diff options
| author | Jakob Borg <jakob@kastelo.net> | 2023-04-28 10:49:20 +0200 |
|---|---|---|
| committer | Jakob Borg <jakob@kastelo.net> | 2023-04-28 13:03:25 +0200 |
| commit | 63503e0c98cd20baf66890faaf0d83c7a3a0ea5b (patch) | |
| tree | 1501fe8d52940a38b4be27c35cd879a3273690d8 | |
| parent | 947dd0db0938d8350f567b8ab0bbf3d0aa22f2a7 (diff) | |
| download | syncthing-63503e0c98cd20baf66890faaf0d83c7a3a0ea5b.tar.gz syncthing-63503e0c98cd20baf66890faaf0d83c7a3a0ea5b.zip | |
build: Notarize mac builds
| -rw-r--r-- | .github/workflows/build-syncthing.yaml | 43 |
1 files changed, 36 insertions, 7 deletions
diff --git a/.github/workflows/build-syncthing.yaml b/.github/workflows/build-syncthing.yaml index b2a287d6e..32745c5da 100644 --- a/.github/workflows/build-syncthing.yaml +++ b/.github/workflows/build-syncthing.yaml @@ -98,7 +98,7 @@ jobs: package-windows: name: Package for Windows - if: github.event_name == 'push' && github.ref == 'refs/heads/release' + if: github.event_name == 'push' && (github.ref == 'refs/heads/release' || startsWith(github.ref, 'refs/heads/release-')) environment: signing needs: - build-test @@ -148,7 +148,7 @@ jobs: - name: Archive artifacts uses: actions/upload-artifact@v3 with: - name: packages + name: packages-windows path: syncthing-windows-*.zip # @@ -188,7 +188,7 @@ jobs: - name: Archive artifacts uses: actions/upload-artifact@v3 with: - name: packages + name: packages-linux path: syncthing-linux-*.tar.gz # @@ -197,7 +197,7 @@ jobs: package-macos: name: Package for macOS - if: github.event_name == 'push' && github.ref == 'refs/heads/release' + if: github.event_name == 'push' && (github.ref == 'refs/heads/release' || startsWith(github.ref, 'refs/heads/release-')) environment: signing needs: - build-test @@ -282,9 +282,38 @@ jobs: - name: Archive artifacts uses: actions/upload-artifact@v3 with: - name: packages + name: packages-macos path: syncthing-*.zip + notarize-macos: + name: Notarize for macOS + if: github.event_name == 'push' && (github.ref == 'refs/heads/release' || startsWith(github.ref, 'refs/heads/release-')) + environment: signing + needs: + - package-macos + runs-on: macos-latest + steps: + - name: Download artifacts + uses: actions/download-artifact@v3 + with: + name: packages-macos + + - name: Notarize binaries + run: | + APPSTORECONNECT_API_KEY_PATH="$RUNNER_TEMP/apikey.p8" + echo "$APPSTORECONNECT_API_KEY" | base64 -d -o "$APPSTORECONNECT_API_KEY_PATH" + for file in syncthing-macos-*.zip ; do + xcrun notarytool submit \ + -k "$APPSTORECONNECT_API_KEY_PATH" \ + -d "$APPSTORECONNECT_API_KEY_ID" \ + -i "$APPSTORECONNECT_API_KEY_ISSUER" \ + $file + done + env: + APPSTORECONNECT_API_KEY: ${{ secrets.APPSTORECONNECT_API_KEY }} + APPSTORECONNECT_API_KEY_ID: ${{ secrets.APPSTORECONNECT_API_KEY_ID }} + APPSTORECONNECT_API_KEY_ISSUER: ${{ secrets.APPSTORECONNECT_API_KEY_ISSUER }} + # # Cross compile other unixes # @@ -338,7 +367,7 @@ jobs: - name: Archive artifacts uses: actions/upload-artifact@v3 with: - name: packages + name: packages-other path: syncthing-*.tar.gz # @@ -378,5 +407,5 @@ jobs: - name: Archive artifacts uses: actions/upload-artifact@v3 with: - name: packages + name: packages-source path: syncthing-source-*.tar.gz |