diff --git a/.github/workflows/build-head.yml b/.github/workflows/build-head.yml index d084a8b..6828cc4 100644 --- a/.github/workflows/build-head.yml +++ b/.github/workflows/build-head.yml @@ -20,6 +20,8 @@ jobs: P12_PASSWORD: ${{ secrets.P12_PASSWORD }} BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + APP_PASSWORD: ${{ secrets.APP_PASSWORD }} + APPLE_ID: ${{ secrets.APPLE_ID }} run: | # create variables BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 @@ -42,6 +44,8 @@ jobs: # apply provisioning profile mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles + # register a profile to keychain for notarize + xcrun notarytool store-credentials "github-emacs-build" --apple-id $APPLE_ID --team-id "H2PH8KNN3H" --password $APP_PASSWORD - name: Setup to build run: sh build/setup.sh - name: Build HEAD with inline patch diff --git a/release/notarize-emacs.sh b/release/notarize-emacs.sh index bf934bb..f667110 100644 --- a/release/notarize-emacs.sh +++ b/release/notarize-emacs.sh @@ -77,7 +77,7 @@ if [ "${BRANCH}" = "" -a ! "${VERSION}" = "" ]; then echo "--- Targeting version: ${VERSION}" fi cp -r ${APPDIR}/Emacs.app pkg/Applications/${APPINSTALLDIR} -ls ${APPINSTALLDIR} +ls pkg/Applications/${APPINSTALLDIR} DEVELOPERID='Developer ID Application: Takaaki Ishikawa (H2PH8KNN3H)' codesign --verify --sign "${DEVELOPERID}" --deep --force --verbose --option runtime --entitlements entitlements.plist --timestamp ./pkg/Applications/${APPINSTALLDIR}/Emacs.app @@ -126,7 +126,7 @@ if [ "${RESULT}" ]; then exit 1 fi -xcrun notarytool submit "Emacs-Distribution_SIGNED.pkg" --keychain-profile "emacs-build" --wait +xcrun notarytool submit "Emacs-Distribution_SIGNED.pkg" --keychain-profile "github-emacs-build" --wait rm -f Emacs.pkg Emacs-Distribution.pkg sleep 2