anirudh/simpliplay-desktop
1
0
Fork 0
mirror of https://github.com/A-Star100/simpliplay-desktop.git synced 2025-09-17 22:29:38 +00:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

Update build-macos.yml

Browse Source
This commit is contained in:
Anirudh Sevugan 2025-08-07 20:36:27 -05:00 committed by GitHub
parent 3c5ebd4ec4
commit 1b4d4598e1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
.github/workflows/build-macos.yml vendored
View File

@ -23,60 +23,7 @@ jobs:
run: npm install run: npm install
working-directory: simpliplay working-directory: simpliplay
- name: Create and unlock temporary keychain - name: Build macOS app (Ad-hoc signing)
run: |
KEYCHAIN_PASSWORD=""
# Create a new, temporary keychain with a blank password
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
# Set the new keychain as the default for the session
security list-keychains -s build.keychain
# Unlock the keychain to make it accessible
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
# Set the keychain timeout to a high value so it doesn't lock during the build
security set-keychain-settings -t 3600 build.keychain
- name: Check for certificate secret
env:
CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }}
run: |
if [ -z "$CERT_PEM" ]; then
echo "Certificate secret (MAC_CERTIFICATE_PEM) is missing. Skipping code signing."
exit 1
else
echo "Certificate secret found. Proceeding with code signing."
fi
- name: Write and import certificate
env:
CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }}
run: |
# Write the plain text PEM secret directly to a file
echo "$CERT_PEM" > cert.pem
# Directly import the PEM file into the temporary keychain
# The -P flag specifies a blank password for the PEM file itself.
security import cert.pem -k build.keychain -P '' -T /usr/bin/codesign
- name: Add certificate trust
run: |
KEYCHAIN_PASSWORD=""
# This is the crucial step to establish trust for electron-builder.
# Tell the keychain to trust the certificate for the purpose of code signing.
security set-key-partition-list \
-S apple-tool: \
-k "$KEYCHAIN_PASSWORD" \
build.keychain
- name: Verify identity
run: |
# Verify that the identity is now trusted
security find-identity -v -p codesigning build.keychain
- name: Build macOS app
env:
CSC_IDENTITY_AUTO_DISCOVERY: true
CSC_KEYCHAIN: build.keychain
CSC_NAME: "Anirudh Sevugan"
run: npx electron-builder --mac --x64 --arm64 --universal run: npx electron-builder --mac --x64 --arm64 --universal
working-directory: simpliplay working-directory: simpliplay
@ -85,8 +32,3 @@ jobs:
with: with:
name: builds name: builds
path: simpliplay/dist/*.dmg path: simpliplay/dist/*.dmg
- name: Delete temporary keychain
if: always()
run: |
security delete-keychain build.keychain