first attempt at macos code signing #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
permissions: | |
contents: write | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Release Version' | |
required: true | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Setup Rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: stable | |
- name: Install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libgtk-3-dev libsoup-3.0-dev libjavascriptcoregtk-4.1-dev libwebkit2gtk-4.1-dev | |
- name: Bundle | |
run: | | |
cargo install cargo-bundle | |
cargo bundle --release --features desktop --format osx | |
# zip -r Ore-${{ github.event.inputs.version }}.zip ./target/release/bundle/osx/Ore.app | |
- name: Upload macOS Application Bundle | |
uses: actions/upload-artifact@v2 | |
with: | |
name: Ore.app | |
path: ./target/release/bundle/osx/Ore.app | |
sign: | |
needs: build | |
runs-on: macos-latest | |
steps: | |
- name: Download macOS Application Bundle | |
uses: actions/download-artifact@v2 | |
with: | |
name: Ore.app | |
path: ./target/release/bundle/osx/ | |
- name: Install Apple Certificate | |
echo ${{ secrets.MACOS_CERTIFICATE }} | base64 --decode > certificate.p12 | |
security create-keychain -p "" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "" build.keychain | |
security import certificate.p12 -k build.keychain -P ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:-s -k "" build.keychain | |
- name: Sign the App | |
run: | | |
codesign --force --deep --sign "Developer ID Application: Nicholas Garfield (RP8738PY76)" --options runtime ./target/release/bundle/osx/Ore.app | |
- name: Upload macOS Application Bundle | |
uses: actions/upload-artifact@v2 | |
with: | |
name: Ore.app | |
path: ./target/release/bundle/osx/Ore.app | |
release: | |
needs: sign | |
name: Release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download macOS Application Bundle | |
uses: actions/download-artifact@v2 | |
with: | |
name: Ore.app | |
path: ./target/release/bundle/osx/ | |
- name: Bundle | |
run: | | |
zip -r Ore-${{ github.event.inputs.version }}.zip ./target/release/bundle/osx/Ore.app | |
- name: Create release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.event.inputs.version }} | |
release_name: Release ${{ github.event.inputs.version }} | |
draft: false | |
prerelease: false | |
- name: Upload release | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: ./Ore-${{ github.event.inputs.version }}.zip | |
asset_name: Ore-${{ github.event.inputs.version }}.zip | |
asset_content_type: application/zip | |