Perform code signing with Apple-issued certificate on CI

This commit is contained in:
Nathan Sobo 2021-09-10 22:07:20 -06:00
parent 3d4a451c15
commit 0710d66092
2 changed files with 17 additions and 1 deletions

View file

@ -38,6 +38,9 @@ jobs:
bundle:
name: Bundle app
runs-on: self-hosted
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
steps:
- name: Install Rust x86_64-apple-darwin target
uses: actions-rs/toolchain@v1

View file

@ -17,7 +17,20 @@ cargo build --release --target aarch64-apple-darwin
lipo -create target/x86_64-apple-darwin/release/Zed target/aarch64-apple-darwin/release/Zed -output target/x86_64-apple-darwin/release/bundle/osx/Zed.app/Contents/MacOS/zed
# Sign the app bundle with an ad-hoc signature so it runs on the M1. We need a real certificate but this works for now.
codesign --force --deep -s - target/x86_64-apple-darwin/release/bundle/osx/Zed.app
if [[ -z $MACOS_CERTIFICATE || -z $MACOS_CERTIFICATE_PASSWORD ]]; then
echo "Missing MACOS_CERTIFICATE and MACOS_CERTIFICATE_PASSWORD environment variables performing ad-hoc signature"
codesign --force --deep -s - target/x86_64-apple-darwin/release/bundle/osx/Zed.app -v
else
echo "Signing bundle with Apple-issued certificate"
security create-keychain -p $MACOS_CERTIFICATE_PASSWORD zed.keychain || echo ""
security unlock-keychain -p $MACOS_CERTIFICATE_PASSWORD zed.keychain
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CERTIFICATE_PASSWORD zed.keychain
echo $MACOS_CERTIFICATE | base64 --decode > /tmp/zed-certificate.p12
security import /tmp/zed-certificate.p12 -k zed.keychain -P $MACOS_CERTIFICATE_PASSWORD -T /usr/bin/codesign
rm /tmp/zed-certificate.p12
security default-keychain -s zed.keychain
/usr/bin/codesign --force -s "Zed Industries, Inc." target/x86_64-apple-darwin/release/bundle/osx/Zed.app -v
fi
# Create a DMG
mkdir -p target/release