keychain certificate.crt
security find-identity -v -p codesigning build.keychain
- name: Create release
uses: tauri-apps/tauri-action@v0
with:
releaseDraft: true
includeUpdaterJson: true
tagName: v__VERSION__
releaseName: 'v__VERSION__'
Expand Down

0 comments on commit 2ab4845

Please sign in to comment.