ilikecats/stk-code_catmod
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Notarize macOS release build

Browse Source
This commit is contained in:
Benau 2022-09-23 21:44:09 +08:00
parent dd9808fd05
commit 3b5a1d6c74
1 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/apple.yml vendored
View File

@ -131,8 +131,19 @@ jobs:
echo "${{ env.release_pre }}"
- name: Download binaries
uses: actions/download-artifact@v2
- name: Run dylibbundler and archive
- name: Mask developer name
run: |
echo "::add-mask::${{ secrets.MAC_DEVELOPER_NAME }}"
- name: Import certificates
if: ${{ env.release_tag != '' }}
uses: apple-actions/import-codesign-certs@v1
with:
p12-file-base64: ${{ secrets.MAC_DEVELOPER_ID_P12_FILE }}
p12-password: ${{ secrets.MAC_DEVELOPER_ID_P12_PASSWORD }}
- name: Run dylibbundler and sign STK
if: ${{ env.release_tag != '' }}
env:
developer_id: "Developer ID Application: ${{ secrets.MAC_DEVELOPER_NAME }} (${{ secrets.MAC_DEVELOPER_TEAM }})"
run: |
wget https://github.com/supertuxkart/dependencies/releases/download/preview/dependencies-macosx.tar.xz
tar xf dependencies-macosx.tar.xz
@ -148,10 +159,20 @@ jobs:
rm stk-assets-full.zip
cd ../../../../..
mv ./macosx-arm64/supertuxkart.app SuperTuxKart.app
# Use Ad Hoc certificate for now, use Apple developer certificate after STK is on App Store later
codesign --force -s - SuperTuxKart.app/Contents/libs/*.dylib
codesign --force --deep -s - SuperTuxKart.app
zip -r SuperTuxKart-${{ env.release_tag }}-mac.zip SuperTuxKart.app
codesign --force --sign "$developer_id" SuperTuxKart.app/Contents/libs/*.dylib
codesign --force --options=runtime --deep --sign "$developer_id" SuperTuxKart.app
- name: "Notarize release build"
if: ${{ env.release_tag != '' && github.ref != 'refs/heads/master' }}
run: |
ditto -c -k --sequesterRsrc --keepParent SuperTuxKart.app tmp.zip
xcrun notarytool submit tmp.zip --apple-id ${{ secrets.STK_NOTARIZATION_USERNAME }} \
--password ${{ secrets.STK_NOTARIZATION_PASSWORD }} \
--team-id ${{ secrets.MAC_DEVELOPER_TEAM }} --wait
xcrun stapler staple SuperTuxKart.app
- name: Archive
if: ${{ env.release_tag != '' }}
run: |
ditto -c -k --sequesterRsrc --keepParent SuperTuxKart.app SuperTuxKart-${{ env.release_tag }}-mac.zip
- name: Create release
if: ${{ env.release_tag != '' }}
uses: ncipollo/release-action@v1.8.8