Skip to content

Commit

Permalink
chore: macos code signing
Browse files Browse the repository at this point in the history
  • Loading branch information
@Julusian
Julusian committed Jan 9, 2024
1 parent 67a5c58 commit 21cbf4b
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 1 deletion.
31 changes: 31 additions & 0 deletions .github/workflows/macos.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ jobs:
runs-on: macos-11

strategy:
fail-fast: false
matrix:
arch: [arm64, x86_64]

Expand All @@ -26,13 +27,43 @@ jobs:
tools: 'tools_ifw tools_cmake'
modules: 'qtwebsockets qt5compat'

- name: Install the Apple certificate and provisioning profile
env:
APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
APPLE_P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
if [[ -n "$APPLE_CERTIFICATE_BASE64" ]]; then
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$APPLE_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$APPLE_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# list signing identities
# security find-identity -v -p codesigning
fi
- name: Run build
run: |
./tools/build-macos.sh ${{ matrix.arch }}
env:
CI: 1
BUILD_QT_PATH: ${{ github.workspace }}/Qt/6.5.3/macos
BUILD_PARALLEL_THREADS: 2
MACOS_SIGN_NAME: ${{ secrets.MACOS_SIGN_NAME }}
APPLEID: ${{ secrets.APPLEID }}
APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
APPLEIDTEAM: ${{ secrets.APPLEIDTEAM }}

- name: Rename build
id: "rename-build"
Expand Down
10 changes: 10 additions & 0 deletions resources/macos/entitlements.plist
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
</dict>
</plist>
17 changes: 16 additions & 1 deletion tools/build-macos.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,27 @@ mkdir "$CLIENT_FOLDER" || fail "Could not create $CLIENT_FOLDER"
# Copy app bundle
mv staging/casparcg-client.app "$CLIENT_FOLDER/$CLIENT_FOLDER.app" || fail "Could not move app bundle"

# Sign app bundle
if [ -n "$MACOS_SIGN_NAME" ]; then
echo "Signing..."
codesign --deep --timestamp --options runtime -s "$MACOS_SIGN_NAME" --entitlements "../resources/macos/entitlements.plist" "$CLIENT_FOLDER/$CLIENT_FOLDER.app"
fi

# Copy documentation
echo Copying documentation...
cp -f ../CHANGELOG "$CLIENT_FOLDER/" || fail "Could not copy CHANGELOG"
cp -f ../LICENSE "$CLIENT_FOLDER/" || fail "Could not copy LICENSE"
ln -s /Applications "$CLIENT_FOLDER/"

# Create dmg file
echo Creating dmg...
hdiutil create -size "$BUILD_HDIUTILS_WORKAROUND_SIZE" -volname "$CLIENT_FOLDER" -srcfolder "$CLIENT_FOLDER" -ov -format UDZO "$BUILD_ARCHIVE_NAME-$ARCH.dmg" || fail "Could not create dmg"
DMG_NAME="$BUILD_ARCHIVE_NAME-macos-$ARCH.dmg"
hdiutil create -size "$BUILD_HDIUTILS_WORKAROUND_SIZE" -volname "$CLIENT_FOLDER" -srcfolder "$CLIENT_FOLDER" -ov -format UDZO "$DMG_NAME" || fail "Could not create dmg"

# notarize dmg
if [ -n "$APPLEID" ]; then
echo "Notarizing..."
xcrun notarytool submit "$DMG_NAME" --wait --apple-id "$APPLEID" --password "$APPLEIDPASS" --team-id "$APPLEIDTEAM"
xcrun stapler staple "$DMG_NAME"
fi

0 comments on commit 21cbf4b

Please sign in to comment.