Skip to content

fix: testing codesign on macos #35

fix: testing codesign on macos

fix: testing codesign on macos #35

Workflow file for this run

name: App Builder
on:
push:
branches:
- release
workflow_dispatch:
jobs:
release:
permissions:
contents: write
strategy:
fail-fast: false
matrix:
platform: [macos-latest]
# platform: [macos-latest, ubuntu-latest, windows-latest]
include:
# - os: ubuntu-latest
# rust_target: x86_64-unknown-linux-gnu
- os: macos-latest
rust_target: x86_64-apple-darwin
args: --target x86_64-apple-darwin
- os: macos-latest
rust_target: aarch64-apple-darwin
args: --target aarch64-apple-darwin
- os: windows-latest
rust_target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.platform }}
defaults:
run:
working-directory: ./app
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Node.js setup
uses: actions/setup-node@v4
# NOTE: enterprise developers may hard code a version
with:
node-version: 18.20.4
# node-version-file: '.nvmrc'
- name: install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
# Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
- name: Install dependencies (ubuntu only)
if: matrix.platform == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev webkit2gtk-4.0 libappindicator3-dev librsvg2-dev patchelf
- name: Install app dependencies
# NOTE: include yarn build if frontend has build script
run: npm install ci
- name: Setup certificate
if: matrix.platform == 'macos-latest'
run: |
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
security create-keychain -p "" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "" build.keychain
security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign -A
security find-identity
security set-key-partition-list -S 'apple-tool:,apple:,codesign:' -s -k "" build.keychain
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
- name: Build the app
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAURI_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY }}
TAURI_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
with:
# tauri-action replaces \_\_VERSION\_\_ with the app version
tagName: app-v__VERSION__
releaseName: Scribe v__VERSION__
releaseBody: |
See the assets to download this version and install.
releaseDraft: true
prerelease: false
updaterJsonPreferNsis: true
- name: Verify signature
if: matrix.platform == 'macos-latest'
run: |
codesign -v -vvvv /Users/runner/work/noteapp/noteapp/app/src-tauri/target/release/bundle/macos/scribe.app