Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@dsrw
dsrw committed Oct 19, 2023
1 parent 1237540 commit e276d55
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 15 deletions.
31 changes: 20 additions & 11 deletions .github/workflows/dist_mac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,27 +11,36 @@ jobs:
fetch-depth: 0
- name: Install certificates. Write dist_config.json.
env:
MACOS_DIST_CONFIG: ${{ secrets.PROD_MACOS_DIST_CONFIG }}
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
DIST_CONFIG: ${{ secrets.PROD_MACOS_DIST_CONFIG }}
CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
NOTARIZATION_PROFILE: ${{ secrets.PROD_MACOS_NOTARIZATION_PROFILE }}
run: |
run: |
# Adapted from https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/
# Turn our base64-encoded certificate back to a regular .p12 file
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
echo $MACOS_DIST_CONFIG | base64 --decode > dist_config.json
echo $CERTIFICATE | base64 --decode > certificate.p12
echo $DIST_CONFIG | base64 --decode > dist_config.json
# We need to create a new keychain, otherwise using the certificate will prompt
# with a UI dialog asking for the certificate password, which we can't
# use in a headless CI environment
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security create-keychain -p "$KEYCHAIN_PWD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security unlock-keychain -p "$KEYCHAIN_PWD" build.keychain
security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PWD" build.keychain
echo "Create keychain profile"
xcrun notarytool store-credentials "$NOTARIZATION_PROFILE" --apple-id "$NOTARIZATION_APPLE_ID" --team-id "$NOTARIZATION_TEAM_ID" --password "$NOTARIZATION_PWD"
- name: Install build deps
run: brew install nim scons yasm
Expand Down
13 changes: 9 additions & 4 deletions enu.nimble
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,11 +303,16 @@ task dist_package, "Build distribution binaries":
exec &"mv {package_name} dist"

if config["notarize"].get_bool:
let
username = config["notarize-username"].get_str
password = config["notarize-password"].get_str
if "notarize-profile" in config:
let profile = config["notarize-profile"].get_str
exec &"xcrun notarytool submit \"dist/{package_name}\" --keychain-profile \"{profile}\" --wait"

exec &"xcrun altool --notarize-app --primary-bundle-id 'ca.dsrw.enu' --username '{username}' --password '{password}' --file dist/{package_name}"
else:
let
username = config["notarize-username"].get_str
password = config["notarize-password"].get_str

exec &"xcrun altool --notarize-app --primary-bundle-id 'com.getenu.enu' --username '{username}' --password '{password}' --file dist/{package_name}"

elif host_os == "linux":
gen_binding_and_copy_stdlib("server")
Expand Down

0 comments on commit e276d55

Please sign in to comment.