Skip to content

Commit

Permalink
Change way of signing universal binary
Browse files Browse the repository at this point in the history
  • Loading branch information
michalchecinski committed Jan 31, 2024
1 parent bd11b6c commit 276d8a8
Showing 1 changed file with 22 additions and 22 deletions.
44 changes: 22 additions & 22 deletions .github/workflows/build-cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -393,22 +393,22 @@ jobs:
- name: Sign binary
env:
MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }}
run: /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime ./bws-aarch64-apple-darwin/bws -v
run: codesign -s "$MACOS_NOTARIZATION_TEAM_ID" -f --timestamp -o runtime -i "com.bitwarden.bws" --entitlements "./crates/bws/entitlements.plist" ./bws-aarch64-apple-darwin/bws-v

# - name: Create pkg
# env:
# MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }}
# run: pkgbuild --root ./bws-aarch64-apple-darwin --identifier "com.bitwarden.bws.pkg" --install-location "/" --sign $MACOS_CERTIFICATE_NAME --version "${{ env._PACKAGE_VERSION }}" "./bws-aarch64-apple-darwin/bws-${{ env._PACKAGE_VERSION }}.pkg"

- name: Create dmg
run: |
hdiutil create ./tmp.dmg -volname "Bitwarden Secrets Manager CLI" -srcfolder ./bws-aarch64-apple-darwin -ov -fs HFS+
hdiutil convert ./tmp.dmg -format UDZO -o ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg
# - name: Create dmg
# run: |
# hdiutil create ./tmp.dmg -volname "Bitwarden Secrets Manager CLI" -srcfolder ./bws-aarch64-apple-darwin -ov -fs HFS+
# hdiutil convert ./tmp.dmg -format UDZO -o ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg

- name: Sign dmg
env:
MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }}
run: /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg -v
# - name: Sign dmg
# env:
# MACOS_CERTIFICATE_NAME: ${{ steps.retrieve-secrets-macos.outputs.macos-bws-certificate-name }}
# run: /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg -v

- name: Notarize app
env:
Expand All @@ -426,20 +426,20 @@ jobs:
echo "Notarize app"
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
rm notarization.zip
# rm notarization.zip
echo "Creating temp notarization archive"
ditto -c -k --keepParent "./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg" "notarization.zip"
# echo "Creating temp notarization archive"
# ditto -c -k --keepParent "./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg" "notarization.zip"
echo "Notarize dmg"
xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
# echo "Notarize dmg"
# xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
xcrun stapler staple "./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg"
# xcrun stapler staple "./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg"
- name: Zip universal artifact
run: |
zip ./bws-macos-universal-${{ env._PACKAGE_VERSION }}.zip ./bws-macos-universal/bws
zip ./bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg
# zip ./bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip ./bws-macos-universal-pkg-${{ env._PACKAGE_VERSION }}.dmg
- name: Upload artifact
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
Expand All @@ -448,12 +448,12 @@ jobs:
path: ./bws-macos-universal-${{ env._PACKAGE_VERSION }}.zip
if-no-files-found: error

- name: Upload pkg artifact
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
with:
name: bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip
path: ./bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip
if-no-files-found: error
# - name: Upload pkg artifact
# uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
# with:
# name: bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip
# path: ./bws-macos-universal-dmg-${{ env._PACKAGE_VERSION }}.zip
# if-no-files-found: error

third_party:
name: Generate THIRDPARTY.html
Expand Down

0 comments on commit 276d8a8

Please sign in to comment.