Add signing & notrizing steps

percy · Aug 25, 2023 · 7746592 · 7746592
1 parent cac1ccc
commit 7746592
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,6 +10,10 @@ jobs:
         with:
           node-version: 14
       - run: ./scripts/build.sh
+        env:
+          P12_BASE64: ${{secrets.P12_BASE64}}
+          APPLE_ID_USERNAME: ${{secrets.APPLE_ID_USERNAME}}
+          APPLE_ID_KEY: ${{secrets.APPLE_ID_KEY}}
       - uses: actions/upload-artifact@v3
         with:
           name: macos executable

diff --git a/scripts/build.sh b/scripts/build.sh
@@ -68,3 +68,22 @@ mv run-win.exe percy-win.exe
 # cleanup
 rm -rf temp
 rm -rf build
+
+# Sign & Notrize mac app
+
+echo "$P12_BASE64" | base64 -d > AppleDevIDApp.p12
+
+security create-keychain -p percy percy.keychain
+security import AppleDevIDApp.p12 -t agg -k percy.keychain -P ChaiTime -A
+security list-keychains -s ~/Library/Keychains/percy.keychain
+security default-keychain -s ~/Library/Keychains/percy.keychain
+security unlock-keychain -p "percy" ~/Library/Keychains/percy.keychain
+security set-keychain-settings -t 3600 -l ~/Library/Keychains/percy.keychain
+security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k percy ~/Library/Keychains/percy.keychain-db
+
+codesign  --force --verbose=4 --deep -s "Developer ID Application: BrowserStack Inc (763K6K6H44)" --options runtime --keychain ~/Library/Keychains/percy.keychain percy-macos
+
+zip percy-macos.zip percy-macos
+
+cat notarize_config.json.tmpl | sed -e "s/{{APPLE_ID_USERNAME}}/$APPLE_ID_USERNAME/" | sed -e "s/{{APPLE_ID_KEY}}/$APPLE_ID_KEY/" > notarize_config.json
+gon -log-level=info -log-json notarize_config.json
diff --git a/scripts/notarize_config.json.tmpl b/scripts/notarize_config.json.tmpl
@@ -0,0 +1,10 @@
+{
+  "apple_id": {
+    "username" : "{{APPLE_ID_USERNAME}}",
+    "password":  "{{APPLE_ID_KEY}}"
+  },
+  "notarize" : [{
+    "path": "percy-macos.zip",
+    "bundle_id": "com.percy.io"
+  }]
+}