From 0a4a11a9ca40a91306fafd0038fad0070d797188 Mon Sep 17 00:00:00 2001 From: Horacio Herrera Date: Tue, 8 Aug 2023 13:12:17 +0200 Subject: [PATCH] new test ci --- ...n-release.yml.off => electron-release.yml} | 37 +++++++++++++++---- frontend/apps/electron/entitlements.plist | 4 +- 2 files changed, 32 insertions(+), 9 deletions(-) rename .github/workflows/{electron-release.yml.off => electron-release.yml} (73%) diff --git a/.github/workflows/electron-release.yml.off b/.github/workflows/electron-release.yml similarity index 73% rename from .github/workflows/electron-release.yml.off rename to .github/workflows/electron-release.yml index 6091561af5..6f0433ca84 100644 --- a/.github/workflows/electron-release.yml.off +++ b/.github/workflows/electron-release.yml @@ -106,13 +106,36 @@ jobs: GOARCH: ${{ matrix.config.goarch }} CGO_ENABLED: 1 - - name: Add MacOS certs + - name: Install the Apple certificate and provisioning profile # if: matrix.config.os == 'macos-latest' && startsWith(github.ref, 'refs/tags/') if: matrix.config.os == 'macos-latest' - run: chmod +x add-osx-cert.sh && ./add-osx-cert.sh env: - APPLE_CERTIFICATE_OSX_APPLICATION: ${{ secrets.APPLE_CERTIFICATE_OSX_APPLICATION }} - APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate and provisioning profile from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + + # apply provisioning profile + mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles - name: create AppImage private key file if: matrix.config.os == 'ubuntu-latest' @@ -148,9 +171,9 @@ jobs: SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_ID_PASSWORD: '${{ secrets.APPLE_ID_PASSWORD }}' - APPLE_API_ISSUER: '${{ secrets.APPLE_API_ISSUER }}' - APPLE_API_PRIVKEY: '${{ secrets.APPLE_API_PRIVKEY }}' - APPLE_API_KEY: '${{ secrets.APPLE_API_KEY }}' APPLE_TEAM_ID: '${{ secrets.APPLE_TEAM_ID }}' + # APPLE_API_ISSUER: '${{ secrets.APPLE_API_ISSUER }}' + # APPLE_API_PRIVKEY: '${{ secrets.APPLE_API_PRIVKEY }}' + # APPLE_API_KEY: '${{ secrets.APPLE_API_KEY }}' # WINDOWS_PFX_FILE: '${{ steps.write_file.outputs.filePath }}' # WINDOWS_PFX_PASSWORD: '${{ secrets.WINDOWS_PFX_PASSWORD }}' diff --git a/frontend/apps/electron/entitlements.plist b/frontend/apps/electron/entitlements.plist index 983f109909..56cf16ca87 100644 --- a/frontend/apps/electron/entitlements.plist +++ b/frontend/apps/electron/entitlements.plist @@ -2,10 +2,10 @@ - com.apple.security.cs.allow-jit - com.apple.security.cs.allow-unsigned-executable-memory + com.apple.security.cs.allow-jit + com.apple.security.cs.disable-library-validation com.apple.security.cs.disable-executable-page-protection