mirror of
https://github.com/spacedriveapp/spacedrive
synced 2024-07-04 11:03:27 +00:00
macos signing (#835)
* add certificate envs more signing envs * signing identity install api key in release workflow sign ffmpeg libraries * update all envs * update docker build action * update fmmpeg scripts * remove lib codesigning from setup script * declare signing identity arg * codesign ffmpeg in setup * stupid * qutoes
This commit is contained in:
parent
b4dad087e4
commit
99f4df1487
1
.github/actions/setup-system/action.yml
vendored
1
.github/actions/setup-system/action.yml
vendored
|
@ -55,6 +55,7 @@ runs:
|
|||
env:
|
||||
TARGET: ${{ inputs.targets }}
|
||||
GITHUB_TOKEN: ${{ inputs.token }}
|
||||
APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY }}
|
||||
|
||||
- name: Run 'setup-system.ps1' script
|
||||
shell: powershell
|
||||
|
|
2
.github/scripts/setup-system.sh
vendored
2
.github/scripts/setup-system.sh
vendored
|
@ -316,7 +316,7 @@ elif [ "$SYSNAME" = "Darwin" ]; then
|
|||
for _lib in "${_frameworks_dir}/FFMpeg.framework/Libraries/"*; do
|
||||
if [ -f "$_lib" ]; then
|
||||
# Sign the lib with the local machine certificate (Required for it to work on macOS 13+)
|
||||
if ! codesign -s - -f "$_lib" 1>/dev/null 2>&1; then
|
||||
if ! codesign -s "$APPLE_SIGNING_IDENTITY" -f "$_lib" 1>/dev/null 2>&1; then
|
||||
err "Failed to sign: ${_lib#"$_frameworks_dir"}" \
|
||||
'Please open an issue on https://github.com/spacedriveapp/spacedrive/issues'
|
||||
fi
|
||||
|
|
2
.github/workflows/ffmpeg.yml
vendored
2
.github/workflows/ffmpeg.yml
vendored
|
@ -45,7 +45,7 @@ jobs:
|
|||
run: |
|
||||
set -euxo pipefail
|
||||
cd .github/scripts/ffmpeg-macos
|
||||
docker build --build-arg FFMPEG_VERSION=$FFMPEG_VERSION -o . .
|
||||
docker build --build-arg FFMPEG_VERSION=$FFMPEG_VERSION --build-arg APPLE_SIGNING_IDENTITY="${{ secrets.APPLE_SIGNING_IDENTITY }}" -o . .
|
||||
export XZ_OPT='-T0 -9'
|
||||
tar -cJf "ffmpeg-${FFMPEG_VERSION}-x86_64.tar.xz" -C ffmpeg/x86_64 .
|
||||
tar -cJf "ffmpeg-${FFMPEG_VERSION}-arm64.tar.xz" -C ffmpeg/aarch64 .
|
||||
|
|
25
.github/workflows/release.yml
vendored
25
.github/workflows/release.yml
vendored
|
@ -39,6 +39,22 @@ jobs:
|
|||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install Apple API key
|
||||
if: ${{ runner.os == 'macOS' }}
|
||||
run: |
|
||||
mkdir -p ~/.appstoreconnect/private_keys/
|
||||
cd ~/.appstoreconnect/private_keys/
|
||||
echo ${{ secrets.APPLE_API_KEY_BASE64 }} >> AuthKey_${{ secrets.APPLE_API_KEY }}.p8.base64
|
||||
base64 --decode AuthKey_${{ secrets.APPLE_API_KEY }}.p8.base64 -o AuthKey_${{ secrets.APPLE_API_KEY }}.p8
|
||||
rm AuthKey_${{ secrets.APPLE_API_KEY }}.p8.base64
|
||||
|
||||
- name: Install Codesigning Certificate
|
||||
if: ${{ runner.os == 'macOS' }}
|
||||
uses: apple-actions/import-codesign-certs@v2
|
||||
with:
|
||||
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
|
||||
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
|
||||
|
||||
- name: Setup Node.js, pnpm and dependencies
|
||||
uses: ./.github/actions/setup-pnpm
|
||||
with:
|
||||
|
@ -46,6 +62,8 @@ jobs:
|
|||
|
||||
- name: Setup System and Rust
|
||||
uses: ./.github/actions/setup-system
|
||||
env:
|
||||
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
targets: ${{ matrix.settings.target }}
|
||||
|
@ -56,6 +74,13 @@ jobs:
|
|||
env:
|
||||
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
|
||||
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
|
||||
ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
|
||||
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
|
||||
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
|
||||
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
|
||||
APPLE_PROVIDER_SHORT_NAME: ${{ secrets.APPLE_PROVIDER_SHORT_NAME }}
|
||||
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
|
||||
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
|
||||
|
||||
- name: Publish Artifacts
|
||||
uses: ./.github/actions/publish-artifacts
|
||||
|
|
|
@ -37,7 +37,6 @@
|
|||
"frameworks": [],
|
||||
"minimumSystemVersion": "10.15",
|
||||
"exceptionDomain": "",
|
||||
"signingIdentity": null,
|
||||
"entitlements": null
|
||||
},
|
||||
"windows": {
|
||||
|
|
Loading…
Reference in a new issue