Skip to content

ci: trust self-signed certificate #58

ci: trust self-signed certificate

ci: trust self-signed certificate #58

Workflow file for this run

on:
push:
branches:
- ci/fix-mac-signing
tags:
- '*'
workflow_dispatch:
name: Build release artifacts
env:
RUST_BACKTRACE: 1
CARGO_PROFILE_DEV_DEBUG: 0
jobs:
release:
permissions:
contents: write
strategy:
fail-fast: false
matrix:
platform:
- host: macos-latest
target: aarch64-apple-darwin
# - host: macos-latest
# target: x86_64-apple-darwin
# - host: windows-latest
# target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.platform.host }}
steps:
- uses: actions/checkout@v4
- name: Setup environment
uses: ./.github/actions/setup-env
- name: Add target
run: rustup target add ${{ matrix.platform.target }}
- name: Import Apple Developer Certificate
if: startsWith(matrix.platform.target, 'aarch64-apple-darwin') || startsWith(matrix.platform.target, 'x86_64-apple-darwin')
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
echo $APPLE_AUTHORITY_CERTIFICATE | base64 --decode > certificate.crt
# openssl pkcs12 -in certificate.p12 -password ${APPLE_CERTIFICATE_PASSWORD} -clcerts -nokeys -out certificate.crt
security add-trusted-cert -d -k build.keychain certificate.crt || true
security find-identity -v -p codesigning build.keychain
- name: Create release
uses: tauri-apps/tauri-action@v0
with:
releaseDraft: true
includeUpdaterJson: true
tagName: v__VERSION__
releaseName: 'v__VERSION__'
args: --target ${{ matrix.platform.target }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_UPDATER_PRIVATE_KEY }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_UPDATER_PASSWORD }}