ci: add macOS notarization
このコミットが含まれているのは:
コミット
f7d5a87667
|
@ -43,6 +43,14 @@ jobs:
|
|||
run: |
|
||||
sudo apt-get update -y -qq
|
||||
sudo apt-get install libsdl2-dev libgtksourceview2.0-dev libgtk2.0-dev libao-dev libopenal-dev
|
||||
- name: "macOS: Import Certificate"
|
||||
if: runner.os == 'macOS'
|
||||
uses: devbotsxyz/import-signing-certificate@2ac4f44d28045073d23153256efbb4c4b2d8aa22 # Don't use rolling branch for security reasons
|
||||
with:
|
||||
certificate-data: ${{ secrets.MACOS_CERTIFICATE_DATA }}
|
||||
certificate-passphrase: ${{ secrets.MACOS_CERTIFICATE_PASSPHRASE }}
|
||||
keychain-name: ares-macos-keychain
|
||||
keychain-password: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }}
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install macOS Dependencies
|
||||
if: runner.os == 'macOS'
|
||||
|
@ -50,16 +58,29 @@ jobs:
|
|||
brew install make
|
||||
echo "MAKE=gmake" >> $GITHUB_ENV
|
||||
pushd thirdparty/MoltenVK
|
||||
./build-moltenvk.sh
|
||||
#./build-moltenvk.sh
|
||||
popd
|
||||
- name: Make
|
||||
if: runner.os != 'macOS'
|
||||
run: ${MAKE:-make} -j4 -C desktop-ui build=optimized local=false compiler=${{ matrix.platform.compiler }}
|
||||
- name: Make universal app
|
||||
- name: "macOS: Make universal app"
|
||||
if: runner.os == 'macOS'
|
||||
run: scripts/macos-make-universal.sh
|
||||
env:
|
||||
MAKEFLAGS: -j3
|
||||
MACOS_CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }}
|
||||
MACOS_KEYCHAIN_NAME: ares-macos-keychain
|
||||
MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }}
|
||||
- name: "macOS: notarize"
|
||||
if: runner.os == 'macOS'
|
||||
run: |
|
||||
ditto -c -k --keepParent desktop-ui/out/ares.app /tmp/ares.zip
|
||||
xcrun notarytool submit /tmp/ares.zip --apple-id "$MACOS_NOTARIZATION_USERNAME" --password "$MACOS_NOTARIZATION_PASSWORD" --team-id "$MACOS_NOTARIZATION_TEAMID" --wait
|
||||
xcrun stapler staple desktop-ui/out/ares.app
|
||||
env:
|
||||
MACOS_NOTARIZATION_USERNAME: ${{ secrets.MACOS_NOTARIZATION_USERNAME }}
|
||||
MACOS_NOTARIZATION_PASSWORD: ${{ secrets.MACOS_NOTARIZATION_PASSWORD }}
|
||||
MACOS_NOTARIZATION_TEAMID: ${{ secrets.MACOS_NOTARIZATION_TEAMID }}
|
||||
- name: Upload
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
|
|
|
@ -27,11 +27,15 @@ lipo -create -output desktop-ui/out/ares.app/Contents/MacOS/ares \
|
|||
desktop-ui/out-amd64/ares.app/Contents/MacOS/ares \
|
||||
desktop-ui/out-arm64/ares.app/Contents/MacOS/ares
|
||||
|
||||
if [ "${CERTIFICATE_NAME:-}" == "" ]; then
|
||||
if [ "${MACOS_KEYCHAIN_PASSWORD:-}" != "" ]; then
|
||||
security unlock-keychain -p "$MACOS_KEYCHAIN_PASSWORD" "$MACOS_KEYCHAIN_NAME"
|
||||
fi
|
||||
|
||||
if [ "${MACOS_CERTIFICATE_NAME:-}" == "" ]; then
|
||||
echo "Signing using self-signed"
|
||||
ENTITLEMENTS=desktop-ui/resource/ares.selfsigned.entitlements
|
||||
else
|
||||
echo "Signing using certificate: ${CERTIFICATE_NAME}"
|
||||
echo "Signing using certificate: ${MACOS_CERTIFICATE_NAME}"
|
||||
ENTITLEMENTS=desktop-ui/resource/ares.entitlements
|
||||
fi
|
||||
codesign --force --deep --options runtime --entitlements "${ENTITLEMENTS}" --sign "${CERTIFICATE_NAME:--}" desktop-ui/out/ares.app
|
||||
codesign --force --deep --options runtime --entitlements "${ENTITLEMENTS}" --sign "${MACOS_CERTIFICATE_NAME:--}" desktop-ui/out/ares.app
|
||||
|
|
読み込み中…
新しいイシューから参照