name: 'macOS Build Steps' description: 'Build, sign and notarize macOS application' inputs: apple_team_id: description: 'Apple Team ID for signing' required: true apple_certificate_base64: description: 'Base64-encoded certificate file' required: true apple_certificate_password: description: 'Password for certificate file' required: true api_key_path: description: 'Base64-encoded API key file' required: true api_key_id: description: 'API Key ID' required: true api_key_issuer_id: description: 'API Key Issuer ID' required: true runs: using: "composite" steps: - name: Setup environment run: | # Use the correct path where Unreal Engine is installed UE_PATH="/Users/Shared/Epic Games/UE_5.5" if [ ! -d "$UE_PATH" ]; then echo "Error: Unreal Engine is not installed in the expected location" echo "Please ensure Unreal Engine is installed at $UE_PATH" exit 1 fi # Create directories for builds mkdir -p Builds/Mac mkdir -p PackagedReleases echo "Using Unreal Engine 5.5" shell: bash - name: Build for macOS run: | chmod +x ./scripts/mac_build.sh ./scripts/mac_build.sh shell: bash - name: Setup for Signing id: setup-signing if: ${{ success() }} env: API_KEY_PATH: ${{ inputs.api_key_path }} run: | # Create output directory mkdir -p PackagedReleases # Decode the API key from Base64 secret echo "$API_KEY_PATH" | base64 --decode > api_key.p8 echo "api_key_file=$(pwd)/api_key.p8" >> $GITHUB_OUTPUT # Find app bundle APP_PATH=$(find Builds -type d -name "*.app" | head -1) if [ -z "$APP_PATH" ]; then # Look for a directory that might be a bundle but not named .app APP_PATH=$(find Builds -mindepth 1 -maxdepth 1 -type d | head -1) if [ -z "$APP_PATH" ]; then echo "No build directory found, cannot continue" exit 1 fi fi echo "Found app path: $APP_PATH" echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT shell: bash - name: Sign macOS App uses: lando/code-sign-action@v3 id: sign-app with: file: ${{ steps.setup-signing.outputs.app_path }} certificate-data: ${{ inputs.apple_certificate_base64 }} certificate-password: ${{ inputs.apple_certificate_password }} certificate-id: ${{ inputs.apple_team_id }} options: --force --options runtime --deep --timestamp --entitlements ./LuckyRobots.entitlements - name: Notarize macOS App run: | # Create a temporary file for notarization APP_PATH="${{ steps.setup-signing.outputs.app_path }}" NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip" ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH" API_KEY_FILE="${{ steps.setup-signing.outputs.api_key_file }}" # Submit for notarization using API key echo "Submitting for notarization with API key..." xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "${{ inputs.api_key_id }}" --issuer "${{ inputs.api_key_issuer_id }}" --wait # Staple the ticket to the application xcrun stapler staple "$APP_PATH" # Clean up the API key file rm -f "$API_KEY_FILE" rm -f "$NOTARIZE_APP_PATH" shell: bash - name: Package macOS App run: | # Package the signed and notarized app APP_PATH="${{ steps.setup-signing.outputs.app_path }}" APP_NAME=$(basename "$APP_PATH") DIR_PATH=$(dirname "$APP_PATH") echo "Creating final package..." (cd "$DIR_PATH" && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$APP_NAME") echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip" echo "Packaged releases:" ls -la PackagedReleases/ shell: bash - name: Upload macOS Build Artifact uses: actions/upload-artifact@v3 if: success() with: name: LuckyRobots-macOS path: PackagedReleases/LuckyRobots-macOS.zip retention-days: 365