Applied-Software/ghostty
5
0
Fork 0
mirror of https://github.com/ghostty-org/ghostty.git synced 2025-08-02 14:57:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

sign release bundle

Browse Source
This commit is contained in:
Mitchell Hashimoto
2022-11-21 10:16:36 -08:00
parent 12e9b7cda0
commit cd7a126015
1 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
.github/workflows/release-tip.yml vendored
View File

@ -51,9 +51,57 @@ jobs:
# Ensure the app is universal # Ensure the app is universal
cp zig-out/bin/ghostty-universal zig-out/Ghostty.app/Contents/MacOS/ghostty cp zig-out/bin/ghostty-universal zig-out/Ghostty.app/Contents/MacOS/ghostty
# Upload the App bundle so we can sign it later on macOS
- name: Store App Bundle Artifact
uses: actions/upload-artifact@v3
with:
name: app-bundle
path: zig-out/
retention-days: 5
sign-and-release:
runs-on: macos-12.0
needs: build-macos
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- uses: actions/download-artifact@v3
with:
name: app-bundle
- name: Display structure of downloaded files
run: ls -R
- name: Codesign app bundle
# Extract the secrets we defined earlier as environment variables
env:
MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
run: |
# Turn our base64-encoded certificate back to a regular .p12 file
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
# We need to create a new keychain, otherwise using the certificate will prompt
# with a UI dialog asking for the certificate password, which we can't
# use in a headless CI environment
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
# We finally codesign our app bundle, specifying the Hardened runtime option
/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime zig-out/Ghostty.app -v
# Zip up the app # Zip up the app
- name: Zip App - name: Zip App
run: nix develop -c sh -c 'cd zig-out && zip -9 -r ../ghostty-macos-universal.zip Ghostty.app' run: cd zig-out && zip -9 -r ../ghostty-macos-universal.zip Ghostty.app
# Update Release # Update Release
- name: Release - name: Release
@ -72,3 +120,5 @@ jobs:
tag: "tip" tag: "tip"
message: "Latest Continuous Release" message: "Latest Continuous Release"
force_push_tag: true force_push_tag: true