@@ -118,11 +118,85 @@ jobs:
118118 -DENABLE_INSTALL_BDEPS=ON
119119 cmake --build cmake-build-frontend-sdl2 --parallel
120120
121+ name : Import Code Signing Certificates
122+ env :
123+ MACOS_CERTIFICATE_APPLICATION : ${{ secrets.MACOS_CERTIFICATE_APPLICATION }}
124+ MACOS_CERTIFICATE_INSTALLER : ${{ secrets.MACOS_CERTIFICATE_INSTALLER }}
125+ MACOS_CERTIFICATE_PASSWORD : ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
126+ run : |
127+ echo "$MACOS_CERTIFICATE_APPLICATION" | base64 --decode > app_cert.p12
128+ echo "$MACOS_CERTIFICATE_INSTALLER" | base64 --decode > installer_cert.p12
129+
130+ KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
131+ security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
132+ security default-keychain -s build.keychain
133+ security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
134+
135+ security import app_cert.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
136+ security import installer_cert.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/productsign
137+
138+ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
139+
140+ rm app_cert.p12 installer_cert.p12
141+
142+ name : Sign Application Bundle
143+ run : |
144+ APP_PATH="cmake-build-frontend-sdl2/projectM.app"
145+ IDENTITY="Developer ID Application: Mischa Spiegelmock (5926VBQM6Y)"
146+
147+ find "$APP_PATH/Contents/PlugIns" -name "*.dylib" -exec \
148+ codesign --force --options runtime --sign "$IDENTITY" {} \;
149+
150+ codesign --force --options runtime --sign "$IDENTITY" \
151+ "$APP_PATH/Contents/MacOS/projectMSDL"
152+
153+ codesign --force --options runtime --sign "$IDENTITY" "$APP_PATH"
154+
155+ codesign --verify --deep --strict "$APP_PATH"
156+
157+ name : Notarize Application
158+ env :
159+ API_KEY : ${{ secrets.MACOS_NOTARY_API_KEY }}
160+ API_KEY_ID : ${{ secrets.MACOS_NOTARY_KEY_ID }}
161+ API_ISSUER_ID : ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
162+ run : |
163+ mkdir -p ~/.private_keys
164+ echo "$API_KEY" > ~/.private_keys/AuthKey_${API_KEY_ID}.p8
165+
166+ ditto -c -k --keepParent \
167+ "cmake-build-frontend-sdl2/projectM.app" \
168+ "projectM-notarize.zip"
169+
170+ xcrun notarytool submit "projectM-notarize.zip" \
171+ --key ~/.private_keys/AuthKey_${API_KEY_ID}.p8 \
172+ --key-id "$API_KEY_ID" \
173+ --issuer "$API_ISSUER_ID" \
174+ --wait
175+
176+ xcrun stapler staple "cmake-build-frontend-sdl2/projectM.app"
177+
121178name : Package projectMSDL
179+ env :
180+ CODESIGN_IDENTITY_INSTALLER : " Developer ID Installer: Mischa Spiegelmock (5926VBQM6Y)"
122181 run : |
123182 cd cmake-build-frontend-sdl2
124183 cpack -G productbuild
125184
185+ name : Notarize Package
186+ env :
187+ API_KEY_ID : ${{ secrets.MACOS_NOTARY_KEY_ID }}
188+ API_ISSUER_ID : ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
189+ run : |
190+ PKG_FILE=$(ls cmake-build-frontend-sdl2/*.pkg | head -1)
191+
192+ xcrun notarytool submit "$PKG_FILE" \
193+ --key ~/.private_keys/AuthKey_${API_KEY_ID}.p8 \
194+ --key-id "$API_KEY_ID" \
195+ --issuer "$API_ISSUER_ID" \
196+ --wait
197+
198+ xcrun stapler staple "$PKG_FILE"
199+
126200name : Upload Artifact
127201 uses : actions/upload-artifact@v4
128202 with :
0 commit comments