xinyin025/jcefbuild
1
0
Fork 0
mirror of https://github.com/jcefmaven/jcefbuild.git synced 2025-09-17 12:56:37 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Change to api key auth

Browse Source
This commit is contained in:
FriwiDev 2022-02-25 15:43:53 +01:00
parent 308708eb3e
commit ea551c30a7
4 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/build-macosx-amd64.yml vendored
View File

@ -27,6 +27,8 @@ jobs:
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }} BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }} P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY_NAME: ${{ secrets.APPLE_API_KEY_NAME }}
run: | run: |
# create variables # create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
@ -43,11 +45,15 @@ jobs:
# import certificate to keychain # import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH -T /usr/bin/codesign
security list-keychain -d user -s $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH
# import api key from secrets
mkdir ~/private_keys
echo -n "$APPLE_API_KEY_BASE64" | base64 --decode --output "~/private_keys/AuthKey_$APPLE_API_KEY_NAME.p8"
- -
name: Build name: Build
run: | run: |
chmod +x compile_macosx.sh chmod +x compile_macosx.sh
./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_ID }} ${{ secrets.APPLE_PASSWORD }} ./compile_macosx.sh amd64 Release ${{ github.event.inputs.repo }} ${{ github.event.inputs.ref }} "${{ secrets.APPLE_BUILD_CERTIFICATE_NAME }}" ${{ secrets.APPLE_TEAM_NAME }} ${{ secrets.APPLE_API_KEY_NAME }} ${{ secrets.APPLE_API_KEY_ISSUER }}
- name: Clean up keychain - name: Clean up keychain
if: ${{ always() }} if: ${{ always() }}
run: | run: |

6
compile_macosx.sh
View File

@ -2,7 +2,7 @@
if [ $# -lt 2 ] || [ $# -eq 3 ] if [ $# -lt 2 ] || [ $# -eq 3 ]
then then
echo "Usage: ./compile_macosx.sh <architecture> <buildType> [<gitrepo> <gitref>] [<certname> <teamname> <appleid> <applepwd>]" echo "Usage: ./compile_macosx.sh <architecture> <buildType> [<gitrepo> <gitref>] [<certname> <teamname> <applekeyid> <applekeyissuer>]"
echo "" echo ""
echo "architecture: the target architecture to build for. Architectures are either amd64 or arm64." echo "architecture: the target architecture to build for. Architectures are either amd64 or arm64."
echo "buildType: either Release or Debug" echo "buildType: either Release or Debug"
@ -10,8 +10,8 @@ if [ $# -lt 2 ] || [ $# -eq 3 ]
echo "gitref: the git commit id to pull" echo "gitref: the git commit id to pull"
echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\"" echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
echo "teamname: the apple team name. 10-digit id yyy from the cert name." echo "teamname: the apple team name. 10-digit id yyy from the cert name."
echo "appleid: your apple developer id" echo "applekeyid: your apple api key id"
echo "applepwd: your apple developer id password" echo "applekeyissuer: uuid of your apple api key issuer"
exit 1 exit 1
fi fi

7
macosx_codesign.sh
View File

@ -2,13 +2,13 @@
if [ $# -lt 5 ] if [ $# -lt 5 ]
then then
echo "Usage: ./macosx_codesign.sh <path> <certname> <teamname> <appleid> <applepwd>" echo "Usage: ./macosx_codesign.sh <path> <certname> <teamname> <applekeyid> <applekeyissuer>"
echo "" echo ""
echo "path: the absolute(!) target path" echo "path: the absolute(!) target path"
echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\"" echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
echo "teamname: the apple team name. 10-digit id yyy from the cert name." echo "teamname: the apple team name. 10-digit id yyy from the cert name."
echo "appleid: your apple developer id" echo "applekeyid: your apple api key id"
echo "applepwd: your apple developer id password" echo "applekeyissuer: uuid of your apple api key issuer"
exit 1 exit 1
fi fi
@ -28,6 +28,7 @@ chmod +x macosx_notarize.sh
echo "Signing helpers..." echo "Signing helpers..."
codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app" codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app"
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app" $2 $3 org.jcef.jcef.helper $4 $5 bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper.app" $2 $3 org.jcef.jcef.helper $4 $5
exit 1
codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app" codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app"
bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app" $2 $3 org.jcef.jcef.helper.gpu $4 $5 bash macosx_notarize.sh "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (GPU).app" $2 $3 org.jcef.jcef.helper.gpu $4 $5
codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Plugin).app" codesign --force --options runtime --entitlements "$ENTITLEMENTS_HELPER" --sign "$2" --timestamp --verbose "$APP_DIR/$APP_NAME/$FRAMEWORKS_DIR/jcef Helper (Plugin).app"

19
macosx_notarize.sh
View File

@ -5,14 +5,14 @@
if [ $# -lt 6 ] if [ $# -lt 6 ]
then then
echo "Usage: ./macosx_notarize.sh <path> <certname> <teamname> <bundleid> <appleid> <applepwd>" echo "Usage: ./macosx_notarize.sh <path> <certname> <teamname> <bundleid> <applekeyid> <applekeyissuer>"
echo "" echo ""
echo "path: the absolute(!) target path" echo "path: the absolute(!) target path"
echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\"" echo "certname: the apple signing certificate name. Something like \"Developer ID Application: xxx (yyy)\""
echo "teamname: the apple team name. 10-digit id yyy from the cert name." echo "teamname: the apple team name. 10-digit id yyy from the cert name."
echo "bundleid: the bundle id of the artifact" echo "bundleid: the bundle id of the artifact"
echo "appleid: your apple developer id" echo "applekeyid: your apple api key id"
echo "applepwd: your apple developer id password" echo "applekeyissuer: uuid of your apple api key issuer"
exit 1 exit 1
fi fi
@ -29,9 +29,10 @@ zip -r "$APP_NAME.zip" "$APP_NAME"
echo "Uploading $ZIP_PATH for notarization" echo "Uploading $ZIP_PATH for notarization"
xcrun altool --notarize-app \ xcrun altool --notarize-app \
--type macos \
--primary-bundle-id "$4" \ --primary-bundle-id "$4" \
--username "$5" \ --apiKey "$5" \
--password "$6" \ --apiIssuer "$6" \
--asc-provider "$3" \ --asc-provider "$3" \
--file "$1.zip" --file "$1.zip"
@ -48,16 +49,16 @@ while [[ "$request_status" == "in progress" ]]; do
echo -n "waiting... " echo -n "waiting... "
sleep 10 sleep 10
request_status=$(xcrun altool --notarization-info "$requestUUID" \ request_status=$(xcrun altool --notarization-info "$requestUUID" \
--username "$5" \ --apiKey "$5" \
--password "$6" 2>&1 \ --apiIssuer "$6" 2>&1 \
| awk -F ': ' '/Status:/ { print $2; }' ) | awk -F ': ' '/Status:/ { print $2; }' )
echo "$request_status" echo "$request_status"
done done
# print status information # print status information
xcrun altool --notarization-info "$requestUUID" \ xcrun altool --notarization-info "$requestUUID" \
--username "$5" \ --apiKey "$5" \
--password "$6" --apiIssuer "$6"
echo echo
if [[ $request_status != "success" ]]; then if [[ $request_status != "success" ]]; then