Build and Notarize macOS Installer #33

Workflow file for this run

.github/workflows/host-agent-macos.yaml at 4425b18

	name: Build and Notarize macOS Installer

	on:
	workflow_dispatch:
	inputs:
	release_version:
	description: 'Release number for MW Agent for macOS'
	required: true
	push:
	paths-ignore:
	- '.github/**'
	tags:
	- '[0-9]+.[0-9]+.[0-9]+'

	jobs:
	build:
	strategy:
	matrix:
	include:
	- arch: arm64
	image: macos-latest
	- arch: amd64
	image: macos-latest-large
	max-parallel: 1
	runs-on: ${{ matrix.image }}
	steps:
	- name: Checkout Repo
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.GHCR_TOKEN }}
	ssh-key: ${{ secrets.CHECK_AGENT_ACCESS }}
	submodules: 'recursive'

	- name: Set up Git credentials
	run: \|
	git config --global url."https://${{ secrets.GHCR_TOKEN }}:@github.com/".insteadOf "https://github.com/"
	env:
	GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }}

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: '^1.23.1' # The Go version to download (if necessary) and use.

	- name: Setting Release Number
	run: \|
	if [ -n "${{ github.event.inputs.release_version }}" ]; then
	echo "RELEASE_VERSION=${{ github.event.inputs.release_version }}" >> $GITHUB_ENV
	else
	echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
	fi

	- name: Set up signing certificates
	run: \|
	echo "$APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE" \| base64 --decode > signing_certificate_application.p12
	echo "$APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE" \| base64 --decode > signing_certificate_installer.p12
	security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_NAME
	security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_NAME
	security import signing_certificate_application.p12 -k $KEYCHAIN_NAME -P "$APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
	security import signing_certificate_installer.p12 -k $KEYCHAIN_NAME -P "$APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD" -T /usr/bin/productbuild
	security list-keychains -s $KEYCHAIN_NAME
	security set-keychain-settings -t 3600 -u $KEYCHAIN_NAME
	security set-key-partition-list -S apple-tool:,apple: -s -k "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_NAME
	env:
	APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_CERTIFICATE_BASE64 }}
	APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_INSTALLER_CERTIFICATE_BASE64 }}
	APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }}
	APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
	KEYCHAIN_NAME: "build.keychain"

	- name: Build and notarize installer
	run: \|
	CGO_ENABLED=1 GOPRIVATE=github.com/middleware-labs GOOS=darwin GOARCH=${{ matrix.arch }} go build -ldflags="-s -w -X main.agentVersion=${RELEASE_VERSION}" -v -a -o build/mw-host-agent cmd/host-agent/main.go
	bash package-tooling/darwin/create_installer.sh ${{ env.RELEASE_VERSION }}
	env:
	APPLE_DEVELOPER_ID_APPLICATION: "Developer ID Application: Middleware Labs Inc (AV4NQ68UX8)"
	APPLE_DEVELOPER_ID_INSTALLER: "Developer ID Installer: Middleware Labs Inc (AV4NQ68UX8)"
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
	APPLE_DEVELOPER_TEAM_ID: ${{ secrets.APPLE_DEVELOPER_TEAM_ID }}
	KEYCHAIN_PROFILE: "Middleware MacOS Agent"
	KEYCHAIN_NAME: "build.keychain"
	RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
	ARCH: ${{ matrix.arch }}

	- name: Upload installer package
	uses: actions/upload-artifact@v4
	with:
	name: mw-macos-agent-setup-${{ matrix.arch }}.pkg
	path: build/mw-macos-agent-setup-${{ matrix.arch }}.pkg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and Notarize macOS Installer #33

Workflow file

Build and Notarize macOS Installer #33

Jobs

Run details

Workflow file for this run