fix: testing codesign on macos #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: App Builder | |
on: | |
push: | |
branches: | |
- release | |
workflow_dispatch: | |
jobs: | |
release: | |
permissions: | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [macos-latest] | |
# platform: [macos-latest, ubuntu-latest, windows-latest] | |
include: | |
# - os: ubuntu-latest | |
# rust_target: x86_64-unknown-linux-gnu | |
- os: macos-latest | |
rust_target: x86_64-apple-darwin | |
args: --target x86_64-apple-darwin | |
- os: macos-latest | |
rust_target: aarch64-apple-darwin | |
args: --target aarch64-apple-darwin | |
- os: windows-latest | |
rust_target: x86_64-pc-windows-msvc | |
runs-on: ${{ matrix.platform }} | |
defaults: | |
run: | |
working-directory: ./app | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Node.js setup | |
uses: actions/setup-node@v4 | |
# NOTE: enterprise developers may hard code a version | |
with: | |
node-version: 18.20.4 | |
# node-version-file: '.nvmrc' | |
- name: install Rust stable | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds. | |
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }} | |
- name: Install dependencies (ubuntu only) | |
if: matrix.platform == 'ubuntu-latest' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf | |
- name: Install app dependencies | |
# NOTE: include yarn build if frontend has build script | |
run: npm install ci | |
- name: Setup certificate | |
if: matrix.platform == 'macos-latest' | |
run: | | |
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12 | |
security create-keychain -p "" build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p "" build.keychain | |
security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign -A | |
security find-identity | |
security set-key-partition-list -S 'apple-tool:,apple:,codesign:' -s -k "" build.keychain | |
env: | |
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} | |
- name: Build the app | |
uses: tauri-apps/tauri-action@v0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }} | |
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }} | |
with: | |
# tauri-action replaces \_\_VERSION\_\_ with the app version | |
tagName: app-v__VERSION__ | |
releaseName: Scribe v__VERSION__ | |
releaseBody: | | |
See the assets to download this version and install. | |
releaseDraft: true | |
prerelease: false | |
updaterJsonPreferNsis: true | |
- name: Verify signature | |
if: matrix.platform == 'macos-latest' | |
run: | | |
codesign -v -vvvv /Users/runner/work/noteapp/noteapp/app/src-tauri/target/release/bundle/macos/scribe.app |