aboutsummaryrefslogtreecommitdiff
path: root/.github
diff options
context:
space:
mode:
authorcsett86 <csett86@web.de>2021-11-04 22:29:34 +0100
committerGitHub <noreply@github.com>2021-11-04 22:29:34 +0100
commitae306f5c5df629ed6e2ff802b46237845d65bb35 (patch)
tree9fd79a41840237873d19e908b63e58f100937d4f /.github
parent6a60a6d8cd64a4247654576ec2d7e0d34e05c6dd (diff)
mac: Enable autoupdate by sign and notarize via github action (#581)
mac: Enable autoupdate by sign and notarize via github action Signed and notarized binaries are the precondition for autoupdates on mac. Additionally Gatekeeper on 10.15+ is happy and allows to open the app instead of blocking it. The notarize step is added unconditionally, as it only emits a warning if the notarization API key is not set, but it does not break the build. This is an upstreaming of https://github.com/csett86/jitsi-meet-electron where it worked since March 2020. On CI, only sign if not triggered by pull request, as these will fail (as secrets are not available to pull request builds). The required github secrets (signing key, cert and notarize API login, password and team id) are: Signing Open the Keychain Access app. Export all certificates (Developer ID Certificate) related to your app into a single file (e.g. certs.p12) and set a strong password. Base64-encode your certificates using the following command: base64 -i certs.p12 -o encoded.txt In the GitHub repository, go to Settings → Secrets and add the following two variables: mac_certs: Your base64 encoded certificates, i.e. the content of the encoded.txt file you created before mac_certs_password: The password you set when exporting the certificates Notarization Create an app-specific password for your apple id: https://support.apple.com/de-de/HT204397 In the GitHub repository, go to Settings → Secrets and add the following three variables: apple_id: your apple id apple_id_password: the just created app-specific password for your apple id team_id: your team short name: https://github.com/electron/electron-notarize#notes-on-your-team-short-name Co-authored-by: Saúl Ibarra Corretgé <s@saghul.net>
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/ci.yml8
1 files changed, 8 insertions, 0 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 025cf0f..6b8a5e0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -37,6 +37,14 @@ jobs:
- uses: actions/setup-node@v1
with:
node-version: '16.x'
+ - name: Prepare for app signing and notarization
+ if: ${{ github.event_name != 'pull_request' }}
+ run: |
+ echo "CSC_LINK=${{ secrets.mac_cert }}" >> $GITHUB_ENV
+ echo "CSC_KEY_PASSWORD=${{ secrets.mac_cert_password }}" >> $GITHUB_ENV
+ echo "APPLE_ID=${{ secrets.apple_id }}" >> $GITHUB_ENV
+ echo "APPLE_ID_PASSWORD=${{ secrets.apple_id_password }}" >> $GITHUB_ENV
+ echo "TEAM_ID=${{ secrets.team_id }}" >> $GITHUB_ENV
- name: Build it
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}