1717 env :
1818 LAZBUILD_WITH_PATH : /Applications/Lazarus/lazbuild
1919 RELEASE_ZIP_FILE : trackereditor_macOS_amd64.zip
20+ MACOS_APP : enduser/trackereditor.app
2021 LAZ_OPT : --widgetset=cocoa
22+ BUILD_WITH_CERTIFICATE : ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
2123
2224 steps :
2325 - uses : actions/checkout@v4
6769shell : bash
6870
6971 - name : Codesign macOS app bundle
72+ if : ${{ env.BUILD_WITH_CERTIFICATE != '' }}
7073 # This macOS Codesign step is copied from:
7174 # https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/
7275 # This is a bit different from the previous version for Travis-CI build system to build bittorrent tracker editor
7578 MACOS_CERTIFICATE_PWD : ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
7679 MACOS_CERTIFICATE_NAME : ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
7780 MACOS_CI_KEYCHAIN_PWD : ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
78- MACOS_APP : enduser/trackereditor.app
7981 run : |
8082 # Turn our base64-encoded certificate back to a regular .p12 file
8183 echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
@@ -91,19 +93,19 @@ jobs:
9193 security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
9294
9395 # We finally codesign our app bundle, specifying the Hardened runtime option.
94- #/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime "$MACOS_APP" -v
96+ #/usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime "${{ env. MACOS_APP }} " -v
9597
9698 # sign the app. -sign is the developer cetificate ID
9799 # Must use --deep to sign all internal content
98- /usr/bin/codesign --timestamp --force --options runtime --deep --sign "$MACOS_CERTIFICATE_NAME" "$MACOS_APP"
100+ /usr/bin/codesign --timestamp --force --options runtime --deep --sign "$MACOS_CERTIFICATE_NAME" "${{ env. MACOS_APP }} "
99101shell : bash
100102
101103 - name : Notarize macOS app bundle
104+ if : ${{ env.BUILD_WITH_CERTIFICATE != '' }}
102105 env :
103106 PROD_MACOS_NOTARIZATION_APPLE_ID : ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
104107 PROD_MACOS_NOTARIZATION_TEAM_ID : ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
105108 PROD_MACOS_NOTARIZATION_PWD : ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
106- MACOS_APP : enduser/trackereditor.app
107109 run : |
108110 # Store the notarization credentials so that we can prevent a UI password dialog
109111 # from blocking the CI
@@ -116,7 +118,7 @@ jobs:
116118 # notarization service
117119
118120 echo "Creating temp notarization archive"
119- ditto -c -k --keepParent "$MACOS_APP" "notarization.zip"
121+ ditto -c -k --keepParent "${{ env. MACOS_APP }} " "notarization.zip"
120122
121123 # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
122124 # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
@@ -129,14 +131,13 @@ jobs:
129131 # Finally, we need to "attach the staple" to our executable, which will allow our app to be
130132 # validated by macOS even when an internet connection is not available.
131133 echo "Attach staple"
132- xcrun stapler staple "$MACOS_APP"
133-
134- # Remove notarization.zip, otherwise it will also be 'released' to the end user
135- rm -f "notarization.zip"
134+ xcrun stapler staple "${{ env.MACOS_APP }}"
135+ shell : bash
136136
137- # zip only the app folder.
137+ - name : Zip only the app folder.
138+ run : |
138139 echo "Zip macOS app file"
139- /usr/bin/ditto -c -k --keepParent "$MACOS_APP" "${{ env.RELEASE_ZIP_FILE }}"
140+ /usr/bin/ditto -c -k --keepParent "${{ env. MACOS_APP }} " "${{ env.RELEASE_ZIP_FILE }}"
140141shell : bash
141142
142143 - name : Upload Artifact
0 commit comments