v0.0.12 #7
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sign macos binaries | |
| on: | |
| release: | |
| types: [ published ] | |
| jobs: | |
| sign: | |
| name: Sign macos binaries | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Move binaries | |
| run: | | |
| mkdir dist | |
| mv binaries/* . | |
| - name: Codesign and notarize on macOS | |
| env: | |
| APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} | |
| APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }} | |
| APPLE_NOTARIZE_ID: ${{ secrets.APPLE_NOTARIZE_ID }} | |
| APPLE_NOTARIZE_PASS: ${{ secrets.APPLE_NOTARIZE_PASS }} | |
| APPLE_NOTARIZE_TEAM_ID: ${{ secrets.APPLE_NOTARIZE_TEAM_ID }} | |
| run: | | |
| # import certificate | |
| echo "$APPLE_DEVELOPER_ID_CERT" | base64 --decode > certificate.p12 | |
| security create-keychain -p actions build.keychain | |
| security import certificate.p12 -k ~/Library/Keychains/build.keychain -P "$APPLE_DEVELOPER_ID_CERT_PASS" -T /usr/bin/codesign | |
| security list-keychains -d user -s ~/Library/Keychains/build.keychain | |
| security set-keychain-settings -t 3600 -u ~/Library/Keychains/build.keychain | |
| security unlock-keychain -p actions ~/Library/Keychains/build.keychain | |
| security set-key-partition-list -S apple-tool:,apple: -s -k actions ~/Library/Keychains/build.keychain | |
| # codesign | |
| codesign --sign "Developer ID Application: Filen Cloud Dienste UG (haftungsbeschraenkt)" --options runtime --force --keychain ~/Library/Keychains/build.keychain --entitlements=.github/workflows/entitlements.plist filen-cli-* | |
| # notarize | |
| zip filen-cli-macos.zip filen-cli-* | |
| xcrun notarytool submit filen-cli-macos.zip --apple-id $APPLE_NOTARIZE_ID --password $APPLE_NOTARIZE_PASS --team-id $APPLE_NOTARIZE_TEAM_ID --output-format json --wait 2>&1 | tee notarization_info.json | |
| id=$(cat notarization_info.json | jq -r '.id') | |
| xcrun notarytool log $id --apple-id $APPLE_NOTARIZE_ID --password $APPLE_NOTARIZE_PASS --team-id $APPLE_NOTARIZE_TEAM_ID | |
| # cleanup certificate | |
| security delete-keychain build.keychain | |
| rm -f certificate.p12 | |
| - name: Attach macos binaries to release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: filen-cli-* |