ci: added env vars & config for codesigning on macOS

Dhruv7201 · Jan 26, 2022 · 52ab095 · 52ab095
1 parent 86df54a
commit 52ab095
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -134,9 +134,12 @@ jobs:
     - name: Package dmg
       if: startsWith(runner.os, 'macOS')
       run: |
-        source venv/bin/activate
+        # Load certificates
+        # TODO: Only load key & sign if env vars for signing exists
         ./scripts/ci/import-macos-p12.sh
-        make dist/ActivityWatch.dmg
+        # Build .app and .dmg
+        source venv/bin/activate
+        make dist/ActivityWatch.dmg   # this also codesigns
         # Run prechecks
         brew install akeru-inc/tap/xcnotary
         xcnotary precheck dist/ActivityWatch.app
@@ -149,6 +152,8 @@ jobs:
         APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
         APPLE_PERSONALID: ${{ secrets.APPLE_TEAMID }} # APPLE_PERSONAL_ID == APPLE_TEAM_ID for personal accounts
         APPLE_TEAMID: ${{ secrets.APPLE_TEAMID }}
+        CERTIFICATE_MACOS_P12_BASE64: ${{ secrets.CERTIFICATE_MACOS_P12_BASE64 }}
+        CERTIFICATE_MACOS_P12_PASSWORD: ${{ secrets.CERTIFICATE_MACOS_P12_PASSWORD }}
 
     - name: Upload packages
       uses: actions/upload-artifact@v2-preview

diff --git a/Makefile b/Makefile
@@ -138,7 +138,8 @@ dist/ActivityWatch.app: aw-qt/media/logo/logo.icns
 dist/ActivityWatch.dmg: dist/ActivityWatch.app
 	pip install dmgbuild
 	dmgbuild -s scripts/package/dmgbuild-settings.py -D app=dist/ActivityWatch.app "ActivityWatch" dist/ActivityWatch.dmg
-	codesign --verbose -s ${APPLE_PERSONALID} dist/ActivityWatch.dmg
+	# TODO: Uncomment when keys are detected in CI
+	#codesign --verbose -s ${APPLE_PERSONALID} dist/ActivityWatch.dmg
 
 dist/notarize:
 	./scripts/notarize.sh

diff --git a/scripts/ci/import-macos-p12.sh b/scripts/ci/import-macos-p12.sh
@@ -4,7 +4,7 @@ export KEY_CHAIN=build.keychain
 export CERTIFICATE_P12=aw_certificate.p12
 
 # Recreate the certificate from the secure environment variable
-echo $CERTIFICATE_OSX_P12 | base64 --decode > $CERTIFICATE_P12
+echo $CERTIFICATE_MACOS_P12_BASE64 | base64 --decode > $CERTIFICATE_P12
 
 #create a keychain
 security -v create-keychain -p travis $KEY_CHAIN
@@ -13,7 +13,7 @@ security -v default-keychain -s $KEY_CHAIN
 # Unlock the keychain
 security -v unlock-keychain -p travis $KEY_CHAIN
 
-security -v import $CERTIFICATE_P12 -k $KEY_CHAIN -P $CERTIFICATE_PASSWORD -A
+security -v import $CERTIFICATE_P12 -k $KEY_CHAIN -P $CERTIFICATE_MACOS_P12_PASSWORD -A
 security -v set-key-partition-list -S apple-tool:,apple: -s -k travis $KEY_CHAIN
 
 # remove certs