diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 214f6df1c..21ad1bd62 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -53,26 +53,6 @@ jobs: submodules: recursive fetch-depth: 0 - - name: Install Signing Certificates - env: - MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }} - MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} - MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} - MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }} - run: | - # Turn our base64-encoded certificate back to a regular .p12 file - echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 - - # We need to create a new keychain, otherwise using the certificate will prompt - # with a UI dialog asking for the certificate password, which we can't - # use in a headless CI environment - security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain - security set-keychain-settings -lut 21600 build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain - security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain - # Install Nix and use that to run our tests so our environment matches exactly. - uses: cachix/install-nix-action@v19 with: @@ -86,8 +66,12 @@ jobs: # The native app is built with native XCode tooling. This also does # codesigning. IMPORTANT: this must NOT run in a Nix environment. # Nix breaks xcodebuild so this has to be run outside. - - name: Build Ghostty.app - run: cd macos && xcodebuild + - uses: mxcl/xcodebuild@v1 + with: + code-sign-certificate: ${{ secrets.PROD_MACOS_CERTIFICATE }} + code-sign-certificate-passphrase: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }} + working-directory: macos + action: build test: strategy: