Skip to content

Commit f4e0332

Browse files
ann0seeann0see
authored
Merge pull request #3352 from ann0see/autobuild/refactorMacNot
2 parents ffab943 + ccc56f5 commit f4e0332

2 files changed

Lines changed: 34 additions & 35 deletions

File tree

.github/autobuild/mac.sh

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -190,18 +190,27 @@ pass_artifact_to_job() {
190190
fi
191191
}
192192

193-
appstore_submit() {
194-
echo "Submitting package to AppStore Connect..."
195-
# test the signature of package
196-
pkgutil --check-signature "${ARTIFACT_PATH}"
193+
notarize() {
194+
echo "Submitting artifact to AppStore Connect..."
197195

196+
if [[ ${ARTIFACT_PATH} == *.pkg ]]; then
197+
# Check if .pkg file is signed. (https://apple.stackexchange.com/a/212336)
198+
pkgutil --check-signature "${ARTIFACT_PATH}"
199+
fi
200+
201+
echo "Requesting notarization..."
198202
xcrun notarytool submit "${ARTIFACT_PATH}" \
199203
--apple-id "${NOTARIZATION_USERNAME}" \
200204
--team-id "${APPLE_TEAM_ID}" \
201205
--password "${NOTARIZATION_PASSWORD}" \
202206
--wait
203207
}
204208

209+
staple() {
210+
echo "Stapling package..."
211+
xcrun stapler staple "${ARTIFACT_PATH}"
212+
}
213+
205214
case "${1:-}" in
206215
setup)
207216
setup
@@ -212,8 +221,11 @@ case "${1:-}" in
212221
get-artifacts)
213222
pass_artifact_to_job
214223
;;
215-
appstore-submit)
216-
appstore_submit
224+
notarize)
225+
notarize
226+
;;
227+
staple)
228+
staple
217229
;;
218230
*)
219231
echo "Unknown stage '${1:-}'"

.github/workflows/autobuild.yml

Lines changed: 16 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -365,13 +365,13 @@ jobs:
365365
run: ${{ matrix.config.base_command }} build
366366
env:
367367
JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }}
368-
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERT}}
369-
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERT_PWD }}
370-
MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERT_ID }}
371-
MAC_STORE_APP_CERT: ${{ secrets.MACAPP_CERT}}
368+
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERT }} # Base64 encoded Developer ID Application certificate. See https://help.apple.com/xcode/mac/current/#/dev154b28f09
369+
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERT_PWD }} # Password protecting secrets.MACOS_CERTIFICATE
370+
MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERT_ID }} # Certificate ID of secrets.MACOS_CERTIFICATE. If unknown, import secrets.MACOS_CERT into keychain and get the hash via "security find-identity -v"
371+
MAC_STORE_APP_CERT: ${{ secrets.MACAPP_CERT }} # Base64 encoded Mac App Distribution certificate
372372
MAC_STORE_APP_CERT_PWD: ${{ secrets.MACAPP_CERT_PWD }}
373373
MAC_STORE_APP_CERT_ID: ${{ secrets.MACAPP_CERT_ID }}
374-
MAC_STORE_INST_CERT: ${{ secrets.MACAPP_INST_CERT}}
374+
MAC_STORE_INST_CERT: ${{ secrets.MACAPP_INST_CERT }} # Base64 encoded Mac Installer Distribution certificate
375375
MAC_STORE_INST_CERT_PWD: ${{ secrets.MACAPP_INST_CERT_PWD }}
376376
MAC_STORE_INST_CERT_ID: ${{ secrets.MACAPP_INST_CERT_ID }}
377377
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
@@ -408,23 +408,24 @@ jobs:
408408
needs.create_release.outputs.publish_to_release == 'true' &&
409409
steps.build.outputs.macos_notarize == 'true'
410410
id: notarize-macOS-app
411-
uses: lando/notarize-action@4f5869b09386e8336802159031e4189e0919ae20
412-
with:
413-
product-path: deploy/${{ steps.get-artifacts.outputs.artifact_1 }}
414-
primary-bundle-id: io.jamulus.Jamulus
415-
appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }}
416-
appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }}
417-
appstore-connect-team-id: ${{ secrets.NOTARIZATION_TEAM_ID }}
411+
run: ${{ matrix.config.base_command }} notarize
412+
env:
413+
JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }}
414+
ARTIFACT_PATH: deploy/${{ steps.get-artifacts.outputs.artifact_1 }}
415+
NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }} # Apple ID for notarization
416+
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} # App specific password for Apple ID
417+
APPLE_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }} # Team ID from App Store Connect
418418

419419
- name: Staple macOS Release Build
420420
if: >-
421421
steps.build.outputs.macos_signed == 'true' &&
422422
needs.create_release.outputs.publish_to_release == 'true' &&
423423
steps.build.outputs.macos_notarize == 'true'
424424
id: staple-macOS-app
425-
uses: BoundfoxStudios/action-xcode-staple@cd6c16fb6a3dfb365203a41343926f81e813afad
426-
with:
427-
product-path: deploy/${{ steps.get-artifacts.outputs.artifact_1 }}
425+
run: ${{ matrix.config.base_command }} staple
426+
env:
427+
JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }}
428+
ARTIFACT_PATH: deploy/${{ steps.get-artifacts.outputs.artifact_1 }}
428429

429430
- name: Deploy Artifacts to Release
430431
if: needs.create_release.outputs.publish_to_release == 'true'
@@ -436,20 +437,6 @@ jobs:
436437
env:
437438
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
438439

439-
## RELEASE PROCEDURE FOR: macOS App Store - storesigned pkg
440-
- name: Validate and Upload macOS Storesign Pkg
441-
if: >-
442-
steps.build.outputs.macos_store == 'true' &&
443-
needs.create_release.outputs.publish_to_release == 'true'
444-
id: macos_validate_upload
445-
run: ${{ matrix.config.base_command }} appstore-submit
446-
env:
447-
ARTIFACT_PATH: deploy/${{ steps.get-artifacts.outputs.artifact_2 }}
448-
NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
449-
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
450-
JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }}
451-
APPLE_TEAM_ID: XXXXXXXXXXX
452-
453440
- name: Perform CodeQL Analysis
454441
if: matrix.config.run_codeql
455442
uses: github/codeql-action/analyze@v3

0 commit comments

Comments
 (0)