diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e2cfc10c7d..6f94f78ea5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,43 +20,17 @@ jobs: - uses: nuget/setup-nuget@v1 - uses: actions/checkout@v3 - - - name: Sign resource binaries - if: github.event_name != 'pull_request' - uses: dlemstra/code-sign-action@v1 - with: - certificate: '${{ secrets.WINDOWS_CERTIFICATE }}' - password: '${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}' - folder: './windows' - recursive: true - name: Build working-directory: ./windows run: | nuget restore msbuild "QMK Toolbox.sln" /verbosity:minimal /p:Configuration=Release - - - name: Sign QMK Toolbox - if: github.event_name != 'pull_request' - uses: dlemstra/code-sign-action@v1 - with: - certificate: '${{ secrets.WINDOWS_CERTIFICATE }}' - password: '${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}' - folder: './windows/QMK Toolbox/bin/Release' - recursive: true - name: Create installer working-directory: ./windows run: | iscc install_compiler.iss - - - name: Sign QMK Toolbox installer - if: github.event_name != 'pull_request' - uses: dlemstra/code-sign-action@v1 - with: - certificate: '${{ secrets.WINDOWS_CERTIFICATE }}' - password: '${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}' - folder: './windows' - uses: actions/upload-artifact@v3 with: @@ -79,32 +53,6 @@ jobs: - uses: actions/checkout@v3 - - name: "Import Certificate: Development" - if: github.event_name != 'pull_request' - uses: apple-actions/import-codesign-certs@v2 - with: - p12-file-base64: ${{ secrets.DEVELOPMENT_CERTIFICATE_DATA }} - p12-password: ${{ secrets.DEVELOPMENT_CERTIFICATE_PASSPHRASE }} - keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} - - - name: "Import Certificate: App Distribution" - if: github.event_name != 'pull_request' - uses: apple-actions/import-codesign-certs@v2 - with: - p12-file-base64: ${{ secrets.APP_DISTRIBUTION_CERTIFICATE_DATA }} - p12-password: ${{ secrets.APP_DISTRIBUTION_CERTIFICATE_PASSPHRASE }} - keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} - create-keychain: false - - - name: "Import Certificate: Installer Distribution" - if: github.event_name != 'pull_request' - uses: apple-actions/import-codesign-certs@v2 - with: - p12-file-base64: ${{ secrets.INSTALLER_DISTRIBUTION_CERTIFICATE_DATA }} - p12-password: ${{ secrets.INSTALLER_DISTRIBUTION_CERTIFICATE_PASSPHRASE }} - keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} - create-keychain: false - - name: Check binary permissions working-directory: ./macos/QMK Toolbox/Resources env: @@ -118,81 +66,24 @@ jobs: done exit $status - - name: Archive - if: github.event_name != 'pull_request' - uses: devbotsxyz/xcode-archive@v1 - with: - workspace: "macos/QMK Toolbox.xcworkspace" - scheme: "QMK Toolbox" - export-path: "macos/build" - - - name: Export & Sign Release Build - if: github.event_name != 'pull_request' - uses: devbotsxyz/xcode-export-archive@master - with: - workspace: "macos/QMK Toolbox.xcworkspace" - scheme: "QMK Toolbox" - export-path: "macos/build" - - - name: Notarize Release Build - if: github.event_name != 'pull_request' - uses: devbotsxyz/xcode-notarize@v1 - with: - product-path: "macos/build/QMK Toolbox.app" - appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }} - appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }} - - - name: Staple Release Build - if: github.event_name != 'pull_request' - uses: devbotsxyz/xcode-staple@v1 - with: - product-path: "macos/build/QMK Toolbox.app" - - - name: Build (unsigned-only) - if: github.event_name == 'pull_request' + - name: Build working-directory: ./macos run: | mkdir build - xcodebuild CONFIGURATION_BUILD_DIR=build -configuration Debug - - - name: Package for Distribution - run: ditto -ck --rsrc --sequesterRsrc -v --keepParent "macos/build/QMK Toolbox.app" macos/build/QMK.Toolbox.app.zip + xcodebuild CONFIGURATION_BUILD_DIR=build + ditto -ck --rsrc --sequesterRsrc -v --keepParent "build/QMK Toolbox.app" build/QMK.Toolbox.app.zip - uses: actions/upload-artifact@v3 with: name: QMK.Toolbox.app.zip path: macos/build/QMK.Toolbox.app.zip - - name: Create Installer + - name: Create installer working-directory: ./macos run: | brew install packages packagesbuild -v "QMK Toolbox.pkgproj" - - - name: Sign Installer - if: github.event_name != 'pull_request' - working-directory: ./macos - run: productsign -s "${{ secrets.DEVELOPER_ID_INSTALLER_NAME }}" "build/QMK Toolbox.pkg" build/QMK.Toolbox.pkg - - - name: Notarize Installer - if: github.event_name != 'pull_request' - uses: devbotsxyz/xcode-notarize@v1 - with: - product-path: "macos/build/QMK.Toolbox.pkg" - appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }} - appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }} - primary-bundle-id: fm.qmk.toolbox - - - name: Staple Installer - if: github.event_name != 'pull_request' - uses: devbotsxyz/xcode-staple@v1 - with: - product-path: "macos/build/QMK.Toolbox.pkg" - - - name: Move installer (unsigned-only) - if: github.event_name == 'pull_request' - working-directory: ./macos - run: mv "build/QMK Toolbox.pkg" build/QMK.Toolbox.pkg + mv "build/QMK Toolbox.pkg" build/QMK.Toolbox.pkg - uses: actions/upload-artifact@v3 with: diff --git a/macos/QMK Toolbox.xcodeproj/project.pbxproj b/macos/QMK Toolbox.xcodeproj/project.pbxproj index a8b829046d..85fb53d239 100644 --- a/macos/QMK Toolbox.xcodeproj/project.pbxproj +++ b/macos/QMK Toolbox.xcodeproj/project.pbxproj @@ -108,7 +108,6 @@ 098AEDFA1F5E45C300CA054D /* dfu-util */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = "dfu-util"; sourceTree = ""; }; 09D79CB51FB0DD7F0086ABF6 /* libusb-1.0.0.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; path = "libusb-1.0.0.dylib"; sourceTree = ""; }; 09D79CBB1FB8A6490086ABF6 /* libusb-0.1.4.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; path = "libusb-0.1.4.dylib"; sourceTree = ""; }; - 300641B328359D3E00F58C4B /* QMK ToolboxRelease.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "QMK ToolboxRelease.entitlements"; sourceTree = ""; }; 3A128566283D3F0800173A80 /* MicrocontrollerSelector.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MicrocontrollerSelector.swift; sourceTree = ""; }; 3A32CF4A28412C420016D7B7 /* BootloaderDevice.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BootloaderDevice.swift; sourceTree = ""; }; 3A32CF4C28413E6B0016D7B7 /* HalfKayDevice.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = HalfKayDevice.swift; sourceTree = ""; }; @@ -199,7 +198,6 @@ 3AA5D3462803FCE1008121E4 /* Colors.xcassets */, 3AE86EFA294C9CEC00008D3E /* Main.storyboard */, 092964061F5C8B2C004F2D3F /* Info.plist */, - 300641B328359D3E00F58C4B /* QMK ToolboxRelease.entitlements */, 092963FE1F5C8B2C004F2D3F /* Supporting Files */, ); path = "QMK Toolbox"; @@ -551,11 +549,8 @@ buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; CODE_SIGN_IDENTITY = "-"; - CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEAD_CODE_STRIPPING = YES; - DEVELOPMENT_TEAM = ""; - EXCLUDED_ARCHS = arm64; INFOPLIST_FILE = "QMK Toolbox/Info.plist"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", @@ -569,7 +564,6 @@ ); PRODUCT_BUNDLE_IDENTIFIER = fm.qmk.toolbox; PRODUCT_NAME = "$(TARGET_NAME)"; - PROVISIONING_PROFILE_SPECIFIER = ""; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_VERSION = 5.0; }; @@ -579,14 +573,9 @@ isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; - CODE_SIGN_ENTITLEMENTS = "QMK Toolbox/QMK ToolboxRelease.entitlements"; - CODE_SIGN_IDENTITY = "Apple Development"; - CODE_SIGN_STYLE = Automatic; + CODE_SIGN_IDENTITY = "-"; COMBINE_HIDPI_IMAGES = YES; DEAD_CODE_STRIPPING = YES; - DEVELOPMENT_TEAM = NAASF73NJ7; - ENABLE_HARDENED_RUNTIME = YES; - EXCLUDED_ARCHS = arm64; INFOPLIST_FILE = "QMK Toolbox/Info.plist"; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", @@ -600,7 +589,6 @@ ); PRODUCT_BUNDLE_IDENTIFIER = fm.qmk.toolbox; PRODUCT_NAME = "$(TARGET_NAME)"; - PROVISIONING_PROFILE_SPECIFIER = ""; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_VERSION = 5.0; }; diff --git a/macos/QMK Toolbox/QMK ToolboxRelease.entitlements b/macos/QMK Toolbox/QMK ToolboxRelease.entitlements deleted file mode 100644 index 0c67376eba..0000000000 --- a/macos/QMK Toolbox/QMK ToolboxRelease.entitlements +++ /dev/null @@ -1,5 +0,0 @@ - - - - - diff --git a/macos/certificate-setup.md b/macos/certificate-setup.md deleted file mode 100644 index d4c0cd69ad..0000000000 --- a/macos/certificate-setup.md +++ /dev/null @@ -1,33 +0,0 @@ -## Setting up certificates - -### Requirements - -Three certificates are needed for signing and notarization: - -- Apple Development certificate for signing (renewed every year) -- Developer ID Application - For distributing .app -- Developer ID Installer - For distributing .pkg - -### Getting Certificates into GitHub Actions - -Here's how to export the certificates from Keychain and import them into GitHub Actions secrets: - -1. Make Developer ID Application, Developer ID Installer, and Apple Development certificates -2. Go to QMK Toolbox repository Settings -> Security -> Secrets -> Actions -3. Go into Keychain Access and export both the certificate and private key to .p12 and set passphrase -4. Run `base64 .p12 | pbcopy` to get certificate into clipboard -5. Paste into certificate data secret `_CERTIFICATE_DATA` -6. Input passphrase for the exported certificate into `_CERTIFICATE_PASSPHRASE` - -Prefixes for the certificate secrets: - -- Apple Development: `DEVELOPMENT` -- Developer ID Application: `APP_DISTRIBUTION` -- Developer ID Installer: `INSTALLER_DISTRIBUTION` - -### Other Secrets - -- `KEYCHAIN_PASSWORD`: Can be set to anything -- `NOTARIZATION_USERNAME`: Apple ID account -- `NOTARIZATION_PASSWORD`: App-specific password generated for Apple ID account -- `DEVELOPER_ID_INSTALLER_NAME`: Name of certificate for Developer ID Application (ex. `Developer ID Application: Big Organization (XXXXXXXXX)`)