Add signing to Github Action Workflow (#912)

This commit is contained in:
Manu 2021-03-03 20:59:10 +08:00 committed by GitHub
parent af2d6a9e73
commit 7dc6f83b92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 8 deletions

View File

@ -30,11 +30,12 @@ jobs:
- name: Install build dependencies
run: |
brew install --cask sparkle
pip install -r dev.txt
brew install create-dmg
pip3 install -r dev.txt
working-directory: requirements.d
- name: Install Vorta
run: |
pip install .
pip3 install .
- name: Package with PyInstaller
run: |
pyinstaller --clean --noconfirm package/vorta.spec
@ -42,9 +43,34 @@ jobs:
curl -LJO https://github.com/borgbackup/borg/releases/download/${{ github.event.inputs.borg_version }}/borg-macosx64.tgz
tar xvf borg-macosx64.tgz -C dist/Vorta.app/Contents/Resources/
cd dist && zip -rq --symlinks Vorta.zip Vorta.app
- name: Codesign executable
continue-on-error: false
working-directory: dist
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }}
APPLE_ID_USER: ${{ secrets.APPLE_ID_USER }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p 123 build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p 123 build.keychain
security import certificate.p12 -k build.keychain -A -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k 123 build.keychain
python3 ../package/fix_app_qt_folder_names_for_codesign.py Vorta.app
sh ../package/macos-package-app.sh
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
# if: ${{ failure() }}
# timeout-minutes: 15
- name: Upload build
uses: actions/upload-artifact@v2
with:
name: Vorta macOS
path: dist/Vorta.zip
name: Vorta.dmg
path: dist/Vorta.dmg
retention-days: 10

View File

@ -49,7 +49,7 @@ jobs:
pip install -r requirements.d/dev.txt
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v1
# uses: mxschmitt/action-tmate@v3
- name: Test with pytest (Linux)
if: runner.os == 'Linux'

View File

@ -44,8 +44,7 @@ RESULT=$(xcrun altool --notarize-app --type osx \
--username $APPLE_ID_USER --password $APPLE_ID_PASSWORD \
--file "$APP_BUNDLE.dmg" --output-format xml)
REQUEST_UUID=$(echo "$RESULT" | xpath -q -e \
"//key[normalize-space(text()) = 'RequestUUID']/following-sibling::string[1]/text()" 2> /dev/null)
REQUEST_UUID=$(echo "$RESULT" | xpath5.18 "//key[normalize-space(text()) = 'RequestUUID']/following-sibling::string[1]/text()" 2> /dev/null)
# Poll for notarization status
echo "Submitted notarization request $REQUEST_UUID, waiting for response..."
@ -56,7 +55,7 @@ do
--username "$APPLE_ID_USER" \
--password "$APPLE_ID_PASSWORD" \
--output-format xml)
STATUS=$(echo "$RESULT" | xpath -q -e "//key[normalize-space(text()) = 'Status']/following-sibling::string[1]/text()" 2> /dev/null)
STATUS=$(echo "$RESULT" | xpath5.18 "//key[normalize-space(text()) = 'Status']/following-sibling::string[1]/text()" 2> /dev/null)
if [ "$STATUS" = "success" ]; then
echo "Notarization of $APP_BUNDLE succeeded!"

View File

@ -1,5 +1,6 @@
coverage
flake8
macholib
pyinstaller
pylint
pytest