Leahnaya/SceneSwitcher
1
0
Fork 0
mirror of https://github.com/WarmUpTill/SceneSwitcher.git synced 2026-03-21 17:34:57 -05:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
a4e26a7a51
SceneSwitcher/.github/actions/setup-macos-codesigning/action.yaml
WarmUpTill a4e26a7a51 Update github actions 
Based on obs-plugintemplate@68e9fcd
2024-02-17 10:03:04 +01:00

155 lines
6.4 KiB
YAML
Raw Blame History

name: Set up macOS codesigning
description: Sets up code signing certificates, provisioning profiles, and notarization information
inputs:
codesignIdentity:
description: Codesigning identity
required: true
installerIdentity:
description: Codesigning identity for package installer
required: false
codesignCertificate:
description: PKCS12 certificate in base64 format
required: true
certificatePassword:
description: Password required to install PKCS12 certificate
required: true
keychainPassword:
description: Password to use for temporary keychain
required: false
notarizationUser:
description: Apple ID to use for notarization
required: false
notarizationPassword:
description: Application password for notarization
provisioningProfile:
description: Provisioning profile in base64 format
required: false
outputs:
haveCodesignIdent:
description: True if necessary codesigning credentials were found
value: ${{ steps.codesign.outputs.haveCodesignIdent }}
haveProvisioningProfile:
description: True if necessary provisioning profile credentials were found
value: ${{ steps.provisioning.outputs.haveProvisioningProfile }}
haveNotarizationUser:
description: True if necessary notarization credentials were found
value: ${{ steps.notarization.outputs.haveNotarizationUser }}
codesignIdent:
description: Codesigning identity
value: ${{ steps.codesign.outputs.codesignIdent }}
installerIdent:
description: Codesigning identity for package installer
value: ${{ steps.codesign.outputs.installerIdent }}
codesignTeam:
description: Codesigning team
value: ${{ steps.codesign.outputs.codesignTeam }}
runs:
using: composite
steps:
- name: Check Runner Operating System 🏃‍♂️
if: runner.os != 'macOS'
shell: bash
run: |
: Check Runner Operating System 🏃‍♂️
echo "setup-macos-codesigning action requires a macOS-based runner."
exit 2
- name: macOS Codesigning ✍️
shell: zsh --no-rcs --errexit --pipefail {0}
id: codesign
env:
MACOS_SIGNING_IDENTITY: ${{ inputs.codesignIdentity }}
MACOS_SIGNING_IDENTITY_INSTALLER: ${{ inputs.installerIdentity}}
MACOS_SIGNING_CERT: ${{ inputs.codesignCertificate }}
MAOCS_SIGNING_CERT_PASSWORD: ${{ inputs.certificatePassword }}
MACOS_KEYCHAIN_PASSWORD: ${{ inputs.keychainPassword }}
run: |
: macOS Codesigning ✍️
if (( ${+RUNNER_DEBUG} )) setopt XTRACE
if [[ ${MACOS_SIGNING_IDENTITY} && ${MACOS_SIGNING_IDENTITY_INSTALLER} && ${MACOS_SIGNING_CERT} ]] {
print 'haveCodesignIdent=true' >> $GITHUB_OUTPUT
local -r certificate_path="${RUNNER_TEMP}/build_certificate.p12"
local -r keychain_path="${RUNNER_TEMP}/app-signing.keychain-db"
print -n "${MACOS_SIGNING_CERT}" | base64 --decode --output="${certificate_path}"
: "${MACOS_KEYCHAIN_PASSWORD:="$(print ${RANDOM} | shasum | head -c 32)"}"
print '::group::Keychain setup'
security create-keychain -p "${MACOS_KEYCHAIN_PASSWORD}" ${keychain_path}
security set-keychain-settings -lut 21600 ${keychain_path}
security unlock-keychain -p "${MACOS_KEYCHAIN_PASSWORD}" ${keychain_path}
security import "${certificate_path}" -P "${MAOCS_SIGNING_CERT_PASSWORD}" -A \
-t cert -f pkcs12 -k ${keychain_path} \
-T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/xcrun
security set-key-partition-list -S 'apple-tool:,apple:' -k "${MACOS_KEYCHAIN_PASSWORD}" \
${keychain_path} &> /dev/null
security list-keychain -d user -s ${keychain_path} 'login-keychain'
print '::endgroup::'
local -r team_id="${${MACOS_SIGNING_IDENTITY##* }//(\(|\))/}"
print "codesignIdent=${MACOS_SIGNING_IDENTITY}" >> $GITHUB_OUTPUT
print "installerIdent=${MACOS_SIGNING_IDENTITY_INSTALLER}" >> $GITHUB_OUTPUT
print "MACOS_KEYCHAIN_PASSWORD=${MACOS_KEYCHAIN_PASSWORD}" >> $GITHUB_ENV
print "codesignTeam=${team_id}" >> $GITHUB_OUTPUT
} else {
print 'haveCodesignIdent=false' >> $GITHUB_OUTPUT
}
- name: Provisioning Profile 👤
shell: zsh --no-rcs --errexit --pipefail {0}
id: provisioning
if: ${{ fromJSON(steps.codesign.outputs.haveCodesignIdent) }}
env:
MACOS_SIGNING_PROVISIONING_PROFILE: ${{ inputs.provisioningProfile }}
run: |
: Provisioning Profile 👤
if (( ${+RUNNER_DEBUG} )) setopt XTRACE
if [[ ${MACOS_SIGNING_PROVISIONING_PROFILE} ]] {
print 'haveProvisioningProfile=true' >> $GITHUB_OUTPUT
local -r profile_path="${RUNNER_TEMP}/build_profile.provisionprofile"
print -n "${MACOS_SIGNING_PROVISIONING_PROFILE}" \
| base64 --decode --output ${profile_path}
print '::group::Provisioning Profile Setup'
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
security cms -D -i ${profile_path} -o ${RUNNER_TEMP}/build_profile.plist
local -r uuid="$(plutil -extract UUID raw ${RUNNER_TEMP}/build_profile.plist)"
local -r team_id="$(plutil -extract TeamIdentifier.0 raw -expect string ${RUNNER_TEMP}/build_profile.plist)"
if [[ ${team_id} != '${{ steps.codesign.codesignTeam }}' ]] {
print '::notice::Code Signing team in provisioning profile does not match certificate.'
}
cp ${profile_path} ~/Library/MobileDevice/Provisioning\ Profiles/${uuid}.provisionprofile
print "provisioningProfileUUID=${uuid}" >> $GITHUB_OUTPUT
print '::endgroup::'
} else {
print 'haveProvisioningProfile=false' >> $GITHUB_OUTPUT
}
- name: Notarization 🧑‍💼
shell: zsh --no-rcs --errexit --pipefail {0}
id: notarization
if: ${{ fromJSON(steps.codesign.outputs.haveCodesignIdent) }}
env:
MACOS_NOTARIZATION_USERNAME: ${{ inputs.notarizationUser }}
MACOS_NOTARIZATION_PASSWORD: ${{ inputs.notarizationPassword }}
run: |
: Notarization 🧑‍💼
if (( ${+RUNNER_DEBUG} )) setopt XTRACE
if [[ ${MACOS_NOTARIZATION_USERNAME} && ${MACOS_NOTARIZATION_PASSWORD} ]] {
print 'haveNotarizationUser=true' >> $GITHUB_OUTPUT
} else {
print 'haveNotarizationUser=false' >> $GITHUB_OUTPUT
}
Reference in New Issue View Git Blame Copy Permalink