ci: trust self-signed certificate

G07cha · Nov 16, 2024 · 32b2b19 · 32b2b19
1 parent e1ed2f1
commit 32b2b19
Showing 1 changed file with 25 additions and 12 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,5 +1,7 @@
 on:
   push:
+    branches:
+      - ci/fix-mac-signing
     tags:
       - '*'
   workflow_dispatch:
@@ -20,10 +22,10 @@ jobs:
         platform:
           - host: macos-latest
             target: aarch64-apple-darwin
-          - host: macos-latest
-            target: x86_64-apple-darwin
-          - host: windows-latest
-            target: x86_64-pc-windows-msvc
+          # - host: macos-latest
+          #   target: x86_64-apple-darwin
+          # - host: windows-latest
+          #   target: x86_64-pc-windows-msvc
 
     runs-on: ${{ matrix.platform.host }}
     steps:
@@ -32,17 +34,28 @@ jobs:
         uses: ./.github/actions/setup-env
       - name: Add target
         run: rustup target add ${{ matrix.platform.target }}
-      - uses: apple-actions/import-codesign-certs@v2
-        if: startsWith(matrix.platform.target, 'aarch64-apple-darwin') || startsWith(matrix.platform.target, 'x86_64-apple-darwin')
-        with:
-          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
-          p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
-      - name: Verify certificate
-        if: startsWith(matrix.platform.target, 'aarch64-apple-darwin') || startsWith(matrix.platform.target, 'x86_64-apple-darwin')
-        run: security find-identity -v -p codesigning ${{ runner.temp }}/build.keychain
+      # - name: Import Apple Developer Certificate
+      #   if: startsWith(matrix.platform.target, 'aarch64-apple-darwin') || startsWith(matrix.platform.target, 'x86_64-apple-darwin')
+      #   env:
+      #     APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+      #     APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+      #     KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+      #   run: |
+      #     echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
+      #     security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+      #     security default-keychain -s build.keychain
+      #     security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+      #     security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
+      #     security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
+
+      #     echo $APPLE_AUTHORITY_CERTIFICATE | base64 --decode > certificate.der
+      #     # openssl pkcs12 -in certificate.p12 -password ${APPLE_CERTIFICATE_PASSWORD} -clcerts -nokeys -out certificate.der
+      #     security add-trusted-cert -d -k build.keychain certificate.der
+      #     security find-identity -v -p codesigning build.keychain
       - name: Create release
         uses: tauri-apps/tauri-action@v0
         with:
+          releaseDraft: true
           includeUpdaterJson: true
           tagName: v__VERSION__
           releaseName: 'v__VERSION__'