@@ -407,6 +407,107 @@ jobs:
407407 path : ArduinoCreateAgent*
408408 if-no-files-found : error
409409
410+ # This job will generate a dmg mac installer, sign/notarize it.
411+ generate-sign-dmg :
412+ needs : notarize-macos
413+ strategy :
414+ matrix :
415+ arch : [amd64]
416+
417+ runs-on : macos-12
418+ steps :
419+ - name : Checkout repo with icons/background
420+ uses : actions/checkout@v3
421+ with :
422+ repository : ' bcmi-labs/arduino-create-agent-installer' # the repo which contains the icons/background
423+ token : ${{ secrets.ARDUINO_CREATE_AGENT_CI_PAT }}
424+
425+ - name : Download artifact
426+ uses : actions/download-artifact@v3
427+ with :
428+ name : ArduinoCreateAgent.app_${{ matrix.arch }}_notarized
429+ path : ArduinoCreateAgent.app
430+
431+ - name : unzip artifact
432+ run : |
433+ unzip ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip
434+ rm ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip
435+
436+ name : Install create-dmg
437+ run : brew install create-dmg
438+
439+ - name : Genarate DMG
440+ run : |
441+ create-dmg \
442+ --volname "ArduinoCreateAgent" \
443+ --background "installer_icons/background.png" \
444+ --window-pos 200 120 \
445+ --window-size 500 320 \
446+ --icon-size 80 \
447+ --icon "installer_icons/background.png" 125 150 \
448+ --app-drop-link 375 150 \
449+ "ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg" \
450+ "ArduinoCreateAgent.app"
451+
452+ name : Import Code-Signing Certificates
453+ run : |
454+ echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
455+ security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
456+ security default-keychain -s "${{ env.KEYCHAIN }}"
457+ security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
458+ security import \
459+ "${{ env.INSTALLER_CERT_MAC_PATH }}" \
460+ -k "${{ env.KEYCHAIN }}" \
461+ -f pkcs12 \
462+ -A \
463+ -T "/usr/bin/codesign" \
464+ -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
465+ security set-key-partition-list \
466+ -S apple-tool:,apple: \
467+ -s \
468+ -k "${{ env.KEYCHAIN_PASSWORD }}" \
469+ "${{ env.KEYCHAIN }}"
470+
471+ name : Install gon for code signing and app notarization
472+ run : |
473+ wget -q https://github.com/mitchellh/gon/releases/download/v0.2.5/gon_macos.zip
474+ unzip gon_macos.zip -d /usr/local/bin
475+
476+ name : Write gon config to file
477+ # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
478+ run : |
479+ cat > gon.config_installer.hcl <<EOF
480+ source = ["ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg"]
481+ bundle_id = "cc.arduino.${{ env.PROJECT_NAME }}-installer"
482+
483+ sign {
484+ application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
485+ }
486+
487+ # Ask Gon for zip output to force notarization process to take place.
488+ # The CI will not upload the zip output
489+ zip {
490+ output_path = "ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip"
491+ }
492+ EOF
493+
494+ name : Code sign and notarize app
495+ run : |
496+ echo "gon will notarize executable in ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg"
497+ gon -log-level=debug -log-json gon.config_installer.hcl
498+ timeout-minutes : 30
499+
500+ # tar dmg file to keep executable permission
501+ - name : Tar files to keep permissions
502+ run : tar -cvf ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.tar ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg
503+
504+ - name : Upload artifacts
505+ uses : actions/upload-artifact@v3
506+ with :
507+ name : ArduinoCreateAgent-osx-${{ matrix.arch }}
508+ path : ArduinoCreateAgent*.tar
509+ if-no-files-found : error
510+
410511 create-release :
411512 runs-on : ubuntu-20.04
412513 needs : [build, package]
0 commit comments