132 lines
4.3 KiB
YAML
132 lines
4.3 KiB
YAML
name: 'macOS Build Steps'
|
|
description: 'Build, sign and notarize macOS application'
|
|
|
|
inputs:
|
|
apple_team_id:
|
|
description: 'Apple Team ID for signing'
|
|
required: true
|
|
apple_certificate_base64:
|
|
description: 'Base64-encoded certificate file'
|
|
required: true
|
|
apple_certificate_password:
|
|
description: 'Password for certificate file'
|
|
required: true
|
|
api_key_path:
|
|
description: 'Base64-encoded API key file'
|
|
required: true
|
|
api_key_id:
|
|
description: 'API Key ID'
|
|
required: true
|
|
api_key_issuer_id:
|
|
description: 'API Key Issuer ID'
|
|
required: true
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Setup environment
|
|
run: |
|
|
# Use the correct path where Unreal Engine is installed
|
|
UE_PATH="/Users/Shared/Epic Games/UE_5.5"
|
|
|
|
if [ ! -d "$UE_PATH" ]; then
|
|
echo "Error: Unreal Engine is not installed in the expected location"
|
|
echo "Please ensure Unreal Engine is installed at $UE_PATH"
|
|
exit 1
|
|
fi
|
|
|
|
# Create directories for builds
|
|
mkdir -p Builds/Mac
|
|
mkdir -p PackagedReleases
|
|
|
|
echo "Using Unreal Engine 5.5"
|
|
shell: bash
|
|
|
|
- name: Build for macOS
|
|
run: |
|
|
chmod +x ./scripts/mac_build.sh
|
|
./scripts/mac_build.sh
|
|
shell: bash
|
|
|
|
- name: Setup for Signing
|
|
id: setup-signing
|
|
if: ${{ success() }}
|
|
env:
|
|
API_KEY_PATH: ${{ inputs.api_key_path }}
|
|
run: |
|
|
# Create output directory
|
|
mkdir -p PackagedReleases
|
|
|
|
# Decode the API key from Base64 secret
|
|
echo "$API_KEY_PATH" | base64 --decode > api_key.p8
|
|
echo "api_key_file=$(pwd)/api_key.p8" >> $GITHUB_OUTPUT
|
|
|
|
# Find app bundle
|
|
APP_PATH=$(find Builds -type d -name "*.app" | head -1)
|
|
|
|
if [ -z "$APP_PATH" ]; then
|
|
# Look for a directory that might be a bundle but not named .app
|
|
APP_PATH=$(find Builds -mindepth 1 -maxdepth 1 -type d | head -1)
|
|
if [ -z "$APP_PATH" ]; then
|
|
echo "No build directory found, cannot continue"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
echo "Found app path: $APP_PATH"
|
|
echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT
|
|
shell: bash
|
|
|
|
- name: Sign macOS App
|
|
uses: lando/code-sign-action@v3
|
|
id: sign-app
|
|
with:
|
|
file: ${{ steps.setup-signing.outputs.app_path }}
|
|
certificate-data: ${{ inputs.apple_certificate_base64 }}
|
|
certificate-password: ${{ inputs.apple_certificate_password }}
|
|
certificate-id: ${{ inputs.apple_team_id }}
|
|
options: --force --options runtime --deep --timestamp --entitlements ./LuckyRobots.entitlements
|
|
|
|
- name: Notarize macOS App
|
|
run: |
|
|
# Create a temporary file for notarization
|
|
APP_PATH="${{ steps.setup-signing.outputs.app_path }}"
|
|
NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip"
|
|
ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH"
|
|
|
|
API_KEY_FILE="${{ steps.setup-signing.outputs.api_key_file }}"
|
|
|
|
# Submit for notarization using API key
|
|
echo "Submitting for notarization with API key..."
|
|
xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "${{ inputs.api_key_id }}" --issuer "${{ inputs.api_key_issuer_id }}" --wait
|
|
|
|
# Staple the ticket to the application
|
|
xcrun stapler staple "$APP_PATH"
|
|
|
|
# Clean up the API key file
|
|
rm -f "$API_KEY_FILE"
|
|
rm -f "$NOTARIZE_APP_PATH"
|
|
shell: bash
|
|
|
|
- name: Package macOS App
|
|
run: |
|
|
# Package the signed and notarized app
|
|
APP_PATH="${{ steps.setup-signing.outputs.app_path }}"
|
|
APP_NAME=$(basename "$APP_PATH")
|
|
DIR_PATH=$(dirname "$APP_PATH")
|
|
|
|
echo "Creating final package..."
|
|
(cd "$DIR_PATH" && zip -r "../../PackagedReleases/LuckyRobots-macOS.zip" "$APP_NAME")
|
|
echo "Created packaged release: PackagedReleases/LuckyRobots-macOS.zip"
|
|
|
|
echo "Packaged releases:"
|
|
ls -la PackagedReleases/
|
|
shell: bash
|
|
|
|
- name: Upload macOS Build Artifact
|
|
uses: actions/upload-artifact@v3
|
|
if: success()
|
|
with:
|
|
name: LuckyRobots-macOS
|
|
path: PackagedReleases/LuckyRobots-macOS.zip
|
|
retention-days: 365 |