GitHub Actions workflow to build and sign macOS binary executables #1171
Comments
|
actions/runner-images#1820 (comment) looks useful - not sure if those notes are for iOS or macOS though. |
|
Oh wow maybe I need to Notarize it too? https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution |
|
This looks VERY useful: https://github.com/mitchellh/gon - " Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library." And it installs like this: |
|
https://github.com/search?l=YAML&q=gon+json&type=Code reveals some examples of people using These look useful: |
|
Bit uncomfortable that it looks like you need to include your Apple ID username and password in the CI configuration to do this. I'll use GitHub Secrets for this but I don't like it - I'll definitely setup a dedicated code signing account that's not my access-to-everything AppleID for this. |
|
We did this for Sno under macOS — it's a PyInstaller binary/setup which uses Packages for packaging.
FYI (if you ever get to it) for Windows you need to get a code signing certificate. And if you want automated CI, you'll want to get an "EV CodeSigning for HSM" certificate from GlobalSign, which then lets you put the certificate into Azure Key Vault. Which you can use with azuresigntool to sign your code & installer. (Non-EV certificates are a waste of time, the user still gets big warnings at install time). |
|
That's really useful, thanks @rcoup |
|
I requested a D-U-N-S number as a first step in getting a developer certificate: https://developer.apple.com/support/D-U-N-S/ |
Using PyInstaller, as explored in #93 and https://til.simonwillison.net/python/packaging-pyinstaller
The bigger challenge will be the code signing bit. I'll need a Apple Developer account ($99/year) and some extensive CI fiddling.
The text was updated successfully, but these errors were encountered: