@@ -20,10 +20,13 @@ jobs:
2020 config :
2121 - os : windows-2016
2222 - os : ubuntu-latest
23- - os : turin-macmini # self-hosted macOS
23+ - os : macos-latest
2424 # - os: rsora-rpi-arm # self-hosted armhf
2525 runs-on : ${{ matrix.config.os }}
2626 timeout-minutes : 30
27+ env :
28+ CERTIFICATE_PATH : /tmp/macos_signing_certificate.p12
29+
2730 steps :
2831 - name : Checkout
2932 uses : actions/checkout@v2
@@ -39,12 +42,12 @@ jobs:
3942 with :
4043 python-version : ' 2.7'
4144
42- - name : Update Keychain [macOS]
45+ - name : Generate signing certificate file [macOS]
4346 if : runner.OS == 'macOS'
4447 run : |
45- echo "${{ secrets.KEYCHAIN }}" | base64 --decode > ~/Library/Keychains/apple-developer.keychain-db
46- security list-keychains -s ~/Library/Keychains/apple- developer.keychain-db
47- security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" ~/Library/Keychains/apple-developer.keychain-db
48+ # APPLE_SIGNING_CERTIFICATE_P12 secret was produced by following the procedure from:
49+ # https://www.kencochrane.com/2020/08/01/build-and-sign-golang-binaries-for-macos-with-github-actions/#exporting-the- developer-certificate
50+ echo "${{ secrets.APPLE_SIGNING_CERTIFICATE_P12 }}" | base64 --decode > "${{ env.CERTIFICATE_PATH }}"
4851
4952name : Package
5053 shell : bash
5861 IS_NIGHTLY : ${{ github.event_name == 'schedule' }}
5962 IS_RELEASE : ${{ startsWith(github.ref, 'refs/tags/') }}
6063 run : |
64+ # electron-builder will try to sign during the Windows job if these environment variables are defined
65+ if [ "${{ runner.OS }}" = "macOS" ]; then
66+ # See: https://www.electron.build/code-signing
67+ export CSC_LINK="${{ env.CERTIFICATE_PATH }}"
68+ export CSC_KEY_PASSWORD="${{ secrets.KEYCHAIN_PASSWORD }}"
69+ fi
6170 yarn --cwd ./electron/packager/
6271 yarn --cwd ./electron/packager/ package
6372
0 commit comments