From 30dd3e7932b5d23c65ab3e8a1f1a09710f9aa679 Mon Sep 17 00:00:00 2001 From: Ethan Dickson Date: Fri, 7 Mar 2025 17:10:19 +1100 Subject: [PATCH] ci: set installer cert & password Change-Id: I48dc1ede517587093699e84da01f8d6d37463581 Signed-off-by: Thomas Kosiewski --- .env | 8 ++++---- .github/workflows/release.yml | 6 ++++-- Makefile | 8 ++++---- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/.env b/.env index 6365247..9eb149b 100644 --- a/.env +++ b/.env @@ -1,9 +1,9 @@ # Build a release locally using: op run --env-file="./.env" -- make release -APPLE_CERT="op://Apple/Apple DeveloperID Application PKCS12 base64/notesPlain" -CERT_PASSWORD="op://Apple/DeveloperID Application p12 password/password" +APPLE_DEVELOPER_ID_PKCS12_B64="op://Apple/Apple DeveloperID Application PKCS12 base64/notesPlain" +APPLE_DEVELOPER_ID_PKCS12_PASSWORD="op://Apple/DeveloperID Application p12 password/password" -APPLE_INSTALLER_CERT="op://Apple/Developer ID Installer PKCS12 base64/notesPlain" -INSTALLER_CERT_PASSWORD="op://Apple/DeveloperID Installer Password/password" +APPLE_INSTALLER_PKCS12_B64="op://Apple/Developer ID Installer PKCS12 base64/notesPlain" +APPLE_INSTALLER_PKCS12_PASSWORD="op://Apple/DeveloperID Installer Password/password" APPLE_ID="op://Apple/3apcadvvcojjbpxnd7m5fgh5wm/username" APPLE_ID_PASSWORD="op://Apple/3apcadvvcojjbpxnd7m5fgh5wm/password" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 576bdcd..ab6ca68 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,11 +41,13 @@ jobs: - name: Build env: - APPLE_CERT: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }} + APPLE_DEVELOPER_ID_PKCS12_B64: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }} + APPLE_DEVELOPER_ID_PKCS12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }} + APPLE_INSTALLER_PKCS12_B64: ${{ secrets.APPLE_INSTALLER_PKCS12_PASSWORD }} + APPLE_INSTALLER_PKCS12_PASSWORD: ${{ secrets.APPLE_INSTALLER_PKCS12_B64 }} APPLE_ID: ${{ secrets.APPLE_NOTARYTOOL_USERNAME }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_NOTARYTOOL_PASSWORD }} APP_PROF: ${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }} - CERT_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }} EXT_PROF: ${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }} run: make release diff --git a/Makefile b/Makefile index d809347..e823a13 100644 --- a/Makefile +++ b/Makefile @@ -53,12 +53,12 @@ $(KEYCHAIN_FILE): security set-keychain-settings -lut 21600 "$(APP_SIGNING_KEYCHAIN)" security unlock-keychain -p "" "$(APP_SIGNING_KEYCHAIN)" @tempfile=$$(mktemp); \ - echo "$$APPLE_CERT" | base64 -d > $$tempfile; \ - security import $$tempfile -P '$(CERT_PASSWORD)' -A -t cert -f pkcs12 -k "$(APP_SIGNING_KEYCHAIN)"; \ + echo "$$APPLE_DEVELOPER_ID_PKCS12_B64" | base64 -d > $$tempfile; \ + security import $$tempfile -P '$(APPLE_DEVELOPER_ID_PKCS12_PASSWORD)' -A -t cert -f pkcs12 -k "$(APP_SIGNING_KEYCHAIN)"; \ rm $$tempfile @tempfile=$$(mktemp); \ - echo "$$APPLE_INSTALLER_CERT" | base64 -d > $$tempfile; \ - security import $$tempfile -P '$(INSTALLER_CERT_PASSWORD)' -A -t cert -f pkcs12 -k "$(APP_SIGNING_KEYCHAIN)"; \ + echo "$$APPLE_INSTALLER_PKCS12_B64" | base64 -d > $$tempfile; \ + security import $$tempfile -P '$(APPLE_INSTALLER_PKCS12_PASSWORD)' -A -t cert -f pkcs12 -k "$(APP_SIGNING_KEYCHAIN)"; \ rm $$tempfile security list-keychains -d user -s $$(security list-keychains -d user | tr -d '\"') "$(APP_SIGNING_KEYCHAIN)"