LuckyRobots/LuckyWorld
14
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases 13 Wiki Activity
LuckyWorld/.gitea/workflows/macos-build.yml
Ozgur Ersoy 1476c4395f
Some checks failed
Unreal Engine Build / linux-build (push) Waiting to run
Details
Unreal Engine Build / windows-build (push) Waiting to run
Details
Unreal Engine Build / create-release (push) Blocked by required conditions
Details
Unreal Engine Build / macos-build (push) Has been cancelled
Details
fix(workflows): ensure macOS app signing and notarization step always runs
2025-04-13 01:36:24 +02:00

155 lines
6.2 KiB
YAML
Raw Blame History

name: macOS Build
on:
workflow_dispatch:
workflow_call:
jobs:
macos-build:
runs-on: macos
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
lfs: true
fetch-depth: 0
- name: Setup environment
run: |
# Use the correct path where Unreal Engine is installed
UE_PATH="/Users/Shared/Epic Games/UE_5.5"
if [ ! -d "$UE_PATH" ]; then
echo "Error: Unreal Engine is not installed in the expected location"
echo "Please ensure Unreal Engine is installed at $UE_PATH"
exit 1
fi
# Create directories for builds
mkdir -p Builds/Mac
mkdir -p PackagedReleases
echo "Using Unreal Engine 5.5"
- name: Build for macOS
run: |
chmod +x ./scripts/mac_build.sh
./scripts/mac_build.sh
- name: Package macOS build
run: |
echo "Preparing packaged files for release..."
# Find the app bundle in the Builds directory
APP_PATH=$(find Builds -type d -name "*.app" | head -1)
if [ -n "$APP_PATH" ]; then
echo "Found app bundle: $APP_PATH"
# Get the app name
APP_NAME=$(basename "$APP_PATH")
# Create zip file of the app bundle
(cd $(dirname "$APP_PATH") && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$APP_NAME")
echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip"
else
echo "No .app bundle found in Builds directory"
# Look for a directory that might be a bundle but not named .app
MAIN_BUILD_DIR=$(find Builds -mindepth 1 -maxdepth 1 -type d | head -1)
if [ -n "$MAIN_BUILD_DIR" ]; then
echo "Found main build directory: $MAIN_BUILD_DIR"
DIR_NAME=$(basename "$MAIN_BUILD_DIR")
# Package this directory as if it were the app
(cd $(dirname "$MAIN_BUILD_DIR") && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$DIR_NAME")
echo "Created packaged release from main directory: PackagedReleases/LuckyRobots-macOS.zip"
else
# Package the entire Builds directory as a fallback
echo "No main directory found, packaging everything"
zip -r "PackagedReleases/LuckyRobots-macOS.zip" Builds
echo "Created fallback package: PackagedReleases/LuckyRobots-macOS.zip"
fi
fi
echo "Packaged releases:"
ls -la PackagedReleases/
- name: Sign and Notarize macOS App
if: ${{ always() }}
env:
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }}
CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }}
API_KEY_ID: ${{ secrets.NOTARY_API_KEY_ID }}
API_KEY_ISSUER_ID: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }}
run: |
# Decode the base64 certificate
echo "Setting up certificate..."
echo $CERTIFICATE_BASE64 | base64 --decode > certificate.p12
# Create keychain and import certificate
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
KEYCHAIN_PASSWORD=temporary
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security import certificate.p12 -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
security list-keychain -d user -s "$KEYCHAIN_PATH"
# Find app bundle
APP_PATH=$(find Builds -type d -name "*.app" | head -1)
if [ -n "$APP_PATH" ]; then
echo "Signing app bundle: $APP_PATH"
# Sign the application
/usr/bin/codesign --force --options runtime --sign "Developer ID Application: $APPLE_TEAM_ID" --deep --entitlements "./LuckyRobots.entitlements" "$APP_PATH"
# Create a temporary file for notarization
NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip"
ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH"
# Decode the API key from Base64 secret
echo "$API_KEY_PATH" | base64 --decode > api_key.p8
API_KEY_FILE="api_key.p8"
# Submit for notarization using API key
echo "Submitting for notarization with API key..."
xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "$API_KEY_ID" --issuer "$API_KEY_ISSUER_ID" --wait
# Check notarization result
NOTARIZATION_INFO=$(xcrun notarytool history --key "$API_KEY_FILE" --key-id "$API_KEY_ID" --issuer "$API_KEY_ISSUER_ID" | grep -E '(success|invalid)' | head -1)
# Clean up the API key file
rm -f "$API_KEY_FILE"
if echo "$NOTARIZATION_INFO" | grep -q "success"; then
echo "Notarization successful"
# Staple the ticket to the application
xcrun stapler staple "$APP_PATH"
# Repackage the notarized app
rm "PackagedReleases/LuckyRobots-macOS.zip"
(cd $(dirname "$APP_PATH") && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$(basename "$APP_PATH")")
echo "Repackaged notarized app"
else
echo "Notarization failed: $NOTARIZATION_INFO"
exit 1
fi
else
echo "No app bundle found for signing and notarization"
exit 1
fi
# Clean up
rm -f certificate.p12
security delete-keychain "$KEYCHAIN_PATH"
- name: Upload macOS Build Artifact
uses: actions/upload-artifact@v3
if: success()
with:
name: LuckyRobots-macOS
path: PackagedReleases/LuckyRobots-macOS.zip
retention-days: 365
Reference in New Issue View Git Blame Copy Permalink