WIP: feat(workflows): add new build workflows for Windows, Linux, and macOS, and remove obsolete build scripts #17
@ -264,36 +264,83 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
APPLE_ID: ${{ secrets.APPLE_NOTARY_USER }}
|
APPLE_ID: ${{ secrets.APPLE_NOTARY_USER }}
|
||||||
APP_PASSWORD: ${{ secrets.APPLE_NOTARY_PASSWORD }}
|
APP_PASSWORD: ${{ secrets.APPLE_NOTARY_PASSWORD }}
|
||||||
|
API_KEY_ID: ${{ secrets.APPLE_NOTARY_API_KEY_ID }}
|
||||||
|
API_ISSUER_ID: ${{ secrets.APPLE_NOTARY_API_ISSUER_ID }}
|
||||||
|
API_KEY: ${{ secrets.APPLE_NOTARY_API_KEY }}
|
||||||
run: |
|
run: |
|
||||||
echo "📤 Notarizing app..."
|
echo "📤 Notarizing app..."
|
||||||
|
|
||||||
# Make sure we have required secrets
|
# Check if we have API key credentials
|
||||||
if [ -z "$APPLE_ID" ] || [ -z "$APP_PASSWORD" ] || [ -z "$APPLE_TEAM_ID" ]; then
|
if [ -n "$API_KEY_ID" ] && [ -n "$API_ISSUER_ID" ] && [ -n "$API_KEY" ]; then
|
||||||
|
echo "Using App Store Connect API key for notarization..."
|
||||||
|
|
||||||
|
# Create directory for API key
|
||||||
|
mkdir -p ~/private_keys
|
||||||
|
echo "$API_KEY" > ~/private_keys/AuthKey_${API_KEY_ID}.p8
|
||||||
|
|
||||||
|
# Create zip for notarization
|
||||||
|
ZIP_PATH="TestApp-notarize.zip"
|
||||||
|
ditto -c -k --keepParent "$APP_PATH" "$ZIP_PATH"
|
||||||
|
|
||||||
|
echo "Submitting for notarization with API key..."
|
||||||
|
xcrun notarytool submit "$ZIP_PATH" \
|
||||||
|
--key ~/private_keys/AuthKey_${API_KEY_ID}.p8 \
|
||||||
|
--key-id "$API_KEY_ID" \
|
||||||
|
--issuer "$API_ISSUER_ID" \
|
||||||
|
--wait
|
||||||
|
|
||||||
|
# Staple the notarization ticket
|
||||||
|
echo "Stapling notarization ticket..."
|
||||||
|
xcrun stapler staple "$APP_PATH"
|
||||||
|
|
||||||
|
# Verify notarization
|
||||||
|
echo "🔍 Verifying notarization..."
|
||||||
|
spctl --assess --verbose --type exec "$APP_PATH"
|
||||||
|
|
||||||
|
echo "NOTARIZED=true" >> "$GITHUB_ENV"
|
||||||
|
|
||||||
|
# Clean up
|
||||||
|
rm -rf ~/private_keys
|
||||||
|
|
||||||
|
# Fall back to App-specific password if API key not available
|
||||||
|
elif [ -n "$APPLE_ID" ] && [ -n "$APP_PASSWORD" ] && [ -n "$APPLE_TEAM_ID" ]; then
|
||||||
|
echo "Using App-specific password for notarization..."
|
||||||
|
|
||||||
|
# Create zip for notarization
|
||||||
|
ZIP_PATH="TestApp-notarize.zip"
|
||||||
|
ditto -c -k --keepParent "$APP_PATH" "$ZIP_PATH"
|
||||||
|
|
||||||
|
echo "Submitting for notarization..."
|
||||||
|
xcrun notarytool submit "$ZIP_PATH" \
|
||||||
|
--apple-id "$APPLE_ID" \
|
||||||
|
--password "$APP_PASSWORD" \
|
||||||
|
--team-id "$APPLE_TEAM_ID" \
|
||||||
|
--wait
|
||||||
|
|
||||||
|
# Staple the notarization ticket
|
||||||
|
echo "Stapling notarization ticket..."
|
||||||
|
xcrun stapler staple "$APP_PATH"
|
||||||
|
|
||||||
|
# Verify notarization
|
||||||
|
echo "🔍 Verifying notarization..."
|
||||||
|
spctl --assess --verbose --type exec "$APP_PATH"
|
||||||
|
|
||||||
|
echo "NOTARIZED=true" >> "$GITHUB_ENV"
|
||||||
|
else
|
||||||
echo "⚠️ Missing notarization credentials. Skipping notarization."
|
echo "⚠️ Missing notarization credentials. Skipping notarization."
|
||||||
|
echo "For App Store Connect API key method, set these secrets:"
|
||||||
|
echo " - APPLE_NOTARY_API_KEY_ID: Your API key ID"
|
||||||
|
echo " - APPLE_NOTARY_API_ISSUER_ID: Your API issuer ID"
|
||||||
|
echo " - APPLE_NOTARY_API_KEY: Your API key content (p8 file)"
|
||||||
|
echo ""
|
||||||
|
echo "For App-specific password method, set these secrets:"
|
||||||
|
echo " - APPLE_NOTARY_USER: Your Apple ID (email)"
|
||||||
|
echo " - APPLE_NOTARY_PASSWORD: Your app-specific password"
|
||||||
|
echo " - APPLE_TEAM_ID: Your Apple Developer team ID"
|
||||||
|
|
||||||
echo "NOTARIZED=false" >> "$GITHUB_ENV"
|
echo "NOTARIZED=false" >> "$GITHUB_ENV"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create zip for notarization
|
|
||||||
ZIP_PATH="TestApp-notarize.zip"
|
|
||||||
ditto -c -k --keepParent "$APP_PATH" "$ZIP_PATH"
|
|
||||||
|
|
||||||
echo "Submitting for notarization..."
|
|
||||||
xcrun notarytool submit "$ZIP_PATH" \
|
|
||||||
--apple-id "$APPLE_ID" \
|
|
||||||
--password "$APP_PASSWORD" \
|
|
||||||
--team-id "$APPLE_TEAM_ID" \
|
|
||||||
--wait
|
|
||||||
|
|
||||||
# Staple the notarization ticket
|
|
||||||
echo "Stapling notarization ticket..."
|
|
||||||
xcrun stapler staple "$APP_PATH"
|
|
||||||
|
|
||||||
# Verify notarization
|
|
||||||
echo "🔍 Verifying notarization..."
|
|
||||||
spctl --assess --verbose --type exec "$APP_PATH"
|
|
||||||
|
|
||||||
echo "NOTARIZED=true" >> "$GITHUB_ENV"
|
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
- name: Package Signed App
|
- name: Package Signed App
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user