From ea551c30a796fd4f1329db78d0630c2b64890137 Mon Sep 17 00:00:00 2001 From: FriwiDev Date: Fri, 25 Feb 2022 15:43:53 +0100 Subject: [PATCH] Change to api key auth --- .github/workflows/build-macosx-amd64.yml | 8 +++++++- compile_macosx.sh | 6 +++--- macosx_codesign.sh | 7 ++++--- macosx_notarize.sh | 19 ++++++++++--------- 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build-macosx-amd64.yml b/.github/workflows/build-macosx-amd64.yml index a1dd6cb..f1022f4 100644 --- a/.github/workflows/build-macosx-amd64.yml +++ b/.github/workflows/build-macosx-amd64.yml @@ -27,6 +27,8 @@ jobs: BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} + APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} + APPLE_API_KEY_NAME: ${{ secrets.APPLE_API_KEY_NAME }} run: | # create variables CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 @@ -43,11 +45,15 @@ jobs: # import certificate to keychain security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign security list-keychain -d user -s $KEYCHAIN_PATH + + # import api key from secrets + mkdir ~/private_keys + echo -n "$APPLE_API_KEY_BASE64" | base64 --decode --output "~/private_keys/AuthKey_$APPLE_API_KEY_NAME.p8" - name: Build run: | chmod +x compile_macosx.sh - ./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_ID }} ${{ secrets.APPLE_PASSWORD }} + ./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }} - name: Clean up keychain if: ${{ always() }} run: | diff --git a/compile_macosx.sh b/compile_macosx.sh index 90e3894..540bc65 100755 --- a/compile_macosx.sh +++ b/compile_macosx.sh @@ -2,7 +2,7 @@ if [ $# -lt 2 ] || [ $# -eq 3 ] then - echo "Usage: ./compile_macosx.sh [ ] [ ]" + echo "Usage: ./compile_macosx.sh [ ] [ ]" echo "" echo "architecture: the target architecture to build for. Architectures are either amd64 or arm64." echo "buildType: either Release or Debug" @@ -10,8 +10,8 @@ if [ $# -lt 2 ] || [ $# -eq 3 ] echo "gitref: the git commit id to pull" echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\"" echo "teamname: the apple team name. 10-digit id yyy from the cert name." - echo "appleid: your apple developer id" - echo "applepwd: your apple developer id password" + echo "applekeyid: your apple api key id" + echo "applekeyissuer: uuid of your apple api key issuer" exit 1 fi diff --git a/macosx_codesign.sh b/macosx_codesign.sh index a03e6cb..c5a7f53 100755 --- a/macosx_codesign.sh +++ b/macosx_codesign.sh @@ -2,13 +2,13 @@ if [ $# -lt 5 ] then - echo "Usage: ./macosx_codesign.sh " + echo "Usage: ./macosx_codesign.sh " echo "" echo "path: the absolute(!) target path" echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\"" echo "teamname: the apple team name. 10-digit id yyy from the cert name." - echo "appleid: your apple developer id" - echo "applepwd: your apple developer id password" + echo "applekeyid: your apple api key id" + echo "applekeyissuer: uuid of your apple api key issuer" exit 1 fi @@ -28,6 +28,7 @@ chmod +x macosx_notarize.sh echo "Signing helpers..." codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app" bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app" $2 $3 org.jcef.jcef.helper $4 $5 +exit 1 codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app" bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app" $2 $3 org.jcef.jcef.helper.gpu $4 $5 codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Plugin).app" diff --git a/macosx_notarize.sh b/macosx_notarize.sh index 7ad94d9..23291e1 100755 --- a/macosx_notarize.sh +++ b/macosx_notarize.sh @@ -5,14 +5,14 @@ if [ $# -lt 6 ] then - echo "Usage: ./macosx_notarize.sh " + echo "Usage: ./macosx_notarize.sh " echo "" echo "path: the absolute(!) target path" echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\"" echo "teamname: the apple team name. 10-digit id yyy from the cert name." echo "bundleid: the bundle id of the artifact" - echo "appleid: your apple developer id" - echo "applepwd: your apple developer id password" + echo "applekeyid: your apple api key id" + echo "applekeyissuer: uuid of your apple api key issuer" exit 1 fi @@ -29,9 +29,10 @@ zip -r "$APP_NAME.zip" "$APP_NAME" echo "Uploading $ZIP_PATH for notarization" xcrun altool --notarize-app \ + --type macos \ --primary-bundle-id "$4" \ - --username "$5" \ - --password "$6" \ + --apiKey "$5" \ + --apiIssuer "$6" \ --asc-provider "$3" \ --file "$1.zip" @@ -48,16 +49,16 @@ while [[ "$request_status" == "in progress" ]]; do echo -n "waiting... " sleep 10 request_status=$(xcrun altool --notarization-info "$requestUUID" \ - --username "$5" \ - --password "$6" 2>&1 \ + --apiKey "$5" \ + --apiIssuer "$6" 2>&1 \ | awk -F ': ' '/Status:/ { print $2; }' ) echo "$request_status" done # print status information xcrun altool --notarization-info "$requestUUID" \ - --username "$5" \ - --password "$6" + --apiKey "$5" \ + --apiIssuer "$6" echo if [[ $request_status != "success" ]]; then