From dfc67f64da330f8cf2464b3bea3a72a4f2375894 Mon Sep 17 00:00:00 2001 From: ann0see <20726856+ann0see@users.noreply.github.com> Date: Mon, 19 Aug 2024 11:30:01 +0200 Subject: [PATCH 1/2] Add changable bundle id and docs for macOS signing --- .github/workflows/autobuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index 14fd1cf87e..0bbe47f6de 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -411,7 +411,7 @@ jobs: uses: lando/notarize-action@4f5869b09386e8336802159031e4189e0919ae20 with: product-path: deploy/${{ steps.get-artifacts.outputs.artifact_1 }} - primary-bundle-id: io.jamulus.Jamulus + primary-bundle-id: ${{ vars.MAC_BUNDLE_ID }} # Bundle ID for notarization. Set MAC_BUNDLE_ID as repository variable, not secret appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }} appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }} appstore-connect-team-id: ${{ secrets.NOTARIZATION_TEAM_ID }} From be8f12c5893a9077fb798fcc595c59286ad907ad Mon Sep 17 00:00:00 2001 From: ann0see <20726856+ann0see@users.noreply.github.com> Date: Mon, 19 Aug 2024 11:30:41 +0200 Subject: [PATCH 2/2] Add comments for macOS signing setup --- .github/workflows/autobuild.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index 0bbe47f6de..bb0e2bc187 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -365,13 +365,13 @@ jobs: run: ${{ matrix.config.base_command }} build env: JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} - MACOS_CERTIFICATE: ${{ secrets.MACOS_CERT}} - MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERT_PWD }} - MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERT_ID }} - MAC_STORE_APP_CERT: ${{ secrets.MACAPP_CERT}} + MACOS_CERTIFICATE: ${{ secrets.MACOS_CERT }} # Base64 encoded (Developer ID Application (?)) certificate. See https://help.apple.com/xcode/mac/current/#/dev154b28f09 + MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERT_PWD }} # Password protecting MACOS_CERTIFICATE + MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERT_ID }} # Certificate ID of MACOS_CERTIFICATE. If unknown, import MACOS_CERT into keychain and check the ID there + MAC_STORE_APP_CERT: ${{ secrets.MACAPP_CERT }} MAC_STORE_APP_CERT_PWD: ${{ secrets.MACAPP_CERT_PWD }} MAC_STORE_APP_CERT_ID: ${{ secrets.MACAPP_CERT_ID }} - MAC_STORE_INST_CERT: ${{ secrets.MACAPP_INST_CERT}} + MAC_STORE_INST_CERT: ${{ secrets.MACAPP_INST_CERT }} MAC_STORE_INST_CERT_PWD: ${{ secrets.MACAPP_INST_CERT_PWD }} MAC_STORE_INST_CERT_ID: ${{ secrets.MACAPP_INST_CERT_ID }} NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} @@ -412,9 +412,9 @@ jobs: with: product-path: deploy/${{ steps.get-artifacts.outputs.artifact_1 }} primary-bundle-id: ${{ vars.MAC_BUNDLE_ID }} # Bundle ID for notarization. Set MAC_BUNDLE_ID as repository variable, not secret - appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }} - appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }} - appstore-connect-team-id: ${{ secrets.NOTARIZATION_TEAM_ID }} + appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }} # Apple ID for notarization + appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }} # App specific password for Apple ID + appstore-connect-team-id: ${{ secrets.NOTARIZATION_TEAM_ID }} # Team ID from App Store Connect - name: Staple macOS Release Build if: >- @@ -448,7 +448,7 @@ jobs: NOTARIZATION_USERNAME: ${{ secrets.NOTARIZATION_USERNAME }} NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} JAMULUS_BUILD_VERSION: ${{ needs.create_release.outputs.build_version }} - APPLE_TEAM_ID: XXXXXXXXXXX + APPLE_TEAM_ID: ${{ secrets.NOTARIZATION_TEAM_ID }} - name: Perform CodeQL Analysis if: matrix.config.run_codeql