sign mac app
This commit is contained in:
SoftFever
parent
25f2dd6ebb
commit
3570b93d65
3 changed files with 73 additions and 3 deletions
35
.github/workflows/build_mac_arm64.yml
vendored
35
.github/workflows/build_mac_arm64.yml
vendored
|
|
@ -50,6 +50,41 @@ jobs:
|
|||
working-directory: ${{ github.workspace }}
|
||||
run: ./build_release_macos.sh -s -n -a arm64
|
||||
|
||||
- name: Sign app
|
||||
working-directory: ${{ github.workspace }}
|
||||
env:
|
||||
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
|
||||
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
|
||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||
CERTIFICATE_ID: ${{ secrets.MACOS_CERTIFICATE_ID }}
|
||||
run: |
|
||||
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
|
||||
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
||||
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
|
||||
security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
|
||||
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
|
||||
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
|
||||
security import $CERTIFICATE_PATH -P $P12_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
||||
security list-keychain -d user -s $KEYCHAIN_PATH
|
||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $P12_PASSWORD $KEYCHAIN_PATH
|
||||
codesign --deep --force --verbose --sign "$CERTIFICATE_ID" ${{ github.workspace }}/build_arm64/OrcaSlicer_arm64/OrcaSlicer.app
|
||||
|
||||
- name: pack app
|
||||
working-directory: ${{ github.workspace }}
|
||||
run: |
|
||||
export ver=$(grep '^#define SoftFever_VERSION' ./src/libslic3r/libslic3r_version.h | cut -d ' ' -f3)
|
||||
ver="_V${ver//\"}"
|
||||
zip -FSr OrcaSlicer${ver}_nightly_Mac_AppleSilicon.zip ${{ github.workspace }}/build_arm64/OrcaSlicer_arm64/OrcaSlicer.app
|
||||
|
||||
# (wip: staple failed, error 65)
|
||||
# - name: Notarize the app
|
||||
# run: |
|
||||
# xcrun notarytool store-credentials "notarytool-profile" --apple-id "${{ secrets.APPLE_DEV_ACCOUNT }}" --team-id "${{ secrets.TEAM_ID }}" --password "${{ secrets.APP_PWD }}"
|
||||
# ditto -c -k --keepParent "OrcaSlicer.app" "OrcaSlicer.zip"
|
||||
# xcrun notarytool submit "OrcaSlicer.zip" --keychain-profile "notarytool-profile" --wait
|
||||
# xcrun stapler staple OrcaSlicer.app
|
||||
# zip -FSrq OrcaSlicer_Mac_notarized.zip OrcaSlicer.app
|
||||
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
|
|
|
|||
35
.github/workflows/build_mac_x64.yml
vendored
35
.github/workflows/build_mac_x64.yml
vendored
|
|
@ -51,6 +51,41 @@ jobs:
|
|||
working-directory: ${{ github.workspace }}
|
||||
run: ./build_release_macos.sh -s -n -a x86_64
|
||||
|
||||
- name: Sign app
|
||||
working-directory: ${{ github.workspace }}
|
||||
env:
|
||||
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
|
||||
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
|
||||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
||||
CERTIFICATE_ID: ${{ secrets.MACOS_CERTIFICATE_ID }}
|
||||
run: |
|
||||
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
|
||||
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
||||
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
|
||||
security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
|
||||
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
|
||||
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_PATH
|
||||
security import $CERTIFICATE_PATH -P $P12_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
||||
security list-keychain -d user -s $KEYCHAIN_PATH
|
||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $P12_PASSWORD $KEYCHAIN_PATH
|
||||
codesign --deep --force --verbose --sign "$CERTIFICATE_ID" ${{ github.workspace }}/build_x86_64/OrcaSlicer_x86_64/OrcaSlicer.app
|
||||
|
||||
- name: pack app
|
||||
working-directory: ${{ github.workspace }}
|
||||
run: |
|
||||
export ver=$(grep '^#define SoftFever_VERSION' ./src/libslic3r/libslic3r_version.h | cut -d ' ' -f3)
|
||||
ver="_V${ver//\"}"
|
||||
zip -FSr OrcaSlicer${ver}_nightly_Mac_Intel.zip ${{ github.workspace }}/build_x86_64/OrcaSlicer_x86_64/OrcaSlicer.app
|
||||
|
||||
# (wip: staple failed, error 65)
|
||||
# - name: Notarize the app
|
||||
# run: |
|
||||
# xcrun notarytool store-credentials "notarytool-profile" --apple-id "${{ secrets.APPLE_DEV_ACCOUNT }}" --team-id "${{ secrets.TEAM_ID }}" --password "${{ secrets.APP_PWD }}"
|
||||
# ditto -c -k --keepParent "OrcaSlicer.app" "OrcaSlicer.zip"
|
||||
# xcrun notarytool submit "OrcaSlicer.zip" --keychain-profile "notarytool-profile" --wait
|
||||
# xcrun stapler staple OrcaSlicer.app
|
||||
# zip -FSrq OrcaSlicer_Mac_notarized.zip OrcaSlicer.app
|
||||
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
|
|
|
|||
|
|
@ -88,12 +88,12 @@ cp -R $resources_path ./OrcaSlicer.app/Contents/Resources
|
|||
# delete .DS_Store file
|
||||
find ./OrcaSlicer.app/ -name '.DS_Store' -delete
|
||||
# extract version
|
||||
export ver="_dev"
|
||||
export ver=$(grep '^#define SoftFever_VERSION' ../src/libslic3r/libslic3r_version.h | cut -d ' ' -f3)
|
||||
ver="_V${ver//\"}"
|
||||
echo $PWD
|
||||
if [ "1." != "$NIGHTLY_BUILD". ];
|
||||
then
|
||||
ver=$(grep '^#define SoftFever_VERSION' ../src/libslic3r/libslic3r_version.h | cut -d ' ' -f3)
|
||||
ver="_V${ver//\"}"
|
||||
ver=${ver}_dev
|
||||
fi
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue