diff --git a/.github/workflows/nutika_test.yml b/.github/workflows/nutika_test.yml index d891d186..11b653c1 100644 --- a/.github/workflows/nutika_test.yml +++ b/.github/workflows/nutika_test.yml @@ -35,15 +35,7 @@ jobs: - name: Install dependencies run: pip install cycode nuitka - - name: Build executable - run: python -m nuitka --onefile --include-data-files=cycode/cli/config.yaml=cycode/cli/config.yaml --include-data-files=cycode/cyclient/config.yaml=cycode/cyclient/config.yaml --output-dir=dist cycode/cli/main.py - - - name: Test executable - run: | - cp dist/main.bin dist/cycode - time ./dist/cycode version - - - name: Sign macOS executable + - name: Import macOS cert if: runner.os == 'macOS' env: APPLE_CERT: ${{ secrets.APPLE_CERT }} @@ -65,8 +57,40 @@ jobs: security import $CERTIFICATE_PATH -P "$APPLE_CERT_PWD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH - # sign executable - codesign --deep --force --options=runtime --entitlements entitlements.plist --sign "$APPLE_CERT_NAME" --timestamp dist/cycode + - name: Build executable + env: + APPLE_CERT_NAME: ${{ secrets.APPLE_CERT_NAME }} + run: python -m nuitka --onefile --include-data-files=cycode/cli/config.yaml=cycode/cli/config.yaml --include-data-files=cycode/cyclient/config.yaml=cycode/cyclient/config.yaml --output-dir=out cycode/cli/main.py --macos-sign-identity "$APPLE_CERT_NAME" + + - name: Test executable + run: | + cp out/main.bin dist/cycode + time ./dist/cycode version + +# - name: Sign macOS executable +# if: runner.os == 'macOS' +# env: +# APPLE_CERT: ${{ secrets.APPLE_CERT }} +# APPLE_CERT_PWD: ${{ secrets.APPLE_CERT_PWD }} +# APPLE_CERT_NAME: ${{ secrets.APPLE_CERT_NAME }} +# APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} +# run: | +# # import certificate +# CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 +# echo -n "$APPLE_CERT" | base64 --decode -o $CERTIFICATE_PATH +# +# # create temporary keychain +# KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db +# security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH +# security set-keychain-settings -lut 21600 $KEYCHAIN_PATH +# security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH +# +# # import certificate to keychain +# security import $CERTIFICATE_PATH -P "$APPLE_CERT_PWD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH +# security list-keychain -d user -s $KEYCHAIN_PATH +# +# # sign executable +# codesign --deep --force --options=runtime --entitlements entitlements.plist --sign "$APPLE_CERT_NAME" --timestamp dist/cycode - name: Notarize macOS executable if: runner.os == 'macOS'