added another signing step after building a signed application

oss-slu · Dec 6, 2024 · da53f9f · da53f9f
1 parent 991ac9a
commit da53f9f
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 5 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -103,6 +103,28 @@ jobs:
               exit 1
           fi
 
+      - name: Codesign executable (again)
+        env:
+          MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
+          MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+        run: |
+          security create-keychain -p actions build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p actions build.keychain
+          security set-keychain-settings -lut 3600 build.keychain
+          echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
+          security import certificate.p12 \
+               -k build.keychain \
+               -P "$MACOS_CERTIFICATE_PWD" \
+               -T /usr/bin/codesign
+          security set-key-partition-list \
+               -S apple-tool:,apple: \
+               -s -k actions build.keychain
+          codesign --force --deep \
+               --sign "Developer ID Application: Ekaterina Holdener (V4Q7X7HV6L)" \
+               --options=runtime --timestamp \
+               ServerCode/dist/BubbleScan-MacOS.app/Contents/MacOS/BubbleScan-macOS
+ 
       - name: notarize the app
         env:
            PASSWORD: ${{ secrets.BUBBLE_SCAN_APPLE_PASSWORD }}

diff --git a/BubbleScanMac.sh b/BubbleScanMac.sh
@@ -29,23 +29,23 @@ pip uninstall -y pathlib 2>/dev/null || echo "pathlib was not reinstalled."
 
 echo "Building macOS binary..."
 
-CODESIGN=''
+CODESIGN=""
 # Check if running in GitHub workflow
-#if [[ -n "$GITHUB_ACTIONS" ]]; then
+if [[ -n "$GITHUB_ACTIONS" ]]; then
     # Running in GitHub workflow
     security create-keychain -p actions build.keychain
     security default-keychain -s build.keychain
     security unlock-keychain -p actions build.keychain
     security set-keychain-settings -lut 3600 build.keychain
 
     echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
-        security import certificate.p12 \
+    security import certificate.p12 \
           -k build.keychain \
           -P "$MACOS_CERTIFICATE_PWD" \
           -T /usr/bin/codesign
 
-    CODESIGN=--codesign-identity "Developer ID Application: Ekaterina Holdener (V4Q7X7HV6L)"
-#fi
+    CODESIGN="--codesign-identity 'Developer ID Application: Ekaterina Holdener (V4Q7X7HV6L)'"
+fi
 
 pyinstaller --onefile $(CODESIGN) --windowed --name BubbleScan-macOS --add-data "application/static:static" --add-data "application/logging.conf:." --add-data "BubbleScan_AI:BubbleScan_AI" --hidden-import=cv2 --hidden-import=flask --hidden-import=werkzeug --hidden-import=fitz application/AppServer.py