Skip to content

Commit

Permalink
moved the signing to tauri build
Browse files Browse the repository at this point in the history
  • Loading branch information
Petr Gadorek committed Jan 23, 2025
1 parent 1e3a195 commit fee3d07
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 39 deletions.
91 changes: 54 additions & 37 deletions .github/workflows/build_tauri.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,40 @@ jobs:
- name: install frontend dependencies
run: yarn install # change this to npm, pnpm or bun depending on which one you use.

- uses: apple-actions/import-codesign-certs@v3
if: startsWith(matrix.platform, 'macos')
with:
p12-file-base64: ${{ secrets.MACOS_CERTIFICATE }}
p12-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
keychain: build

- uses: apple-actions/import-codesign-certs@v3
if: startsWith(matrix.platform, 'macos')
with:
p12-file-base64: ${{ secrets.MACOS_CERTIFICATE }}
p12-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
keychain: codesigning

- name: build with signing and notarization (macos only)
if: startsWith(matrix.platform, 'macos')
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
APPLE_ID: ${{ secrets.NOTARIZATION_USERNAME }}
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
APPLE_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
APPLE_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
run: |
echo "Create notary keychain"
security default-keychain -s build.keychain
security unlock-keychain -p "" build.keychain
yarn tauri build
- name: build app
if: ${{ ! startsWith(matrix.platform, 'macos') }}
run: |
yarn tauri build
Expand Down Expand Up @@ -134,50 +167,34 @@ jobs:
run: |
chmod +x ./src-tauri/target/release/bundle/macos/eim.app
- name: Codesign macOS eim executables
if: startsWith(matrix.platform, 'macos')
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
/usr/bin/security create-keychain -p espressif build.keychain
/usr/bin/security default-keychain -s build.keychain
/usr/bin/security unlock-keychain -p espressif build.keychain
/usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
/usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain
/usr/bin/codesign --entitlements eim.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" ./src-tauri/target/release/bundle/macos/eim.app -v
/usr/bin/codesign -v -vvv --deep ./src-tauri/target/release/bundle/macos/eim.app
- name: Zip eim executable for notarization
if: startsWith(matrix.platform, 'macos')
run: |
chmod +x ./src-tauri/target/release/bundle/macos/eim.app
cd ./src-tauri/target/release/bundle/macos/
zip -r eim.zip eim.app
- name: Notarization of macOS eim executables
if: startsWith(matrix.platform, 'macos')
env:
NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
run: |
echo "Create notary keychain"
/usr/bin/security create-keychain -p espressif notary.keychain
/usr/bin/security default-keychain -s notary.keychain
/usr/bin/security unlock-keychain -p espressif notary.keychain
echo "Create keychain profile"
xcrun notarytool store-credentials "eim-notarytool-profile" --apple-id $NOTARIZATION_USERNAME --team-id $NOTARIZATION_TEAM_ID --password $NOTARIZATION_PASSWORD
xcrun notarytool submit ./src-tauri/target/release/bundle/macos/eim.zip --keychain-profile "eim-notarytool-profile" --wait
echo "Unzipping the executable"
unzip -o ./src-tauri/target/release/bundle/macos/eim.zip -d ./src-tauri/target/release/bundle/macos/
# echo "Attach staple for eim executable"
# xcrun stapler staple ./src-tauri/target/release/bundle/macos/eim.app
# - name: Notarization of macOS eim executables
# if: startsWith(matrix.platform, 'macos')
# env:
# NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }}
# NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }}
# NOTARIZATION_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }}
# run: |
# echo "Create notary keychain"
# /usr/bin/security create-keychain -p espressif notary.keychain
# /usr/bin/security default-keychain -s notary.keychain
# /usr/bin/security unlock-keychain -p espressif notary.keychain

# echo "Create keychain profile"
# xcrun notarytool store-credentials "eim-notarytool-profile" --apple-id $NOTARIZATION_USERNAME --team-id $NOTARIZATION_TEAM_ID --password $NOTARIZATION_PASSWORD
# xcrun notarytool submit ./src-tauri/target/release/bundle/macos/eim.zip --keychain-profile "eim-notarytool-profile" --wait

# echo "Unzipping the executable"
# unzip -o ./src-tauri/target/release/bundle/macos/eim.zip -d ./src-tauri/target/release/bundle/macos/

# # echo "Attach staple for eim executable"
# # xcrun stapler staple ./src-tauri/target/release/bundle/macos/eim.app

- name: Upload app MacOs binary
uses: actions/upload-artifact@v4
Expand Down
4 changes: 2 additions & 2 deletions src-tauri/tauri.conf.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@
"entitlements": "../eim.entitlement",
"exceptionDomain": "",
"frameworks": [],
"providerShortName": null,
"signingIdentity": null
"providerShortName": "QWXF6GB4AV",
"signingIdentity": "Developer ID Application: ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)"
}
}
}

0 comments on commit fee3d07

Please sign in to comment.