From ed2f9d2a97bc312133c4966005f9392ec41b228c Mon Sep 17 00:00:00 2001 From: Dylan Marcus Date: Fri, 19 Jan 2024 20:54:49 -0500 Subject: [PATCH] another codesign fix! --- .github/workflows/juce_ci.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/.github/workflows/juce_ci.yml b/.github/workflows/juce_ci.yml index b475bc9..f56b0d6 100644 --- a/.github/workflows/juce_ci.yml +++ b/.github/workflows/juce_ci.yml @@ -114,10 +114,25 @@ jobs: shell: bash run: cmake --build build --config $BUILD_TYPE - - name: OC Codesign (macos) + - name: OC Extract Keys and Codesign (macos) if: runner.os == 'MacOS' - shell: bash - run: /usr/bin/codesign -v --force -s "$MACOS_CERTIFICATE_NAME" --options runtime --entitlements osc_client/Resources/M1-OrientationOSC.entitlements --timestamp osc_client/build/M1-OrientationOSC_artefacts/Release/M1-OrientationOSC.app + # Extract the secrets we defined earlier as environment variables + env: + MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} + MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} + MACOS_CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }} + MACOS_CI_KEYCHAIN_PWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }} + run: | + # Turn our base64-encoded certificate back to a regular .p12 file + echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 + + security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain + security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain + + /usr/bin/codesign -v --force -s "$MACOS_CERTIFICATE_NAME" --options runtime --entitlements osc_client/Resources/M1-OrientationOSC.entitlements --timestamp osc_client/build/M1-OrientationOSC_artefacts/Release/M1-OrientationOSC.app - name: OC Package (macos) uses: akiojin/generate-mac-installer-github-action@v0.1.0