mirror of https://github.com/OpenTTD/OpenTTD.git
Feature: Sign macOS builds
This commit is contained in:
parent
c6fd6cfd15
commit
60851ef1a6
|
@ -420,6 +420,16 @@ jobs:
|
||||||
- name: Install GCC problem matcher
|
- name: Install GCC problem matcher
|
||||||
uses: ammaraskar/gcc-problem-matcher@master
|
uses: ammaraskar/gcc-problem-matcher@master
|
||||||
|
|
||||||
|
- name: Import code signing certificates
|
||||||
|
uses: Apple-Actions/import-codesign-certs@v1
|
||||||
|
with:
|
||||||
|
# The certificates in a PKCS12 file encoded as a base64 string
|
||||||
|
p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
|
||||||
|
# The password used to import the PKCS12 file.
|
||||||
|
p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
|
||||||
|
# If this is run on a fork, there may not be a certificate set up - continue in this case
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
- name: Build
|
- name: Build
|
||||||
run: |
|
run: |
|
||||||
mkdir build
|
mkdir build
|
||||||
|
@ -432,6 +442,8 @@ jobs:
|
||||||
-DCMAKE_TOOLCHAIN_FILE=/tmp/vcpkg/scripts/buildsystems/vcpkg.cmake \
|
-DCMAKE_TOOLCHAIN_FILE=/tmp/vcpkg/scripts/buildsystems/vcpkg.cmake \
|
||||||
-DHOST_BINARY_DIR=${GITHUB_WORKSPACE}/build-host \
|
-DHOST_BINARY_DIR=${GITHUB_WORKSPACE}/build-host \
|
||||||
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
|
-DCMAKE_BUILD_TYPE=RelWithDebInfo \
|
||||||
|
-DCPACK_BUNDLE_APPLE_CERT_APP=${{ secrets.APPLE_DEVELOPER_CERTIFICATE_ID }} \
|
||||||
|
"-DCPACK_BUNDLE_APPLE_CODESIGN_PARAMETER=--deep -f --options runtime" \
|
||||||
# EOF
|
# EOF
|
||||||
echo "::endgroup::"
|
echo "::endgroup::"
|
||||||
|
|
||||||
|
@ -440,9 +452,21 @@ jobs:
|
||||||
make -j$(sysctl -n hw.logicalcpu) package
|
make -j$(sysctl -n hw.logicalcpu) package
|
||||||
echo "::endgroup::"
|
echo "::endgroup::"
|
||||||
|
|
||||||
# Remove the sha256 files CPack generates; we will do this ourself at
|
- name: Install gon
|
||||||
# the end of this workflow.
|
env:
|
||||||
rm -f bundles/*.sha256
|
HOMEBREW_NO_AUTO_UPDATE: 1
|
||||||
|
HOMEBREW_NO_INSTALL_CLEANUP: 1
|
||||||
|
run: |
|
||||||
|
brew tap mitchellh/gon
|
||||||
|
brew install mitchellh/gon/gon
|
||||||
|
|
||||||
|
- name: Notarize
|
||||||
|
env:
|
||||||
|
AC_USERNAME: ${{ secrets.APPLE_DEVELOPER_APP_USERNAME }}
|
||||||
|
AC_PASSWORD: ${{ secrets.APPLE_DEVELOPER_APP_PASSWORD }}
|
||||||
|
run: |
|
||||||
|
cd build
|
||||||
|
../os/macosx/notarize.sh
|
||||||
|
|
||||||
- name: Store bundles
|
- name: Store bundles
|
||||||
uses: actions/upload-artifact@v2
|
uses: actions/upload-artifact@v2
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
<key>CFBundleDisplayName</key>
|
<key>CFBundleDisplayName</key>
|
||||||
<string>${CPACK_BUNDLE_NAME}</string>
|
<string>${CPACK_BUNDLE_NAME}</string>
|
||||||
<key>CFBundleExecutable</key>
|
<key>CFBundleExecutable</key>
|
||||||
<string>${CPACK_BUNDLE_NAME}</string>
|
<string>openttd</string>
|
||||||
<key>CFBundleGetInfoString</key>
|
<key>CFBundleGetInfoString</key>
|
||||||
<string>#CPACK_PACKAGE_VERSION#, Copyright 2004-${CURRENT_YEAR} The OpenTTD team</string>
|
<string>#CPACK_PACKAGE_VERSION#, Copyright 2004-${CURRENT_YEAR} The OpenTTD team</string>
|
||||||
<key>CFBundleIconFile</key>
|
<key>CFBundleIconFile</key>
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# This script attempts to notarize the OpenTTD DMG generated by CPack.
|
||||||
|
# If you are building an unofficial branch of OpenTTD, please change the bundle
|
||||||
|
# ID in Info.plist and below.
|
||||||
|
#
|
||||||
|
# This uses `gon' to perform notarization:
|
||||||
|
#
|
||||||
|
# https://github.com/mitchellh/gon
|
||||||
|
#
|
||||||
|
# Follow the setup instructions on the gon site to install.
|
||||||
|
#
|
||||||
|
# Before executing this script, you must first configure CMake with at least the following
|
||||||
|
# parameters:
|
||||||
|
#
|
||||||
|
# -DCPACK_BUNDLE_APPLE_CERT_APP={certificate ID}
|
||||||
|
# "-DCPACK_BUNDLE_APPLE_CODESIGN_PARAMETER=--deep -f --options runtime"
|
||||||
|
#
|
||||||
|
# then run "make package" or "cpack".
|
||||||
|
#
|
||||||
|
# This will sign the application with your signing certificate, and will enable
|
||||||
|
# the hardened runtime.
|
||||||
|
#
|
||||||
|
# You also need to set your Apple Developer username and password (app-specific password
|
||||||
|
# is recommended) in the AC_USERNAME and AC_PASSWORD environment variables.
|
||||||
|
#
|
||||||
|
# Then, ensuring you're in your build directory and that the "bundles" directory
|
||||||
|
# exists with a .dmg in it (clear out any old DMGs first), run:
|
||||||
|
#
|
||||||
|
# ../os/macosx/notarize.sh
|
||||||
|
|
||||||
|
if [ -z "${AC_USERNAME}" ]; then
|
||||||
|
echo AC_USERNAME not set, skipping notarization.
|
||||||
|
exit 0
|
||||||
|
fi;
|
||||||
|
|
||||||
|
dmg_filename=(bundles/*.dmg)
|
||||||
|
|
||||||
|
if [ "${dmg_filename}" = "bundles/*.dmg" ]; then
|
||||||
|
echo "No .dmg found in the bundles directory, skipping notarization. Please read this"
|
||||||
|
echo "script's source for execution instructions."
|
||||||
|
exit 1
|
||||||
|
fi;
|
||||||
|
|
||||||
|
cat <<EOF > notarize.json
|
||||||
|
{
|
||||||
|
"notarize": [
|
||||||
|
{
|
||||||
|
"path": "${dmg_filename[0]}",
|
||||||
|
"bundle_id": "org.openttd.openttd",
|
||||||
|
"staple": true
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
gon notarize.json
|
Loading…
Reference in New Issue