TO-DROP: avoid signing/notarizing

This would require the `release` environment. Signed-off-by: Johannes Schindelin <[email protected]>
microsoft · Nov 2, 2023 · b998d55 · b998d55
1 parent 121de8f
commit b998d55
Showing 1 changed file with 0 additions and 57 deletions.
diff --git a/.github/workflows/build-git-installers.yml b/.github/workflows/build-git-installers.yml
@@ -40,51 +40,6 @@ jobs:
           lipo -create -output libintl.a /usr/local/opt/gettext/lib/libintl.a /opt/homebrew/opt/gettext/lib/libintl.a
           lipo -create -output libcurl.dylib /opt/homebrew/opt/curl/lib/libcurl.4.dylib /usr/local/opt/curl/lib/libcurl.4.dylib
 
-      - name: Set up signing/notarization infrastructure
-        env:
-          A1: ${{ secrets.APPLICATION_CERTIFICATE_BASE64 }}
-          A2: ${{ secrets.APPLICATION_CERTIFICATE_PASSWORD }}
-          I1: ${{ secrets.INSTALLER_CERTIFICATE_BASE64 }}
-          I2: ${{ secrets.INSTALLER_CERTIFICATE_PASSWORD }}
-          N1: ${{ secrets.APPLE_TEAM_ID }}
-          N2: ${{ secrets.APPLE_DEVELOPER_ID }}
-          N3: ${{ secrets.APPLE_DEVELOPER_PASSWORD }}
-          N4: ${{ secrets.APPLE_KEYCHAIN_PROFILE }}
-        run: |
-          echo "Setting up signing certificates"
-          security create-keychain -p pwd $RUNNER_TEMP/buildagent.keychain
-          security default-keychain -s $RUNNER_TEMP/buildagent.keychain
-          security unlock-keychain -p pwd $RUNNER_TEMP/buildagent.keychain
-          # Prevent re-locking
-          security set-keychain-settings $RUNNER_TEMP/buildagent.keychain
-
-          echo "$A1" | base64 -D > $RUNNER_TEMP/cert.p12
-          security import $RUNNER_TEMP/cert.p12 \
-            -k $RUNNER_TEMP/buildagent.keychain \
-            -P "$A2" \
-            -T /usr/bin/codesign
-          security set-key-partition-list \
-            -S apple-tool:,apple:,codesign: \
-            -s -k pwd \
-            $RUNNER_TEMP/buildagent.keychain
-
-          echo "$I1" | base64 -D > $RUNNER_TEMP/cert.p12
-          security import $RUNNER_TEMP/cert.p12 \
-            -k $RUNNER_TEMP/buildagent.keychain \
-            -P "$I2" \
-            -T /usr/bin/pkgbuild
-          security set-key-partition-list \
-            -S apple-tool:,apple:,pkgbuild: \
-            -s -k pwd \
-            $RUNNER_TEMP/buildagent.keychain
-
-          echo "Setting up notarytool"
-          xcrun notarytool store-credentials \
-            --team-id "$N1" \
-            --apple-id "$N2" \
-            --password "$N3" \
-            "$N4"
-
       - name: Build, sign, and notarize artifacts
         env:
           A3: ${{ secrets.APPLE_APPLICATION_SIGNING_IDENTITY }}
@@ -145,22 +100,10 @@ jobs:
           # Lay out payload
           make -C git/.github/macos-installer V=1 payload
 
-          # Codesign payload
-          cp -R stage/git-${{ matrix.arch.name }}-$VERSION/ \
-            git/.github/macos-installer/build-artifacts
-          make -C git/.github/macos-installer V=1 codesign \
-            APPLE_APP_IDENTITY="$A3" || die "Creating signed payload failed"
-
           # Build and sign pkg
           make -C git/.github/macos-installer V=1 pkg \
-            APPLE_INSTALLER_IDENTITY="$I3" \
             || die "Creating signed pkg failed"
 
-          # Notarize pkg
-          make -C git/.github/macos-installer V=1 notarize \
-            APPLE_INSTALLER_IDENTITY="$I3" APPLE_KEYCHAIN_PROFILE="$N4" \
-            || die "Creating signed and notarized pkg failed"
-
           # Create DMG
           make -C git/.github/macos-installer V=1 image || die "Creating DMG failed"