diff --git a/.github/workflows/nymvpn-desktop.yml b/.github/workflows/nymvpn-desktop.yml index 9da0785..a610f36 100644 --- a/.github/workflows/nymvpn-desktop.yml +++ b/.github/workflows/nymvpn-desktop.yml @@ -76,29 +76,43 @@ jobs: if: matrix.platform == 'ubuntu-latest' run: cargo make deb working-directory: .${{ env.working-directory }} - - name: import apple certs + - name: Install the Apple certificate and provisioning profile if: matrix.platform == 'macos-latest' - uses: apple-actions/import-codesign-certs@v2 - continue-on-error: true - with: - p12-file-base64: ${{ secrets.APPLE_SIGNING_CERT_BASE64 }} - p12-password: ${{ secrets.APPLE_SIGNING_CERT_PASSWORD }} - - uses: Apple-Actions/download-provisioning-profiles@v1 - continue-on-error: true - if: matrix.platform == 'macos-latest' - with: - bundle-id: net.nymtech.vpn - issuer-id: ${{ secrets.APPLE_APPSTORE_ISSUER_ID }} - api-key-id: ${{ secrets.APPLE_APPSTORE_KEY_ID }} - api-private-key: ${{ secrets.APPLE_APPSTORE_PRIVATE_KEY }} + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_SIGNING_CERT_BASE64 }} + P12_PASSWORD: ${{ secrets.APPLE_SIGNING_CERT_PASSWORD }} + BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.APPLE_PROVISIONING_PROFILE_BASE64 }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASS }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate and provisioning profile from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + + # apply provisioning profile + mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles - name: build macos pkg if: matrix.platform == 'macos-latest' run: cargo make pkg working-directory: .${{ env.working-directory }} env: APPLE_TEAM_ID: VW5DZLFHM5 - APPLICATION_SIGNING_IDENTITY: 'Developer ID Application: Nym Technologies SA (VW5DZLFHM5)' - INSTALLER_SIGNING_IDENTITY: 'Developer ID Application: Nym Technologies SA (VW5DZLFHM5)' + APPLICATION_SIGNING_IDENTITY: 'Apple Distribution: Nym Technologies SA (VW5DZLFHM5)' + INSTALLER_SIGNING_IDENTITY: 'Apple Distribution: Nym Technologies SA (VW5DZLFHM5)' - name: install arc windows if: matrix.platform == 'windows-latest' uses: crazy-max/ghaction-chocolatey@v3