pinggy 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -4,9 +4,6 @@ on:
|
|
|
4
4
|
release:
|
|
5
5
|
types: [created]
|
|
6
6
|
|
|
7
|
-
env:
|
|
8
|
-
S3_BUCKET: public.pinggy.cli.binaries
|
|
9
|
-
|
|
10
7
|
jobs:
|
|
11
8
|
Ubuntu:
|
|
12
9
|
name: Build on ${{ matrix.name }} and upload to GitHub Release
|
|
@@ -39,6 +36,59 @@ jobs:
|
|
|
39
36
|
- name: Run caxa build to produce `bin/`
|
|
40
37
|
run: make pack
|
|
41
38
|
|
|
39
|
+
- name: Import Code Signing Certificate
|
|
40
|
+
env:
|
|
41
|
+
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
|
|
42
|
+
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
|
|
43
|
+
run: |
|
|
44
|
+
# Create temporary keychain
|
|
45
|
+
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
|
46
|
+
KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
|
|
47
|
+
|
|
48
|
+
# Decode certificate and import to keychain
|
|
49
|
+
echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
|
|
50
|
+
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
|
51
|
+
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
|
|
52
|
+
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
|
53
|
+
security import certificate.p12 -k "$KEYCHAIN_PATH" -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
|
|
54
|
+
security list-keychain -d user -s "$KEYCHAIN_PATH"
|
|
55
|
+
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
|
56
|
+
|
|
57
|
+
# Clean up certificate file
|
|
58
|
+
rm certificate.p12
|
|
59
|
+
|
|
60
|
+
- name: Code Sign Binary
|
|
61
|
+
env:
|
|
62
|
+
DEVELOPER_ID: ${{ secrets.MACOS_DEVELOPER_ID }}
|
|
63
|
+
run: |
|
|
64
|
+
FILE=$(ls bin)
|
|
65
|
+
echo "Code signing: $FILE"
|
|
66
|
+
codesign --force --options runtime --sign "$DEVELOPER_ID" --timestamp "bin/$FILE"
|
|
67
|
+
codesign --verify --verbose "bin/$FILE"
|
|
68
|
+
|
|
69
|
+
- name: Notarize Binary (Optional)
|
|
70
|
+
env:
|
|
71
|
+
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
72
|
+
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
|
|
73
|
+
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
|
|
74
|
+
run: |
|
|
75
|
+
FILE=$(ls bin)
|
|
76
|
+
|
|
77
|
+
# Create a zip for notarization
|
|
78
|
+
ditto -c -k --keepParent "bin/$FILE" "bin/$FILE.zip"
|
|
79
|
+
|
|
80
|
+
# Submit for notarization
|
|
81
|
+
xcrun notarytool submit "bin/$FILE.zip" \
|
|
82
|
+
--apple-id "$APPLE_ID" \
|
|
83
|
+
--password "$APPLE_APP_SPECIFIC_PASSWORD" \
|
|
84
|
+
--team-id "$APPLE_TEAM_ID" \
|
|
85
|
+
--wait
|
|
86
|
+
|
|
87
|
+
# Remove zip file
|
|
88
|
+
rm "bin/$FILE.zip"
|
|
89
|
+
|
|
90
|
+
echo "Notarization complete"
|
|
91
|
+
|
|
42
92
|
- name: Show bin directory
|
|
43
93
|
run: ls -R ./bin
|
|
44
94
|
|
|
@@ -59,6 +109,14 @@ jobs:
|
|
|
59
109
|
|
|
60
110
|
echo "Uploading $FILE to GitHub Release…"
|
|
61
111
|
gh release upload "$VERSION" "bin/$FILE" --clobber
|
|
112
|
+
|
|
113
|
+
- name: Cleanup Keychain
|
|
114
|
+
if: always()
|
|
115
|
+
run: |
|
|
116
|
+
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
|
117
|
+
if [ -f "$KEYCHAIN_PATH" ]; then
|
|
118
|
+
security delete-keychain "$KEYCHAIN_PATH"
|
|
119
|
+
fi
|
|
62
120
|
|
|
63
121
|
Windows:
|
|
64
122
|
name: Build on ${{ matrix.name }} and upload
|