mirror of
https://github.com/A-Star100/simpliplay-desktop.git
synced 2025-09-17 22:29:38 +00:00
93 lines
2.9 KiB
YAML
93 lines
2.9 KiB
YAML
name: Build macOS
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: macos-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 22
|
|
|
|
- name: Install dependencies
|
|
run: npm install
|
|
working-directory: simpliplay
|
|
|
|
- name: Create and unlock temporary keychain
|
|
run: |
|
|
KEYCHAIN_PASSWORD=""
|
|
# Create a new, temporary keychain with a blank password
|
|
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
|
|
# Set the new keychain as the default for the session
|
|
security list-keychains -s build.keychain
|
|
# Unlock the keychain to make it accessible
|
|
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
|
|
# Set the keychain timeout to a high value so it doesn't lock during the build
|
|
security set-keychain-settings -t 3600 build.keychain
|
|
|
|
- name: Check for certificate secret
|
|
env:
|
|
CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }}
|
|
run: |
|
|
if [ -z "$CERT_PEM" ]; then
|
|
echo "Certificate secret (MAC_CERTIFICATE_PEM) is missing. Skipping code signing."
|
|
exit 1
|
|
else
|
|
echo "Certificate secret found. Proceeding with code signing."
|
|
fi
|
|
|
|
- name: Write and import certificate
|
|
env:
|
|
CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }}
|
|
run: |
|
|
# Write the plain text PEM secret directly to a file
|
|
echo "$CERT_PEM" > cert.pem
|
|
|
|
# Directly import the PEM file into the temporary keychain
|
|
# The -P flag specifies a blank password for the PEM file itself.
|
|
security import cert.pem -k build.keychain -P '' -T /usr/bin/codesign
|
|
|
|
- name: Add certificate trust
|
|
run: |
|
|
KEYCHAIN_PASSWORD=""
|
|
# This is the crucial step to establish trust for electron-builder.
|
|
# Tell the keychain to trust the certificate for the purpose of code signing.
|
|
security set-key-partition-list \
|
|
-S apple-tool: \
|
|
-k "$KEYCHAIN_PASSWORD" \
|
|
build.keychain
|
|
|
|
- name: Verify identity
|
|
run: |
|
|
# Verify that the identity is now trusted
|
|
security find-identity -v -p codesigning build.keychain
|
|
|
|
- name: Build macOS app
|
|
env:
|
|
CSC_IDENTITY_AUTO_DISCOVERY: true
|
|
CSC_KEYCHAIN: build.keychain
|
|
CSC_NAME: "Anirudh Sevugan"
|
|
run: npx electron-builder --mac --x64 --arm64 --universal
|
|
working-directory: simpliplay
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: builds
|
|
path: simpliplay/dist/*.dmg
|
|
|
|
- name: Delete temporary keychain
|
|
if: always()
|
|
run: |
|
|
security delete-keychain build.keychain
|