ci: add release and notarize process #7
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
n8maninger
force-pushed
the
ci-add-release
branch
from
fc81d4d to
85e99b8
Compare
n8maninger
force-pushed
the
ci-add-release
branch
from
85e99b8 to
1aaf451
Compare
|
ok, I've added the API secrets. Will add the dev certs soon |
|
added the other secrets. Not sure I followed all the steps correctly...is there an easy way we can test it? What guide did you get this info from? |
We'll have to merge it to run it. Once it's merged we can trigger the workflow manually. |
|
looks like the build failed because the .p8 path in |
|
Yeah, that line should be |
|
I pushed the fix directly to master |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a release step to the build process with notarization for the Apple releases.
notarize.shsigns and notarizes the binaries. The binary will run when started from Terminal, but double-clicking on it will prompt the user with a different message "the identity of the developer cannot be verified." I couldn't find anything recent, but this looks like an Apple issue with how Gatekeeper works in Finder. It's possible using admgpackage instead ofzipwould help. We might want to do some more research on this.We need to add a couple of secrets to the repo, I don't have access to the Apple developer account or GitHub secrets, so @lukechampine will probably need to generate and add them.
Apple API
secrets.APPLE_API_KEY: the ten character ID of the API key to use, we can generate API keys on https://appstoreconnect.apple.com/access/api.secrets.APPLE_API_ISSUER: the issuer ID at the top of the API key page+
secrets.APPLE_KEY_B64: the base64 encoded API key. Download the key when creating it, thenbase64 -i ~/AuthKey_12345678.p8Apple Developer Certificate:
secrets.APPLE_CERT_ID: the fingerprint of the "Developer ID Application" cert. It can be found by runningsecurity find-identity -v. We should generate a unique cert for CI signing.secrets.APPLE_CERT_B64: the base64 encoded certificate to use for signing, export the certificate from XCode, then runbase64 -i ~/dev-cert.pemsecrets.APPLE_CERT_PASSWORD: the password used when exporting the certificate from XCodesecrets.APPLE_KEYCHAIN_PASSWORD: a random password used to unlock the CI keychain.