add a codesign step for package

Mach1Studios · Jan 21, 2024 · 9b56ad0 · 9b56ad0
1 parent 2aeb90e
commit 9b56ad0
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/.github/workflows/juce_ci.yml b/.github/workflows/juce_ci.yml
@@ -125,12 +125,29 @@ jobs:
         version: ${{ env.VERSION }}
         output-directory: ${{ github.workspace }}/osc_client/build/m1-OrientationOSC_artefacts/Release
 
+      - name: "OC Sign Package (macos)"
+        if: runner.os == 'MacOS'
+        # Extract the secrets we defined earlier as environment variables
+        env: 
+          MACOS_INSTALLER_CERTIFICATE: ${{ secrets.MACOS_INSTALLER_CERTIFICATE }}
+          MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+          MACOS_INSTALLER_CERTIFICATE_NAME: ${{ secrets.MACOS_INSTALLER_CERTIFICATE_NAME }}
+          MACOS_CI_KEYCHAIN_PWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }}
+        run: |
+          echo $MACOS_INSTALLER_CERTIFICATE | base64 --decode > installer_certificate.p12
+
+          security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+          security import installer_certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign -T /usr/bin/productsign
+          security set-key-partition-list -S apple-tool:,apple:,codesign:,productsign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+
+          productsign --sign "${{ secrets.MACOS_INSTALLER_CERTIFICATE_NAME }}" ${{ github.workspace }}/osc_client/build/M1-OrientationOSC_artefacts/Release/M1-OrientationOSC.pkg ${{ github.workspace }}/osc_client/build/M1-OrientationOSC_artefacts/Release/signed/M1-OrientationOSC.pkg
+
     - name: OC Notarize (macos)
       if: runner.os == 'MacOS'
       uses: cocoalibs/xcode-notarization-action@v1
       with:
         working-directory: osc_client
-        app-path: ${{ github.workspace }}/osc_client/build/M1-OrientationOSC_artefacts/Release/M1-OrientationOSC.pkg
+        app-path: ${{ github.workspace }}/osc_client/build/M1-OrientationOSC_artefacts/Release/signed/M1-OrientationOSC.pkg
         apple-id: ${{ secrets.MACOS_NOTARIZE_USER }}
         password: ${{ secrets.MACOS_NOTARIZE_PWD }}
         team-id: ${{ secrets.TEAM_ID }}