Skip to content

Use notarytool

Use notarytool #121

Workflow file for this run

# .github/workflows/release.yaml
on:
push:
# Publish semver tags as releases.
tags:
- '!dbg*'
- '!*-dbg*'
- '!*-fix*'
- '*.*.*'
jobs:
releases-macos:
name: Release
runs-on: macos-11
steps:
- uses: actions/checkout@v2
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.17
- name: "Build"
run: |
pushd ..
git clone https://github.com/mysteriumnetwork/myst-launcher
pushd myst-launcher
git fetch --all --tags
git checkout tags/1.0.44-mac
popd
popd
echo "Make gobridge >>>"
cd gobridge; sh -c ./mk.sh
cd ..
echo "Make app build >>>"
sh -c ./make_build.sh
- name: Codesign app
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERTIFICATE_ID }}
KEYCHAIN_TMP_PWD: tmppassword
KEY_CHAIN: build.keychain
APPLE_ID: ${{ secrets.NOTARIZE_EMAIL }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security delete-keychain $KEY_CHAIN || echo ""
security create-keychain -p $KEYCHAIN_TMP_PWD $KEY_CHAIN
security default-keychain -s $KEY_CHAIN
security set-keychain-settings -t 4200 -u $KEY_CHAIN
security unlock-keychain -p $KEYCHAIN_TMP_PWD $KEY_CHAIN
echo "Import"
security import certificate.p12 -k $KEY_CHAIN -P $MACOS_CERTIFICATE_PWD -A # -T /usr/bin/codesign
echo "Set Key"
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_TMP_PWD $KEY_CHAIN
# echo "Find identity"
# security find-identity -p codesigning -s $KEY_CHAIN
echo "Codesign"
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_ID" --timestamp ./build/MysteriumLauncher/Mysterium\ Node\ Launcher.app/Contents/MacOS/Mysterium\ Node\ Launcher
echo "Codesign dylib"
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_ID" --timestamp -o runtime ./build/MysteriumLauncher/Mysterium\ Node\ Launcher.app/Contents/Frameworks/gobridge.dylib
echo "Codesign whole build"
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_ID" --timestamp -o runtime ./build/MysteriumLauncher/Mysterium\ Node\ Launcher.app/
# dmg
hdiutil create -format UDZO -srcfolder build/MysteriumLauncher mysterium_launcher_macos.dmg
- name: Notarize
env:
PRIMARY_BUNDLE_ID: com.mysterium.launcher
APPLE_TEAM_ID: KPKW2HX458
APPLE_ID: ${{ secrets.NOTARIZE_EMAIL }}
TARGET_BINARY: ./mysterium_launcher_macos.dmg
APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPEC_PWD }}
run: |
# notarize
sh -c ./notarize.sh
#echo Verify
#/usr/bin/codesign -vvvv ./mysterium_launcher_macos.dmg
- name: Upload
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
prerelease: true
files: |
mysterium_launcher_macos.dmg
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}