Skip to content

Commit 5c79a2f

Browse files
crisdosaygocrisdosaygo
committed
Release: notarize standalone macOS CLI zip artifact
1 parent a076c03 commit 5c79a2f

1 file changed

Lines changed: 15 additions & 2 deletions

File tree

.github/workflows/release.yml

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -237,6 +237,9 @@ jobs:
237237
codesign --force --timestamp --identifier "$MACOS_BUNDLE_ID" \
238238
--options runtime --sign "$IDENTITY" "$BINARY"
239239
240+
# Package standalone CLI binary for direct download.
241+
ditto -c -k --sequesterRsrc --keepParent "$BINARY" "$DIST/fips-pad-macos-universal.zip"
242+
240243
# Create .app bundle
241244
APP_DIR="$DIST/FIPSPad.app/Contents"
242245
mkdir -p "$APP_DIR/MacOS" "$APP_DIR/Resources"
@@ -295,6 +298,14 @@ jobs:
295298
# Notarize
296299
if [ -n "${NOTARY_API_KEY_P8_B64:-}" ]; then
297300
echo "$NOTARY_API_KEY_P8_B64" | base64 --decode > "$RUNNER_TEMP/authkey.p8"
301+
302+
# Notarize standalone CLI binary distribution zip.
303+
xcrun notarytool submit "$DIST/fips-pad-macos-universal.zip" \
304+
--key "$RUNNER_TEMP/authkey.p8" \
305+
--key-id "$NOTARY_API_KEY_ID" \
306+
--issuer "$NOTARY_API_KEY_ISSUER" \
307+
--wait
308+
298309
xcrun notarytool submit "$DIST/fipspad_darwin_universal.pkg" \
299310
--key "$RUNNER_TEMP/authkey.p8" \
300311
--key-id "$NOTARY_API_KEY_ID" \
@@ -305,14 +316,15 @@ jobs:
305316
306317
# Checksums
307318
cp "$BINARY" "$DIST/fips-pad"
308-
(cd "$DIST" && shasum -a 256 "fips-pad" "fipspad_darwin_universal.pkg" > "SHA256SUMS_darwin_universal.txt")
319+
(cd "$DIST" && shasum -a 256 "fips-pad" "fips-pad-macos-universal.zip" "fipspad_darwin_universal.pkg" > "SHA256SUMS_darwin_universal.txt")
309320
310321
- name: Upload artifacts
311322
uses: actions/upload-artifact@v4
312323
with:
313324
name: macos-universal
314325
path: |
315326
dist/fips-pad
327+
dist/fips-pad-macos-universal.zip
316328
dist/fipspad_darwin_universal.pkg
317329
dist/SHA256SUMS_darwin_universal.txt
318330
@@ -457,7 +469,8 @@ jobs:
457469
458470
Attached artifacts:
459471
460-
- `fips-pad` — Raw macOS universal CLI binary (Developer ID signed when credentials are configured; ad-hoc signed otherwise).
472+
- `fips-pad` — Raw macOS universal CLI binary (signed).
473+
- `fips-pad-macos-universal.zip` — Standalone macOS binary package submitted to Apple notarization when credentials are configured.
461474
- `fipspad_darwin_universal.pkg` — macOS installer package (signed/notarized when credentials are configured).
462475
- `fipspad_linux_amd64` — Linux amd64 binary.
463476
- `fipspad_windows_amd64.exe` — Windows amd64 executable (signed when credentials are configured).

0 commit comments

Comments
 (0)