LuckyRobots/LuckyWorld
14
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases 13 Wiki Activity
LuckyWorld/.gitea/workflows/test-signing.yml
Ozgur Ersoy aef65a94bb
Some checks failed
Test macOS Signing / test-signing (push) Failing after 2m15s
Details
fix(workflows): improve macOS signing workflow by adding nested artifact extraction and enhanced error handling
2025-04-13 14:56:02 +02:00

142 lines
4.7 KiB
YAML
Raw Blame History

name: Test macOS Signing
on:
push:
branches: [ozgur/build]
workflow_dispatch: # Manual trigger is also available
jobs:
test-signing:
runs-on: macos
steps:
# - name: Checkout repository
# uses: actions/checkout@v3
# with:
# lfs: true
# fetch-depth: 0
- name: Download Artifact
run: |
# Create directories
mkdir -p Builds/Mac
# Download specific artifact
echo "Downloading build artifact..."
# Sabit artifact URL kullan
ARTIFACT_URL="https://luckyrobots.com/LuckyRobots/LuckyWorld/actions/runs/84/artifacts/LuckyRobots-macOS"
echo "Using artifact URL: $ARTIFACT_URL"
# Download the artifact
curl -L "$ARTIFACT_URL" -o build.zip
# First unzip - Outer artifact zip file
unzip -o build.zip -d temp_extract/
# Second unzip - Inner macOS app package
echo "Extracting inner zip file..."
INNER_ZIP=$(find temp_extract -name "*.zip" | head -1)
if [[ -z "$INNER_ZIP" ]]; then
echo "Could not find inner zip in artifact"
exit 1
fi
echo "Found inner zip: $INNER_ZIP"
unzip -o "$INNER_ZIP" -d Builds/Mac/
# Find extracted app bundle
APP_PATH=$(find Builds/Mac -type d -name "*.app" | head -1)
if [[ -z "$APP_PATH" ]]; then
echo "Could not find app bundle in extracted files"
echo "Directory contents:"
ls -la Builds/Mac/
exit 1
fi
echo "Found app bundle: $APP_PATH"
echo "app_path=$APP_PATH" >> $GITHUB_ENV
shell: bash
- name: Validate App Path
id: validate-app
run: |
APP_PATH="$app_path"
if [ ! -d "$APP_PATH" ]; then
echo "Error: Application path does not exist: $APP_PATH"
exit 1
fi
echo "Will sign and notarize: $APP_PATH"
echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT
shell: bash
- name: Setup for Signing
id: setup-signing
env:
API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }}
run: |
# Decode the API key from Base64 secret
echo "$API_KEY_PATH" | base64 --decode > api_key.p8
echo "api_key_file=$(pwd)/api_key.p8" >> $GITHUB_OUTPUT
shell: bash
- name: Sign macOS App
uses: lando/code-sign-action@v3
id: sign-app
with:
file: ${{ steps.validate-app.outputs.app_path }}
certificate-data: ${{ secrets.MACOS_CERTIFICATE }}
certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
certificate-id: ${{ secrets.APPLE_TEAM_ID }}
options: --force --options runtime --deep --timestamp --entitlements ./LuckyRobots.entitlements
- name: Notarize macOS App
run: |
# Create a temporary file for notarization
APP_PATH="${{ steps.validate-app.outputs.app_path }}"
NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip"
ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH"
API_KEY_FILE="${{ steps.setup-signing.outputs.api_key_file }}"
# Submit for notarization using API key
echo "Submitting for notarization with API key..."
xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "${{ secrets.NOTARY_API_KEY_ID }}" --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" --wait
# Staple the ticket to the application
xcrun stapler staple "$APP_PATH"
# Clean up the API key file
rm -f "$API_KEY_FILE"
rm -f "$NOTARIZE_APP_PATH"
shell: bash
- name: Package macOS App
run: |
# Package the signed and notarized app
APP_PATH="${{ steps.validate-app.outputs.app_path }}"
APP_NAME=$(basename "$APP_PATH")
DIR_PATH=$(dirname "$APP_PATH")
# Create test output directory
mkdir -p TestSignedApps
echo "Creating test package..."
(cd "$DIR_PATH" && zip -r "../../TestSignedApps/Test-$APP_NAME.zip" "$APP_NAME")
echo "Created test package: TestSignedApps/Test-$APP_NAME.zip"
echo "Test packaged apps:"
ls -la TestSignedApps/
shell: bash
- name: Upload Test Signed App
uses: actions/upload-artifact@v3
if: success()
with:
name: TestSigned-macOS-App
path: TestSignedApps/Test-*.zip
retention-days: 7
Reference in New Issue View Git Blame Copy Permalink