LuckyRobots/LuckyWorld
14
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects 1 Releases 13 Wiki Activity

WIP: feat(workflows): add new build workflows for Windows, Linux, and macOS, and remove obsolete build scripts #17

Draft
m wants to merge 115 commits from ozgur/build into main
pull from: ozgur/build
merge into: LuckyRobots:main
Conversation 0 Commits 115 Files Changed 21 +21 -30
1 changed files with 21 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 8943f65d58 - Show all commits

51
.gitea/workflows/test-local-signing.yml
View File

@ -99,60 +99,51 @@ jobs:
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -t 3600 -l "$KEYCHAIN_PATH" security set-keychain-settings -t 3600 -l "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security list-keychains -s "$KEYCHAIN_PATH" $(security list-keychains | xargs)
# Download and import Apple root certificates # Add to keychain list and make it default
echo "📥 Downloading Apple root certificates..." security list-keychains -s "$KEYCHAIN_PATH" login.keychain
curl -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer security default-keychain -s "$KEYCHAIN_PATH"
curl -o DeveloperIDG2.cer https://www.apple.com/certificateauthority/DeveloperIDG2.cer
# Check certificate formats
echo "🔍 Checking certificate formats..."
file AppleWWDRCAG3.cer
file DeveloperIDG2.cer
# Import Apple WWDRCA certificate
echo "🔑 Importing Apple WWDRCA certificate..."
security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
# Import Developer ID certificate - try with explicit format
echo "🔑 Importing Developer ID certificate..."
security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f pkcs7 || \
security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f openssl || \
security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
# Import developer certificate # Import developer certificate
echo "🔑 Importing developer p12 certificate..." echo "🔑 Importing developer certificate..."
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12 echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
security import certificate.p12 -k "$KEYCHAIN_PATH" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign security import certificate.p12 -k "$KEYCHAIN_PATH" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign
# Set partition list to allow codesign to access keychain without password # Set partition list to allow codesign to access without password
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Set keychain as default
security default-keychain -s "$KEYCHAIN_PATH"
# Verify certificate # Verify certificate
echo "🔍 Verifying certificate..." echo "🔍 Verifying certificate..."
security find-identity -v -p codesigning "$KEYCHAIN_PATH" security find-identity -v -p codesigning "$KEYCHAIN_PATH"
# Make keychain available for 1 hour
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Cleanup # Cleanup
rm -f certificate.p12 AppleWWDRCAG3.cer DeveloperIDG2.cer rm -f certificate.p12
shell: bash shell: bash
- name: Sign App Bundle - name: Sign App Bundle
run: | run: |
echo "🔏 Signing app bundle..." echo "🔏 Signing app bundle..."
# Get the identity hash # Get the identity name (not hash)
IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | awk '{print $2}') IDENTITY_NAME=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | sed -E 's/.*"Developer ID Application: ([^"]*).*/\1/')
if [ -z "$IDENTITY" ]; then IDENTITY_FULL="Developer ID Application: $IDENTITY_NAME"
echo "Found identity: $IDENTITY_FULL"
if [ -z "$IDENTITY_NAME" ]; then
echo "❌ Error: No valid Developer ID Application identity found" echo "❌ Error: No valid Developer ID Application identity found"
exit 1 exit 1
fi fi
# Make sure keychain is unlocked
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Sign the app bundle # Sign the app bundle
codesign --force --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY" --timestamp TestApp.app echo "Signing with identity: $IDENTITY_FULL"
codesign --force --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY_FULL" --timestamp TestApp.app
# Verify signing # Verify signing
echo "🔍 Verifying signature..." echo "🔍 Verifying signature..."