Skip to content

Commit

Permalink
Enhance macOS build workflow with code signing verification and submi…
Browse files Browse the repository at this point in the history 
…ssion to Apple Notary Service
  • Loading branch information
@trheyi
trheyi committed Dec 3, 2024
1 parent a420e71 commit 03d98d9
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions .github/workflows/build-macos.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ jobs:
with:
repository: yaoapp/v8go
path: v8go

- name: Unzip libv8
run: |
files=$(find ./v8go -name "libv8*.zip")
Expand Down Expand Up @@ -149,8 +149,22 @@ jobs:
- name: Sign Artifacts
run: |
codesign --deep --force --verify --verbose --sign "${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-arm64
codesign --deep --force --verify --verbose --sign "${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-amd64
codesign --deep --force --verbose --timestamp --options runtime --sign "Developer ID Application: ${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-arm64
codesign --deep --force --verbose --timestamp --options runtime --sign "Developer ID Application: ${{ secrets.APPLE_SIGN }}" dist/release/yao-$VERSION-unstable-darwin-amd64
- name: Verify Signature
run: |
codesign --verify --deep --strict --verbose=2 dist/release/yao-$VERSION-unstable-darwin-arm64
codesign --verify --deep --strict --verbose=2 dist/release/yao-$VERSION-unstable-darwin-amd64
- name: Send to Apple Notary Service
run: |
zip -r dist/release/yao-$VERSION-unstable-darwin-arm64.zip dist/release/yao-$VERSION-unstable-darwin-arm64
zip -r dist/release/yao-$VERSION-unstable-darwin-amd64.zip dist/release/yao-$VERSION-unstable-darwin-amd64
xcrun notarytool submit dist/release/yao-$VERSION-unstable-darwin-arm64.zip --apple-id "${{ secrets.APPLE_ID }}" --team-id "${{ secrets.APPLE_TEAME_ID }}" --password "${{ secrets.APPLE_PRIVATE_KEY_PASSWORD }}" --output-format json
xcrun notarytool submit dist/release/yao-$VERSION-unstable-darwin-amd64.zip --apple-id "${{ secrets.APPLE_ID }}" --team-id "${{ secrets.APPLE_TEAME_ID }}" --password "${{ secrets.APPLE_PRIVATE_KEY_PASSWORD }}" --output-format json
rm -f dist/release/yao-$VERSION-unstable-darwin-arm64.zip
rm -f dist/release/yao-$VERSION-unstable-darwin-amd64.zip
- name: Archive production artifacts
uses: actions/upload-artifact@v4
Expand Down

0 comments on commit 03d98d9

Please sign in to comment.