From e276d55937970714454c496f521d99e844c77b31 Mon Sep 17 00:00:00 2001 From: Scott Wadden Date: Thu, 19 Oct 2023 00:32:04 -0300 Subject: [PATCH] wip --- .github/workflows/dist_mac.yaml | 31 ++++++++++++++++++++----------- enu.nimble | 13 +++++++++---- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/.github/workflows/dist_mac.yaml b/.github/workflows/dist_mac.yaml index 42405e23..0a7cdf20 100644 --- a/.github/workflows/dist_mac.yaml +++ b/.github/workflows/dist_mac.yaml @@ -11,27 +11,36 @@ jobs: fetch-depth: 0 - name: Install certificates. Write dist_config.json. env: - MACOS_DIST_CONFIG: ${{ secrets.PROD_MACOS_DIST_CONFIG }} - MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }} - MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} - MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} - MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} + DIST_CONFIG: ${{ secrets.PROD_MACOS_DIST_CONFIG }} + CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }} + CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} + CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} + KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} + NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} + NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} + NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }} + NOTARIZATION_PROFILE: ${{ secrets.PROD_MACOS_NOTARIZATION_PROFILE }} + run: | run: | # Adapted from https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/ + # Turn our base64-encoded certificate back to a regular .p12 file - echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 - echo $MACOS_DIST_CONFIG | base64 --decode > dist_config.json + echo $CERTIFICATE | base64 --decode > certificate.p12 + echo $DIST_CONFIG | base64 --decode > dist_config.json # We need to create a new keychain, otherwise using the certificate will prompt # with a UI dialog asking for the certificate password, which we can't # use in a headless CI environment - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain + security create-keychain -p "$KEYCHAIN_PWD" build.keychain security default-keychain -s build.keychain - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain - security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain + security unlock-keychain -p "$KEYCHAIN_PWD" build.keychain + security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PWD" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PWD" build.keychain + + echo "Create keychain profile" + xcrun notarytool store-credentials "$NOTARIZATION_PROFILE" --apple-id "$NOTARIZATION_APPLE_ID" --team-id "$NOTARIZATION_TEAM_ID" --password "$NOTARIZATION_PWD" - name: Install build deps run: brew install nim scons yasm diff --git a/enu.nimble b/enu.nimble index cf6fb43a..55e286af 100644 --- a/enu.nimble +++ b/enu.nimble @@ -303,11 +303,16 @@ task dist_package, "Build distribution binaries": exec &"mv {package_name} dist" if config["notarize"].get_bool: - let - username = config["notarize-username"].get_str - password = config["notarize-password"].get_str + if "notarize-profile" in config: + let profile = config["notarize-profile"].get_str + exec &"xcrun notarytool submit \"dist/{package_name}\" --keychain-profile \"{profile}\" --wait" - exec &"xcrun altool --notarize-app --primary-bundle-id 'ca.dsrw.enu' --username '{username}' --password '{password}' --file dist/{package_name}" + else: + let + username = config["notarize-username"].get_str + password = config["notarize-password"].get_str + + exec &"xcrun altool --notarize-app --primary-bundle-id 'com.getenu.enu' --username '{username}' --password '{password}' --file dist/{package_name}" elif host_os == "linux": gen_binding_and_copy_stdlib("server")