From f3692023e9b6220411f10f7e1c8d9184f9b59c1c Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 8 Oct 2024 02:46:12 -0700 Subject: [PATCH 1/2] Include App Store Connect provider in notarization tool configuration A tool named gon is used to notarize the macOS release binaries. This tool must be configured with the credentials to be used for the notarization. In addition to the always mandatory Apple ID username and password, it is also necessary to specify the App Store Connect provider in cases where the user is a member of multiple Apple Developer Program teams. --- .github/workflows/publish-go-nightly-task.yml | 1 + .github/workflows/release-go-task.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/publish-go-nightly-task.yml b/.github/workflows/publish-go-nightly-task.yml index 6bb3de0a1..ba7debf03 100644 --- a/.github/workflows/publish-go-nightly-task.yml +++ b/.github/workflows/publish-go-nightly-task.yml @@ -143,6 +143,7 @@ jobs: env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + AC_PROVIDER: ${{ secrets.AC_PROVIDER }} run: | gon "${{ env.GON_CONFIG_PATH }}" diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index 055acf563..c08448ced 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -148,6 +148,7 @@ jobs: env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + AC_PROVIDER: ${{ secrets.AC_PROVIDER }} run: | gon "${{ env.GON_CONFIG_PATH }}" From 861c22ff0afa32ae09e262df7fa7676b4d6ecba4 Mon Sep 17 00:00:00 2001 From: per1234 Date: Tue, 8 Oct 2024 02:50:38 -0700 Subject: [PATCH 2/2] Use Bearer/gon for macOS notarization of releases A tool named gon is used to notarize the macOS release binaries. The original gon tool is now nonfunctional due to its use of the altool tool, which is no longer permitted by Apple. Fortunately a fork of gon was created and the migration from altool to notarytool completed in that fork. So the release workflows are hereby migrated to using the functional fork of gon. --- .github/workflows/publish-go-nightly-task.yml | 4 ++-- .github/workflows/release-go-task.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-go-nightly-task.yml b/.github/workflows/publish-go-nightly-task.yml index ba7debf03..2e194757d 100644 --- a/.github/workflows/publish-go-nightly-task.yml +++ b/.github/workflows/publish-go-nightly-task.yml @@ -117,14 +117,14 @@ jobs: - name: Install gon for code signing and app notarization run: | - wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip + wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip unzip gon_macos.zip -d /usr/local/bin - name: Write gon config to file # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20) run: | cat > "${{ env.GON_CONFIG_PATH }}" < "${{ env.GON_CONFIG_PATH }}" <