consolidate codesigning

Mach1Studios · Jan 20, 2024 · 2aeb90e · 2aeb90e
1 parent 36d2ff9
commit 2aeb90e
Showing 1 changed file with 11 additions and 28 deletions.
diff --git a/.github/workflows/juce_ci.yml b/.github/workflows/juce_ci.yml
@@ -51,33 +51,6 @@ jobs:
       shell: bash
       run: cmake --build build --config $BUILD_TYPE
 
-    - name: OM Extract Keys and Codesign (macos)
-      if: runner.os == 'MacOS'
-      # Extract the secrets we defined earlier as environment variables
-      env: 
-        MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
-        MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
-        MACOS_CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }}
-        MACOS_CI_KEYCHAIN_PWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }}
-      run: |
-        # Turn our base64-encoded certificate back to a regular .p12 file
-        
-        echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
-
-        # We need to create a new keychain, otherwise using the certificate will prompt
-        # with a UI dialog asking for the certificate password, which we can't
-        # use in a headless CI environment
-        
-        security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain 
-        security default-keychain -s build.keychain
-        security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
-        security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
-        security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
-
-        # We finally codesign our app bundle, specifying the Hardened runtime option
-        
-        /usr/bin/codesign -v --force -s "$MACOS_CERTIFICATE_NAME" --options runtime --entitlements Resources/entitlements.mac.plist --timestamp osc_client/Resources/m1-orientationmanager
-
     # - name: 'OM Upload Artifact (macos)'
     #   if: runner.os == 'MacOS'
     #   working-directory: ${{runner.workspace}}
@@ -114,7 +87,7 @@ jobs:
       shell: bash
       run: cmake --build build --config $BUILD_TYPE
 
-    - name: OC Extract Keys and Codesign (macos)
+    - name: OM & OC Extract Keys and Codesign (macos)
       if: runner.os == 'MacOS'
       # Extract the secrets we defined earlier as environment variables
       env: 
@@ -124,12 +97,22 @@ jobs:
         MACOS_CI_KEYCHAIN_PWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }}
       run: |
         # Turn our base64-encoded certificate back to a regular .p12 file
+        
         echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
 
+        # We need to create a new keychain, otherwise using the certificate will prompt
+        # with a UI dialog asking for the certificate password, which we can't
+        # use in a headless CI environment
+        
+        security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain 
+        security default-keychain -s build.keychain
         security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
         security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
         security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
 
+        # We finally codesign our app bundle, specifying the Hardened runtime option
+        
+        /usr/bin/codesign -v --force -s "$MACOS_CERTIFICATE_NAME" --options runtime --entitlements Resources/entitlements.mac.plist --timestamp osc_client/build/M1-OrientationOSC_artefacts/Release/M1-OrientationOSC.app/Contents/MacOS/m1-orientationmanager
         /usr/bin/codesign -v --force -s "$MACOS_CERTIFICATE_NAME" --options runtime --entitlements osc_client/Resources/M1-OrientationOSC.entitlements --timestamp osc_client/build/M1-OrientationOSC_artefacts/Release/M1-OrientationOSC.app
 
     - name: OC Package (macos)