mirror of
https://github.com/Cockatrice/Cockatrice.git
synced 2026-07-18 16:32:16 -07:00
Try another GHA maybe
This commit is contained in:
parent
f67df75c58
commit
e53efae012
1 changed files with 58 additions and 48 deletions
106
.github/workflows/desktop-build.yml
vendored
106
.github/workflows/desktop-build.yml
vendored
|
|
@ -267,56 +267,66 @@ jobs:
|
||||||
# https://github.com/actions/runner-images?tab=readme-ov-file#available-images
|
# https://github.com/actions/runner-images?tab=readme-ov-file#available-images
|
||||||
run: .ci/compile.sh --server --parallel ${{matrix.core_count}}
|
run: .ci/compile.sh --server --parallel ${{matrix.core_count}}
|
||||||
|
|
||||||
- name: CodeSign app bundle
|
# - name: CodeSign app bundle
|
||||||
env:
|
# env:
|
||||||
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
|
# MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
|
||||||
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
|
# MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
|
||||||
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
|
# MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
|
||||||
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
|
# MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
|
||||||
run: |
|
# run: |
|
||||||
# Turn our base64-encoded certificate back to a regular .p12 file
|
# # Turn our base64-encoded certificate back to a regular .p12 file
|
||||||
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
|
# echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
|
||||||
|
#
|
||||||
|
# # We need to create a new keychain, otherwise using the certificate will prompt
|
||||||
|
# # with a UI dialog asking for the certificate password, which we can't
|
||||||
|
# # use in a headless CI environment
|
||||||
|
# security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
||||||
|
# security default-keychain -s build.keychain
|
||||||
|
# security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
||||||
|
# security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
|
||||||
|
# security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
||||||
|
#
|
||||||
|
# # We finally codesign our app bundle, specifying the Hardened runtime option
|
||||||
|
# codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime "/Users/runner/work/Cockatrice/Cockatrice/build/cockatrice/cockatrice.app" -v
|
||||||
|
# codesign --verify --deep --strict "/Users/runner/work/Cockatrice/Cockatrice/build/cockatrice/cockatrice.app"
|
||||||
|
#
|
||||||
|
# - name: Notarize app bundle
|
||||||
|
# env:
|
||||||
|
# PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
|
||||||
|
# PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
|
||||||
|
# PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
|
||||||
|
# run: |
|
||||||
|
# # Store the notarization credentials so that we can prevent a UI password dialog
|
||||||
|
# # from blocking the CI
|
||||||
|
# echo "Create keychain profile"
|
||||||
|
# xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
|
||||||
|
#
|
||||||
|
# # We can't notarize an app bundle directly, but we need to compress it as an archive.
|
||||||
|
# # Therefore, we create a zip file containing our app bundle, so that we can send it to the
|
||||||
|
# # notarization service
|
||||||
|
# echo "Creating temp notarization archive"
|
||||||
|
# ditto -c -k --keepParent "/Users/runner/work/Cockatrice/Cockatrice/build/cockatrice/cockatrice.app" "notarization.zip"
|
||||||
|
#
|
||||||
|
# # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
|
||||||
|
# # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
|
||||||
|
# # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
|
||||||
|
# # you're curious
|
||||||
|
# echo "Notarize app"
|
||||||
|
# xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
|
||||||
|
#
|
||||||
|
# # Finally, we need to "attach the staple" to our executable, which will allow our app to be
|
||||||
|
# # validated by macOS even when an internet connection is not available.
|
||||||
|
# echo "Attach staple"
|
||||||
|
# xcrun stapler staple "/Users/runner/work/Cockatrice/Cockatrice/build/cockatrice/cockatrice.app"
|
||||||
|
|
||||||
# We need to create a new keychain, otherwise using the certificate will prompt
|
|
||||||
# with a UI dialog asking for the certificate password, which we can't
|
|
||||||
# use in a headless CI environment
|
|
||||||
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
|
||||||
security default-keychain -s build.keychain
|
|
||||||
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
|
||||||
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
|
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
|
|
||||||
|
|
||||||
# We finally codesign our app bundle, specifying the Hardened runtime option
|
- name: Sign binary
|
||||||
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime "/Users/runner/work/Cockatrice/Cockatrice/build/cockatrice/cockatrice.app" -v
|
uses: lando/code-sign-action@v3
|
||||||
|
with:
|
||||||
- name: Notarize app bundle
|
file: "/Users/runner/work/Cockatrice/Cockatrice/build/cockatrice/cockatrice.app"
|
||||||
env:
|
certificate-data: ${{ secrets.PROD_MACOS_CERTIFICATE }}
|
||||||
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
|
certificate-id: STKV3NKYBF
|
||||||
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
|
certificate-password: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
|
||||||
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
|
|
||||||
run: |
|
|
||||||
# Store the notarization credentials so that we can prevent a UI password dialog
|
|
||||||
# from blocking the CI
|
|
||||||
echo "Create keychain profile"
|
|
||||||
xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
|
|
||||||
|
|
||||||
# We can't notarize an app bundle directly, but we need to compress it as an archive.
|
|
||||||
# Therefore, we create a zip file containing our app bundle, so that we can send it to the
|
|
||||||
# notarization service
|
|
||||||
echo "Creating temp notarization archive"
|
|
||||||
ditto -c -k --keepParent "/Users/runner/work/Cockatrice/Cockatrice/build/cockatrice/cockatrice.app" "notarization.zip"
|
|
||||||
|
|
||||||
# Here we send the notarization request to the Apple's Notarization service, waiting for the result.
|
|
||||||
# This typically takes a few seconds inside a CI environment, but it might take more depending on the App
|
|
||||||
# characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
|
|
||||||
# you're curious
|
|
||||||
echo "Notarize app"
|
|
||||||
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
|
|
||||||
|
|
||||||
# Finally, we need to "attach the staple" to our executable, which will allow our app to be
|
|
||||||
# validated by macOS even when an internet connection is not available.
|
|
||||||
echo "Attach staple"
|
|
||||||
xcrun stapler staple "/Users/runner/work/Cockatrice/Cockatrice/build/cockatrice/cockatrice.app"
|
|
||||||
|
|
||||||
- name: Upload artifact
|
- name: Upload artifact
|
||||||
if: matrix.make_package
|
if: matrix.make_package
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue