Skip to content

Commit

Permalink
Notarize distribution.
Browse files Browse the repository at this point in the history
  • Loading branch information
@rsmmr
rsmmr committed Feb 9, 2024
1 parent 375b706 commit 03a743a
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 19 deletions.
19 changes: 13 additions & 6 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,19 @@ jobs:

- name: Install the Apple certificate and provisioning profile
env:
APP_STORE_ISSUER_ID: ${{ secrets.APP_STORE_ISSUER_ID }}
APP_STORE_KEY_ID: ${{ secrets.APP_STORE_KEY_ID }}
APP_STORE_KEY_P8: ${{ secrets.APP_STORE_KEY_P8 }}
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}

run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
APP_STORE_KEY_PATH=$RUNNER_TEMP/key.p8
# import certificate profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
Expand All @@ -43,13 +47,15 @@ jobs:
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# import app store connect API key
echo -n "${APP_STORE_KEY_P8}" >${APP_STORE_KEY_PATH}
xcrun notarytool store-credentials -k "${APP_STORE_KEY_PATH}" -d "${APP_STORE_KEY_ID}" -i "${APP_STORE_ISSUER_ID}" --keychain "${KEYCHAIN_PATH}" --no-validate "App Store Connect - Notarization API Key"
rm "${APP_STORE_KEY_PATH}"
- name: Build code
run: make release

- name: Run check
run: make check

- name: Build ZIP
- name: Build and notarize distribution
run: |
make dist
(cd build && echo "DIST=$(echo *.zip)" >>$GITHUB_ENV)
Expand All @@ -63,6 +69,7 @@ jobs:
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm -f $RUNNER_TEMP/key.p8
publish_release:
permissions:
Expand Down
27 changes: 18 additions & 9 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,30 @@

VERSION=$(shell cat VERSION)
NOTARIZATION_PROFILE="App Store Connect - Notarization API Key"

all: adhoc

adhoc:
@xcodebuild -quiet -target qlview-adhoc -configuration Release
xcodebuild -quiet -target qlview-adhoc -configuration Release

release:
@xcodebuild -quiet -target qlview-signed -configuration Release

check: release
xcodebuild -quiet -target qlview-signed -configuration Release
codesign --verify --verbose build/Release/qlview
spctl --assess --verbose build/Release/qlview

dist: release
@rm -rf build/dist
@mkdir -p build/dist
check:

zip:
rm -rf build/dist
mkdir -p build/dist
cp -R build/Release/qlview build/dist
cd build/dist && zip -r ../qlview-$(VERSION).zip *
@ls build/*.zip
ls build/*.zip | sed 's/^/> /'

notarize:
xcrun notarytool submit --keychain-profile $(NOTARIZATION_PROFILE) --wait --timeout 10m build/qlview-$(VERSION).zip
spctl --assess --verbose build/qlview-$(VERSION).zip

dist: zip notarize

clean:
rm -rf build
14 changes: 10 additions & 4 deletions qlview.xcodeproj/project.pbxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,13 +203,16 @@
isa = XCBuildConfiguration;
buildSettings = {
CLANG_ENABLE_MODULES = YES;
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Developer ID Application";
CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO;
CODE_SIGN_STYLE = Automatic;
DEVELOPMENT_TEAM = 4UJK727T59;
CODE_SIGN_STYLE = Manual;
DEVELOPMENT_TEAM = "";
"DEVELOPMENT_TEAM[sdk=macosx*]" = 4UJK727T59;
ENABLE_HARDENED_RUNTIME = YES;
OTHER_CODE_SIGN_FLAGS = "--timestamp";
"PRODUCT_BUNDLE_IDENTIFIER[sdk=macosx*]" = org.rsmmr.qlview;
PRODUCT_NAME = qlview;
PROVISIONING_PROFILE_SPECIFIER = "";
SWIFT_OPTIMIZATION_LEVEL = "-Onone";
SWIFT_VERSION = 5.0;
};
Expand All @@ -219,13 +222,16 @@
isa = XCBuildConfiguration;
buildSettings = {
CLANG_ENABLE_MODULES = YES;
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Developer ID Application";
CODE_SIGN_INJECT_BASE_ENTITLEMENTS = NO;
CODE_SIGN_STYLE = Automatic;
DEVELOPMENT_TEAM = 4UJK727T59;
CODE_SIGN_STYLE = Manual;
DEVELOPMENT_TEAM = "";
"DEVELOPMENT_TEAM[sdk=macosx*]" = 4UJK727T59;
ENABLE_HARDENED_RUNTIME = YES;
OTHER_CODE_SIGN_FLAGS = "--timestamp";
"PRODUCT_BUNDLE_IDENTIFIER[sdk=macosx*]" = org.rsmmr.qlview;
PRODUCT_NAME = qlview;
PROVISIONING_PROFILE_SPECIFIER = "";
SWIFT_VERSION = 5.0;
};
name = Release;
Expand Down

0 comments on commit 03a743a

Please sign in to comment.