mirror of
https://github.com/GitJournal/GitJournal.git
synced 2025-08-06 07:12:07 +08:00
CI: Build macos app and sign it
This doesn't cover notarization
This commit is contained in:
Vishesh Handa
1
.gitattributes
vendored
1
.gitattributes
vendored
@ -2,5 +2,6 @@ android/app/keystore.jks filter=git-crypt diff=git-crypt
|
||||
android/fastlane/google-play-api-key.json filter=git-crypt diff=git-crypt
|
||||
android/key.properties filter=git-crypt diff=git-crypt
|
||||
ios/keys/* filter=git-crypt diff=git-crypt
|
||||
macos/keys/* filter=git-crypt diff=git-crypt
|
||||
scripts/secrets/* filter=git-crypt diff=git-crypt
|
||||
.gitattributes !filter !diff
|
||||
|
||||
38
.github/workflows/macos.yml
vendored
Normal file
38
.github/workflows/macos.yml
vendored
Normal file
@ -0,0 +1,38 @@
|
||||
name: MacOS
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: macos-11
|
||||
timeout-minutes: 30
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- name: Install Deps
|
||||
run: brew install git-crypt md5sha1sum gnu-sed create-dmg
|
||||
- name: Unlock Secrets
|
||||
env:
|
||||
GITCRYPT_KEY: ${{ secrets.GITCRYPT_KEY }}
|
||||
run: ./scripts/decrypt_secrets.sh
|
||||
- name: Setup provisioning profile
|
||||
run: ./scripts/add_ios_keys.sh
|
||||
- uses: subosito/flutter-action@v1
|
||||
with:
|
||||
flutter-version: "2.2.2"
|
||||
- run: flutter pub get
|
||||
- run: dart ./scripts/setup_env.dart
|
||||
env:
|
||||
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
|
||||
- run: ./scripts/build_macos.sh
|
||||
env:
|
||||
FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }}
|
||||
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
|
||||
- name: "Upload Artifact"
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: AppImage
|
||||
path: build/macos/Build/Products/Release/GitJournal.dmg
|
||||
if-no-files-found: error
|
||||
@ -208,7 +208,6 @@
|
||||
33CC10EC2044A3C60003C045 = {
|
||||
CreatedOnToolsVersion = 9.2;
|
||||
LastSwiftMigration = 1100;
|
||||
ProvisioningStyle = Automatic;
|
||||
SystemCapabilities = {
|
||||
com.apple.Sandbox = {
|
||||
enabled = 1;
|
||||
@ -391,7 +390,7 @@
|
||||
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
|
||||
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
|
||||
CLANG_WARN_SUSPICIOUS_MOVE = YES;
|
||||
CODE_SIGN_IDENTITY = "-";
|
||||
CODE_SIGN_IDENTITY = "";
|
||||
COPY_PHASE_STRIP = NO;
|
||||
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
|
||||
ENABLE_NS_ASSERTIONS = NO;
|
||||
@ -418,8 +417,9 @@
|
||||
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
|
||||
CLANG_ENABLE_MODULES = YES;
|
||||
CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
|
||||
CODE_SIGN_STYLE = Automatic;
|
||||
CODE_SIGN_STYLE = Manual;
|
||||
COMBINE_HIDPI_IMAGES = YES;
|
||||
DEVELOPMENT_TEAM = 4NYTN6RU3N;
|
||||
INFOPLIST_FILE = Runner/Info.plist;
|
||||
LD_RUNPATH_SEARCH_PATHS = (
|
||||
"$(inherited)",
|
||||
@ -465,7 +465,7 @@
|
||||
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
|
||||
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
|
||||
CLANG_WARN_SUSPICIOUS_MOVE = YES;
|
||||
CODE_SIGN_IDENTITY = "-";
|
||||
CODE_SIGN_IDENTITY = "";
|
||||
COPY_PHASE_STRIP = NO;
|
||||
DEBUG_INFORMATION_FORMAT = dwarf;
|
||||
ENABLE_STRICT_OBJC_MSGSEND = YES;
|
||||
@ -518,7 +518,7 @@
|
||||
CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR;
|
||||
CLANG_WARN_RANGE_LOOP_ANALYSIS = YES;
|
||||
CLANG_WARN_SUSPICIOUS_MOVE = YES;
|
||||
CODE_SIGN_IDENTITY = "-";
|
||||
CODE_SIGN_IDENTITY = "";
|
||||
COPY_PHASE_STRIP = NO;
|
||||
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
|
||||
ENABLE_NS_ASSERTIONS = NO;
|
||||
@ -545,8 +545,9 @@
|
||||
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
|
||||
CLANG_ENABLE_MODULES = YES;
|
||||
CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
|
||||
CODE_SIGN_STYLE = Automatic;
|
||||
CODE_SIGN_STYLE = Manual;
|
||||
COMBINE_HIDPI_IMAGES = YES;
|
||||
DEVELOPMENT_TEAM = 4NYTN6RU3N;
|
||||
INFOPLIST_FILE = Runner/Info.plist;
|
||||
LD_RUNPATH_SEARCH_PATHS = (
|
||||
"$(inherited)",
|
||||
@ -566,8 +567,9 @@
|
||||
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
|
||||
CLANG_ENABLE_MODULES = YES;
|
||||
CODE_SIGN_ENTITLEMENTS = Runner/Release.entitlements;
|
||||
CODE_SIGN_STYLE = Automatic;
|
||||
CODE_SIGN_STYLE = Manual;
|
||||
COMBINE_HIDPI_IMAGES = YES;
|
||||
DEVELOPMENT_TEAM = 4NYTN6RU3N;
|
||||
INFOPLIST_FILE = Runner/Info.plist;
|
||||
LD_RUNPATH_SEARCH_PATHS = (
|
||||
"$(inherited)",
|
||||
|
||||
@ -6,7 +6,11 @@
|
||||
<false/>
|
||||
<key>com.apple.security.cs.allow-jit</key>
|
||||
<true/>
|
||||
<key>com.apple.security.device.camera</key>
|
||||
<true/>
|
||||
<key>com.apple.security.network.server</key>
|
||||
<true/>
|
||||
<key>com.apple.security.personal-information.photos-library</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
||||
|
||||
BIN
macos/keys/dev_id.p12
Normal file
BIN
macos/keys/dev_id.p12
Normal file
Binary file not shown.
37
scripts/add_macos_keys.sh
Executable file
37
scripts/add_macos_keys.sh
Executable file
@ -0,0 +1,37 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
#
|
||||
# Keychain
|
||||
#
|
||||
cd macos/keys/
|
||||
|
||||
echo ""
|
||||
echo "Configuring Keychain"
|
||||
|
||||
KEYCHAIN_NAME="build.keychain"
|
||||
KEYCHAIN_PATH="$HOME/Library/Keychains/$KEYCHAIN_NAME"
|
||||
KEYCHAIN_PASSWORD=""
|
||||
|
||||
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
|
||||
security import dev_id.p12 -k "$KEYCHAIN_PATH" -P "$KEYCHAIN_PASSWORD" -A
|
||||
|
||||
security list-keychains -s "$KEYCHAIN_PATH"
|
||||
security default-keychain -s "$KEYCHAIN_PATH"
|
||||
security set-keychain-settings "$KEYCHAIN_PATH" # Remove relock timeout
|
||||
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
||||
|
||||
# To fix "codesign unable to build chain to self-signed root for signer"
|
||||
# https://stackoverflow.com/a/66083449/147435
|
||||
wget -q https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
|
||||
wget -q https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
|
||||
|
||||
security add-certificates -k "$KEYCHAIN_PATH" "AppleWWDRCA.cer" || true
|
||||
security add-certificates -k "$KEYCHAIN_PATH" "AppleWWDRCAG3.cer" || true
|
||||
|
||||
# Apple Magic https://stackoverflow.com/a/40870033/147435
|
||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
||||
|
||||
# Print out installed code signing identities
|
||||
security find-identity
|
||||
45
scripts/build_macos.sh
Executable file
45
scripts/build_macos.sh
Executable file
@ -0,0 +1,45 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
cd ../
|
||||
|
||||
flutter pub get
|
||||
|
||||
BUILD_NUM=$(git rev-list --count HEAD)
|
||||
echo "Build Number: $BUILD_NUM"
|
||||
|
||||
BUILD_NAME=$(cat pubspec.yaml | grep version | awk '{ print $2 }' | awk -F "+" '{ print $1 }')
|
||||
echo "Build Name: $BUILD_NAME"
|
||||
|
||||
xcodebuild -version
|
||||
|
||||
export MACOS_APP_RELEASE_PATH=build/macos/Build/Products/Release
|
||||
flutter build macos --release --no-codesign --build-number="$BUILD_NUM" --build-name="$BUILD_NAME"
|
||||
|
||||
# Signing
|
||||
export APP_NAME=GitJournal
|
||||
export MACOS_APP_PATH=./$MACOS_APP_RELEASE_PATH/$APP_NAME.app
|
||||
|
||||
/usr/bin/codesign -vv --force --deep -s 2BC9130EA0A9C6F623E1AAEB5594BFA04FA875F3 "$MACOS_APP_PATH"
|
||||
|
||||
# Debugging Signing Issues
|
||||
pkgutil --check-signature "$MACOS_APP_PATH"
|
||||
codesign -dvv "$MACOS_APP_PATH"
|
||||
|
||||
# Build dmg
|
||||
cd $MACOS_APP_RELEASE_PATH
|
||||
|
||||
create-dmg \
|
||||
--volname "$APP_NAME" \
|
||||
--window-pos 200 120 \
|
||||
--window-size 800 529 \
|
||||
--icon-size 130 \
|
||||
--text-size 14 \
|
||||
--icon "$APP_NAME.app" 260 250 \
|
||||
--hide-extension "$APP_NAME.app" \
|
||||
--app-drop-link 540 250 \
|
||||
--hdiutil-quiet \
|
||||
"$APP_NAME.dmg" \
|
||||
"$APP_NAME.app"
|
||||
Reference in New Issue
Block a user