anirudh/simpliplay-desktop
1
0
Fork 0
mirror of https://github.com/A-Star100/simpliplay-desktop.git synced 2025-09-17 22:29:38 +00:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

Update build-macos.yml

Browse Source
This commit is contained in:
Anirudh Sevugan 2025-08-07 20:22:23 -05:00 committed by GitHub
parent 9cc9fb95eb
commit 765832a307
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
.github/workflows/build-macos.yml vendored
View File

@ -23,42 +23,51 @@ jobs:
run: npm install run: npm install
working-directory: simpliplay working-directory: simpliplay
- name: Create a temporary keychain - name: Create and unlock temporary keychain
run: | run: |
KEYCHAIN_PASSWORD="" # The password for the temporary keychain KEYCHAIN_PASSWORD=""
# Create a new, temporary keychain with a blank password
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security list-keychains -s build.keychain login.keychain-db # Set the new keychain as the default for the session
security list-keychains -s build.keychain
# Unlock the keychain to make it accessible
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
# Set the keychain timeout to a high value so it doesn't lock during the build
security set-keychain-settings -t 3600 build.keychain
- name: Check PEM secret presence - name: Check for certificate secret
env: env:
CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }} CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }}
run: | run: |
if [ -z "$CERT_PEM" ]; then if [ -z "$CERT_PEM" ]; then
echo "PEM secret is empty or missing!" echo "Certificate secret (MAC_CERTIFICATE_PEM) is missing. Skipping code signing."
exit 1
else else
echo "PEM is set" echo "Certificate secret found. Proceeding with code signing."
fi fi
- name: Write and import certificate - name: Write and import certificate
env: env:
CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }} CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }}
KEYCHAIN_PASSWORD: ""
run: | run: |
# Create a temporary P12 file from the Base64-encoded PEM # Write the plain text PEM secret directly to a file
echo "$CERT_PEM" | base64 --decode > cert.p12 echo "$CERT_PEM" > cert.pem
# Import the P12 file into the keychain. The -P flag is for the P12 password. # Use openssl to convert the PEM file to a PKCS12 (.p12) file
security import cert.p12 -k build.keychain -P "" -T /usr/bin/codesign openssl pkcs12 -export -in cert.pem -out certificate.p12 -nokeys -password pass:
# Import the certificate into the temporary keychain
security import certificate.p12 -k build.keychain -P "" -T /usr/bin/codesign
# Trust the certificate for code signing # Trust the certificate for code signing
security set-key-partition-list \ security set-key-partition-list \
-S apple-tool: \ -S apple-tool: \
-k "$KEYCHAIN_PASSWORD" \ -k "$KEYCHAIN_PASSWORD" \
build.keychain build.keychain
- name: Build macOS # Verify that the identity is now trusted
security find-identity -v -p codesigning build.keychain
- name: Build macOS app
env: env:
CSC_IDENTITY_AUTO_DISCOVERY: true CSC_IDENTITY_AUTO_DISCOVERY: true
CSC_KEYCHAIN: build.keychain CSC_KEYCHAIN: build.keychain