Skip to content

Commit

Permalink
fix: add code_sign
Browse files Browse the repository at this point in the history
  • Loading branch information
@rhinoc
rhinoc committed Feb 10, 2024
1 parent 464daf5 commit 426d400
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 6 deletions.
8 changes: 8 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,12 @@ env:
NIUTRANS_SK: ${{ secrets.NIUTRANS_SK }}
VOLCENGINE_AK: ${{ secrets.VOLCENGINE_AK }}
VOLCENGINE_SK: ${{ secrets.VOLCENGINE_SK }}

# secrets
SPARKLE_ED_PRIVATE_KEY: ${{ secrets.SPARKLE_ED_PRIVATE_KEY }}
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}

jobs:
build:
Expand All @@ -41,6 +46,9 @@ jobs:
- name: Update version
id: update_version
run: echo "VERSION=$(scripts/update_version.sh)" >> $GITHUB_OUTPUT
- name: Code Sign
id: code_sign
run: scripts/code_sign.sh
- name: Release
id: release
run: VERSION=${{steps.update_version.outputs.VERSION}} scripts/release.sh
Expand Down
14 changes: 8 additions & 6 deletions liltr.xcodeproj/project.pbxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -476,8 +476,8 @@
CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
CLANG_WARN_UNREACHABLE_CODE = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
CODE_SIGN_IDENTITY = "-";
CODE_SIGN_STYLE = Manual;
CODE_SIGN_IDENTITY = "Apple Development";
CODE_SIGN_STYLE = Automatic;
COPY_PHASE_STRIP = NO;
DEAD_CODE_STRIPPING = YES;
DEBUG_INFORMATION_FORMAT = dwarf;
Expand Down Expand Up @@ -542,8 +542,8 @@
CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE;
CLANG_WARN_UNREACHABLE_CODE = YES;
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
CODE_SIGN_IDENTITY = "-";
CODE_SIGN_STYLE = Manual;
CODE_SIGN_IDENTITY = "Apple Development";
CODE_SIGN_STYLE = Automatic;
COPY_PHASE_STRIP = NO;
DEAD_CODE_STRIPPING = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
Expand Down Expand Up @@ -572,7 +572,8 @@
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "-";
CODE_SIGN_IDENTITY = "Apple Development";
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
CODE_SIGN_STYLE = Automatic;
COMBINE_HIDPI_IMAGES = YES;
CURRENT_PROJECT_VERSION = 0.0.4;
Expand Down Expand Up @@ -604,7 +605,8 @@
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "-";
CODE_SIGN_IDENTITY = "Apple Development";
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
CODE_SIGN_STYLE = Automatic;
COMBINE_HIDPI_IMAGES = YES;
CURRENT_PROJECT_VERSION = 0.0.4;
Expand Down
15 changes: 15 additions & 0 deletions scripts/code_sign.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

# import certificate profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH

# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
3 changes: 3 additions & 0 deletions scripts/reset_secret.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,6 @@ EMPTY_STRING=""
/usr/libexec/PlistBuddy -c "Set :VolcengineSK $EMPTY_STRING" "$INFO_PLIST_PATH"
/usr/libexec/PlistBuddy -c "Set :NiuTransSK $EMPTY_STRING" "$INFO_PLIST_PATH"
/usr/libexec/PlistBuddy -c "Set :BigHugeThesaurusSK $EMPTY_STRING" "$INFO_PLIST_PATH"

# clean up
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db

0 comments on commit 426d400

Please sign in to comment.