diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 84c02969d..7356ea11f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,7 @@ env: INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" AC_USERNAME: ${{ secrets.AC_USERNAME }} # used by gon AC_PASSWORD: ${{ secrets.AC_PASSWORD }} # used by gon + AC_PROVIDER: ${{ secrets.AC_PROVIDER }} # used by gon # See: https://github.com/actions/setup-go/tree/v3#readme GO_VERSION: "1.20" @@ -261,7 +262,7 @@ jobs: -k "${{ env.KEYCHAIN_PASSWORD }}" \ "${{ env.KEYCHAIN }}" - - name: Install gon for code signing and app notarization + - name: Install gon for code signing uses: actions/checkout@v4 with: repository: darkvertex/gon #this fork has support for --deep notarization @@ -288,15 +289,40 @@ jobs: deep = true } - # Ask Gon for zip output to force notarization process to take place. - # The CI will upload the zip output + EOF + + - name: Sign binary + run: gon -log-level=debug -log-json "${{ env.GON_CONFIG_PATH }}" + + - name: Remove gon used for code signing + run: | + rm /usr/local/bin/gon + rm ${{ env.GON_CONFIG_PATH }} + + - name: Install gon for app notarization + run: | + wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip + unzip gon_macos.zip -d /usr/local/bin + + - name: Write gon config to file + run: | + cat > "${{ env.GON_CONFIG_PATH }}" <