Ozgur Ersoy
83011e5ad7
Some checks failed
Test macOS Signing / test-signing (push) Failing after 16m45s
128 lines
4.2 KiB
YAML
128 lines
4.2 KiB
YAML
name: Test macOS Signing
|
|
|
|
on:
|
|
push:
|
|
branches: [ozgur/build]
|
|
workflow_dispatch: # Manual trigger de mümkün olsun
|
|
|
|
jobs:
|
|
test-signing:
|
|
runs-on: macos
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
lfs: true
|
|
fetch-depth: 0
|
|
|
|
- name: Download Artifact
|
|
run: |
|
|
# Create directories
|
|
mkdir -p Builds/Mac
|
|
|
|
# Download specific artifact
|
|
echo "Downloading build artifact..."
|
|
|
|
# Sabit artifact URL kullan
|
|
ARTIFACT_URL="https://luckyrobots.com/LuckyRobots/LuckyWorld/actions/runs/84/artifacts/LuckyRobots-macOS"
|
|
|
|
echo "Using artifact URL: $ARTIFACT_URL"
|
|
|
|
# Download the artifact
|
|
curl -L "$ARTIFACT_URL" -o build.zip
|
|
|
|
# Extract to Builds directory
|
|
unzip -o build.zip -d Builds/Mac/
|
|
|
|
# Find extracted app bundle
|
|
APP_PATH=$(find Builds/Mac -type d -name "*.app" | head -1)
|
|
|
|
if [[ -z "$APP_PATH" ]]; then
|
|
echo "Could not find app bundle in downloaded artifact"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Downloaded app bundle: $APP_PATH"
|
|
echo "app_path=$APP_PATH" >> $GITHUB_ENV
|
|
shell: bash
|
|
|
|
- name: Validate App Path
|
|
id: validate-app
|
|
run: |
|
|
APP_PATH="$app_path"
|
|
|
|
if [ ! -d "$APP_PATH" ]; then
|
|
echo "Error: Application path does not exist: $APP_PATH"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Will sign and notarize: $APP_PATH"
|
|
echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT
|
|
shell: bash
|
|
|
|
- name: Setup for Signing
|
|
id: setup-signing
|
|
env:
|
|
API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }}
|
|
run: |
|
|
# Decode the API key from Base64 secret
|
|
echo "$API_KEY_PATH" | base64 --decode > api_key.p8
|
|
echo "api_key_file=$(pwd)/api_key.p8" >> $GITHUB_OUTPUT
|
|
shell: bash
|
|
|
|
- name: Sign macOS App
|
|
uses: lando/code-sign-action@v3
|
|
id: sign-app
|
|
with:
|
|
file: ${{ steps.validate-app.outputs.app_path }}
|
|
certificate-data: ${{ secrets.MACOS_CERTIFICATE }}
|
|
certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
|
|
certificate-id: ${{ secrets.APPLE_TEAM_ID }}
|
|
options: --force --options runtime --deep --timestamp --entitlements ./LuckyRobots.entitlements
|
|
|
|
- name: Notarize macOS App
|
|
run: |
|
|
# Create a temporary file for notarization
|
|
APP_PATH="${{ steps.validate-app.outputs.app_path }}"
|
|
NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip"
|
|
ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH"
|
|
|
|
API_KEY_FILE="${{ steps.setup-signing.outputs.api_key_file }}"
|
|
|
|
# Submit for notarization using API key
|
|
echo "Submitting for notarization with API key..."
|
|
xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "${{ secrets.NOTARY_API_KEY_ID }}" --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" --wait
|
|
|
|
# Staple the ticket to the application
|
|
xcrun stapler staple "$APP_PATH"
|
|
|
|
# Clean up the API key file
|
|
rm -f "$API_KEY_FILE"
|
|
rm -f "$NOTARIZE_APP_PATH"
|
|
shell: bash
|
|
|
|
- name: Package macOS App
|
|
run: |
|
|
# Package the signed and notarized app
|
|
APP_PATH="${{ steps.validate-app.outputs.app_path }}"
|
|
APP_NAME=$(basename "$APP_PATH")
|
|
DIR_PATH=$(dirname "$APP_PATH")
|
|
|
|
# Create test output directory
|
|
mkdir -p TestSignedApps
|
|
|
|
echo "Creating test package..."
|
|
(cd "$DIR_PATH" && zip -r "../../TestSignedApps/Test-$APP_NAME.zip" "$APP_NAME")
|
|
echo "Created test package: TestSignedApps/Test-$APP_NAME.zip"
|
|
|
|
echo "Test packaged apps:"
|
|
ls -la TestSignedApps/
|
|
shell: bash
|
|
|
|
- name: Upload Test Signed App
|
|
uses: actions/upload-artifact@v3
|
|
if: success()
|
|
with:
|
|
name: TestSigned-macOS-App
|
|
path: TestSignedApps/Test-*.zip
|
|
retention-days: 7 |