ci(macos): skip codesigning if required secrets not set (#757)

ActivityWatch · Jul 7, 2022 · f5e1580 · f5e1580
1 parent 539e282
commit f5e1580
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 11 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -147,21 +147,29 @@ jobs:
       if: startsWith(runner.os, 'macOS')
       run: |
         # Load certificates
-        # TODO: Only load key & sign if env vars for signing exists
-        ./scripts/ci/import-macos-p12.sh
+        # Only load key & sign if env vars for signing exists
+        if [ -n "$APPLE_EMAIL" ]; then
+          ./scripts/ci/import-macos-p12.sh
+        fi
 
         # Build .app and .dmg
         source venv/bin/activate
         make dist/ActivityWatch.dmg
-        codesign --verbose -s ${APPLE_PERSONALID} dist/ActivityWatch.dmg
 
-        # Run prechecks
-        brew install akeru-inc/tap/xcnotary
-        xcnotary precheck dist/ActivityWatch.app
-        xcnotary precheck dist/ActivityWatch.dmg
+        # codesign dmg
+        if [ -n "$APPLE_EMAIL" ]; then
+          codesign --verbose -s ${APPLE_PERSONALID} dist/ActivityWatch.dmg
+        fi
+
+        if [ -n "$APPLE_EMAIL" ]; then
+          # Run prechecks
+          brew install akeru-inc/tap/xcnotary
+          xcnotary precheck dist/ActivityWatch.app
+          xcnotary precheck dist/ActivityWatch.dmg
 
-        # Notarize
-        make dist/notarize
+          # Notarize
+          make dist/notarize
+        fi
         mv dist/ActivityWatch.dmg dist/activitywatch-$(scripts/package/getversion.sh)-macos-x86_64.dmg
       env:
         APPLE_EMAIL: ${{ secrets.APPLE_EMAIL }}

diff --git a/aw.spec b/aw.spec
@@ -18,8 +18,8 @@ current_release = subprocess.run(
 print("bundling activitywatch version " + current_release)
 
 entitlements_file = Path(".") / "scripts" / "package" / "entitlements.plist"
-codesign_identity = os.environ.get("APPLE_PERSONALID")
-if codesign_identity is None:
+codesign_identity = os.environ.get("APPLE_PERSONALID", "").strip()
+if not codesign_identity:
     print("Environment variable APPLE_PERSONALID not set. Releases won't be signed.")
 
 aw_core_path = Path(os.path.dirname(aw_core.__file__))

diff --git a/scripts/ci/import-macos-p12.sh b/scripts/ci/import-macos-p12.sh
@@ -1,4 +1,7 @@
 #!/bin/sh
+
+set -e
+
 # Source: https://www.update.rocks/blog/osx-signing-with-travis/
 export KEY_CHAIN=build.keychain
 export CERTIFICATE_P12=aw_certificate.p12