Use notarytool #121
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# .github/workflows/release.yaml | |
on: | |
push: | |
# Publish semver tags as releases. | |
tags: | |
- '!dbg*' | |
- '!*-dbg*' | |
- '!*-fix*' | |
- '*.*.*' | |
jobs: | |
releases-macos: | |
name: Release | |
runs-on: macos-11 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.17 | |
- name: "Build" | |
run: | | |
pushd .. | |
git clone https://github.com/mysteriumnetwork/myst-launcher | |
pushd myst-launcher | |
git fetch --all --tags | |
git checkout tags/1.0.44-mac | |
popd | |
popd | |
echo "Make gobridge >>>" | |
cd gobridge; sh -c ./mk.sh | |
cd .. | |
echo "Make app build >>>" | |
sh -c ./make_build.sh | |
- name: Codesign app | |
env: | |
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERTIFICATE_ID }} | |
KEYCHAIN_TMP_PWD: tmppassword | |
KEY_CHAIN: build.keychain | |
APPLE_ID: ${{ secrets.NOTARIZE_EMAIL }} | |
run: | | |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
security delete-keychain $KEY_CHAIN || echo "" | |
security create-keychain -p $KEYCHAIN_TMP_PWD $KEY_CHAIN | |
security default-keychain -s $KEY_CHAIN | |
security set-keychain-settings -t 4200 -u $KEY_CHAIN | |
security unlock-keychain -p $KEYCHAIN_TMP_PWD $KEY_CHAIN | |
echo "Import" | |
security import certificate.p12 -k $KEY_CHAIN -P $MACOS_CERTIFICATE_PWD -A # -T /usr/bin/codesign | |
echo "Set Key" | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_TMP_PWD $KEY_CHAIN | |
# echo "Find identity" | |
# security find-identity -p codesigning -s $KEY_CHAIN | |
echo "Codesign" | |
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_ID" --timestamp ./build/MysteriumLauncher/Mysterium\ Node\ Launcher.app/Contents/MacOS/Mysterium\ Node\ Launcher | |
echo "Codesign dylib" | |
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_ID" --timestamp -o runtime ./build/MysteriumLauncher/Mysterium\ Node\ Launcher.app/Contents/Frameworks/gobridge.dylib | |
echo "Codesign whole build" | |
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_ID" --timestamp -o runtime ./build/MysteriumLauncher/Mysterium\ Node\ Launcher.app/ | |
# dmg | |
hdiutil create -format UDZO -srcfolder build/MysteriumLauncher mysterium_launcher_macos.dmg | |
- name: Notarize | |
env: | |
PRIMARY_BUNDLE_ID: com.mysterium.launcher | |
APPLE_TEAM_ID: KPKW2HX458 | |
APPLE_ID: ${{ secrets.NOTARIZE_EMAIL }} | |
TARGET_BINARY: ./mysterium_launcher_macos.dmg | |
APP_SPECIFIC_PASSWORD: ${{ secrets.NOTARIZE_APP_SPEC_PWD }} | |
run: | | |
# notarize | |
sh -c ./notarize.sh | |
#echo Verify | |
#/usr/bin/codesign -vvvv ./mysterium_launcher_macos.dmg | |
- name: Upload | |
uses: softprops/action-gh-release@v1 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
prerelease: true | |
files: | | |
mysterium_launcher_macos.dmg | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |