Sign macos app

bardsoftware · Jul 12, 2023 · dfc620c · dfc620c
1 parent 0886c90
commit dfc620c
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 17 deletions.
diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml
@@ -9,6 +9,10 @@ env:
  VERSION: 3.3.3295
  WINDOWS_APP_FOLDER_NAME: GanttProject-3.3-Beta-II
  MAC_APP_NAME: GanttProject 3.3 Beta II
+ MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
+ MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
+ MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
+ MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
 
 jobs:
 # Linux:
@@ -151,16 +155,26 @@ jobs:
  - name: Build GanttProject.app
  run: |
  ./build-bin/package-mac.sh
- cd build 
- tar -czf ganttproject-app-$VERSION.tgz "GanttProject.app"
 
- - uses: actions/setup-python@v4
- with:
- python-version: '3.10'
- - name: Build DMG
+ - name: Sign GanttProject.app
  run: |
- pip install "dmgbuild"
- dmgbuild -s build-cfg/dmgbuild.py "$MAC_APP_NAME" build/ganttproject-$VERSION.dmg
+ echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
+
+ security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain 
+ security default-keychain -s build.keychain
+ security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+ security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
+ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+ 
+ build-bin/notarize.sh $VERSION "BarD Software s.r.o." "qwer" sign
+
+# - uses: actions/setup-python@v4
+# with:
+# python-version: '3.10'
+# - name: Build DMG
+# run: |
+# pip install "dmgbuild"
+# dmgbuild -s build-cfg/dmgbuild.py "$MAC_APP_NAME" build/ganttproject-$VERSION.dmg
 
  - id: 'auth'
  uses: 'google-github-actions/auth@v1'
@@ -177,9 +191,6 @@ jobs:
  run: |
  #!/bin/sh
  cd build
- for f in *.tgz; do
- gsutil cp $f gs://dl.ganttproject.biz && gsutil acl ch -u AllUsers:R gs://dl.ganttproject.biz/$f;
- done;
  for f in *.dmg; do
  gsutil cp $f gs://dl.ganttproject.biz && gsutil acl ch -u AllUsers:R gs://dl.ganttproject.biz/$f;
  done;

diff --git a/build-bin/notarize.sh b/build-bin/notarize.sh
@@ -3,7 +3,7 @@
 VER=$1
 SIG=$2
 NOTARIZE_PASSWORD=$3
-
+COMMAND=$4
 
 do_prepare() {
 find build/GanttProject.app/ -type f -not -path *Contents/runtime/* -not -path */Contents/MacOS/GanttProject -not -path *libapplauncher.dylib -exec codesign --timestamp -f -s "$SIG" --prefix com.bardsoftware. --entitlements build-cfg/ganttproject.entitlements.xml --options runtime -v --keychain ~/Library/Keychains/login.keychain-db {} \;
@@ -14,7 +14,7 @@ codesign -vvv --deep --strict build/GanttProject.app
 spctl -a -t exec -vv build/GanttProject.app
 
 
-jpackage --type dmg --app-image build/GanttProject.app -n "GanttProject $VER"
+jpackage --type dmg --app-image build/GanttProject.app -n "ganttproject-$VER"
 }
 
 do_notarize() {
@@ -26,6 +26,17 @@ do_staple() {
  xcrun stapler staple build/GanttProject.app
 }
 
-do_prepare
-#do_notarize
-#do_staple
+case $COMMAND in
+sign)
+ do_prepare()
+ ;;
+notarize)
+ do_notarize()
+ ;;
+staple)
+ do_staple()
+ ;;
+*)
+ echo "Unknown command: $COMMAND" && exit 1
+ ;;
+esac
diff --git a/build-cfg/dmgbuild.py b/build-cfg/dmgbuild.py
@@ -17,7 +17,7 @@
 files = ['build/GanttProject.app', 'ganttproject-builder/HouseBuildingSample.gan', 'LICENSE']
 symlinks = { "Applications": "/Applications" }
 badge_icon = "build-cfg/ganttproject.icns"
-background = "bg3.png"
+background = "build-cfg/dmg-background.png"
 window_rect = ((100, 100), (512, 512))
 icon_size=96
 icon_locations = {