diff options
| author | Brendan Allan <[email protected]> | 2025-12-08 02:42:23 +0800 |
|---|---|---|
| committer | GitHub <[email protected]> | 2025-12-07 13:42:23 -0500 |
| commit | 1574e2457ba563164642efa6e2dc63aa1389d3f4 (patch) | |
| tree | cbeb856b370b40aec512367f54f84c40b5d2dd3e /.github | |
| parent | af33212f7719a377c1ca01b6331d0dbfeb95ba2d (diff) | |
| download | opencode-1574e2457ba563164642efa6e2dc63aa1389d3f4.tar.gz opencode-1574e2457ba563164642efa6e2dc63aa1389d3f4.zip | |
Desktop macOS codesigning and notarization (#5154)
Co-authored-by: GitHub Action <[email protected]>
Co-authored-by: Dax Raad <[email protected]>
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/publish.yml | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f55b2635d..36a36ffe2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -26,7 +26,7 @@ permissions: jobs: publish: runs-on: blacksmith-4vcpu-ubuntu-2404 - if: github.repository == 'sst/opencode' + if: github.repository == 'sst/opencode' && github.ref == 'refs/heads/dev' steps: - uses: actions/checkout@v3 with: @@ -99,6 +99,26 @@ jobs: with: fetch-depth: 0 + - uses: apple-actions/import-codesign-certs@v2 + if: ${{ runner.os == 'macOS' }} + with: + keychain: build + p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} + p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + + - name: Verify Certificate + if: ${{ runner.os == 'macOS' }} + run: | + CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") + CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') + echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV + echo "Certificate imported." + + - name: Setup Apple API Key + if: ${{ runner.os == 'macOS' }} + run: | + echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8 + - run: git fetch --force --tags - uses: ./.github/actions/setup-bun @@ -144,12 +164,17 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAURI_BUNDLER_NEW_APPIMAGE_FORMAT: true TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }} + TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }} + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} + APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} + APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} + APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8 with: projectPath: packages/tauri uploadWorkflowArtifacts: true tauriScript: ${{ (startsWith(matrix.settings.host, 'ubuntu') && 'cargo tauri') || '' }} args: --target ${{ matrix.settings.target }} updaterJsonPreferNsis: true - releaseDraft: true - tagName: ${{ inputs.version }} - releaseName: ${{ inputs.version }} + # releaseId: TODO |