Skip to content

Commit

Permalink
Enable code signing for releases.
Browse files Browse the repository at this point in the history
  • Loading branch information
rsmmr committed Feb 15, 2022
1 parent ac23a6e commit ac88493
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ jobs:
# TODO: Install Zeek and run Zeek tests.
release_alpine_3_15_static:
runs-on: ubuntu-latest
environment: ${{ github.ref_name == 'main' && 'release' || '' }}
environment: ${{ (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }}

container:
image: alpine:3.15
Expand Down Expand Up @@ -106,7 +106,7 @@ jobs:
# TODO: Install Zeek and run Zeek tests.
release_macos_11:
runs-on: macos-11
environment: ${{ github.ref_name == 'main' && 'release' || '' }}
environment: ${{ (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }}

steps:
- name: Prepare
Expand Down Expand Up @@ -155,15 +155,15 @@ jobs:
### Only on topic branches

- name: Package (without codesign)
if: github.ref_name != 'main'
if: github.ref_name != 'main' && !startsWith(github.ref, 'refs/tags/v')
run: |
ninja -C build package
(cd build/dist && echo "ZA_TGZ=$(echo *.tar.gz)" >>$GITHUB_ENV)
### Only on the main branch

- name: Set up keychain for code signing
if: github.ref_name == 'main'
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')
env:
MACOS_CERTIFICATE_PEM: ${{ secrets.MACOS_CERTIFICATE_PEM }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
Expand All @@ -178,7 +178,7 @@ jobs:
security set-key-partition-list -S apple-tool:,apple: -s -k "${MACOS_KEYCHAIN_PASSWORD}" ${RUNNER_TEMP}/keychain-db
- name: Package (with codesign)
if: github.ref_name == 'main'
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')
env:
CPACK_BUNDLE_APPLE_CERT_APP: ${{ secrets.MACOS_CERTIFICATE_ID }}
run: |
Expand All @@ -187,7 +187,7 @@ jobs:
(cd build/dist && echo "ZA_TGZ=$(echo *.tar.gz)" >>$GITHUB_ENV)
- name: Clean up keychain
if: always() && github.ref_name == 'main'
if: always() && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v'))
run: |
security delete-keychain ${RUNNER_TEMP}/keychain-db
Expand All @@ -200,7 +200,7 @@ jobs:

release_source:
runs-on: ubuntu-latest
environment: ${{ github.ref_name == 'main' && 'release' || '' }}
environment: ${{ (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }}

steps:
- name: Prepare
Expand Down Expand Up @@ -229,7 +229,7 @@ jobs:

publish_release:
runs-on: ubuntu-latest
if: startsWith(github.ref_name, 'v')
if: startsWith(github.ref, 'refs/tags/v')
needs: [debug_ubuntu_latest, release_alpine_3_15_static, release_macos_11, release_source]
steps:
- name: Checkout code
Expand Down

0 comments on commit ac88493

Please sign in to comment.