From 06fc10e632613fabe617cebcb8c6fcfe6f91d66b Mon Sep 17 00:00:00 2001 From: Umberto Baldi Date: Mon, 6 Nov 2023 13:22:34 +0100 Subject: [PATCH] switch to gon fork, apple is deprecating altool to notarize. I split the singing/notarization because Bearer fork does not implement `--deep` for signing --- .github/workflows/release.yml | 48 +++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 84c02969d..cd49eea23 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,7 @@ env: INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" AC_USERNAME: ${{ secrets.AC_USERNAME }} # used by gon AC_PASSWORD: ${{ secrets.AC_PASSWORD }} # used by gon + AC_PROVIDER: ${{ secrets.AC_PROVIDER }} # used by gon # See: https://github.com/actions/setup-go/tree/v3#readme GO_VERSION: "1.20" @@ -261,7 +262,7 @@ jobs: -k "${{ env.KEYCHAIN_PASSWORD }}" \ "${{ env.KEYCHAIN }}" - - name: Install gon for code signing and app notarization + - name: Install gon for code signing uses: actions/checkout@v4 with: repository: darkvertex/gon #this fork has support for --deep notarization @@ -288,16 +289,41 @@ jobs: deep = true } - # Ask Gon for zip output to force notarization process to take place. - # The CI will upload the zip output - zip { - output_path = "ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip" - } EOF - - name: Sign and notarize binary + - name: Sign app bundle run: gon -log-level=debug -log-json "${{ env.GON_CONFIG_PATH }}" + - name: Zip output app bundle + run: zip ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip ArduinoCreateAgent.app + + - name: Remove gon used for code signing + run: | + rm /usr/local/bin/gon + rm ${{ env.GON_CONFIG_PATH }} + + - name: Install gon for app notarization + run: | + wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip + unzip gon_macos.zip -d /usr/local/bin + + - name: Write gon config to file + run: | + cat > "${{ env.GON_CONFIG_PATH }}" <