From 10561766243e82f90a1144b843e744dc5f5bd7f1 Mon Sep 17 00:00:00 2001 From: perf3ct Date: Wed, 26 Feb 2025 18:51:14 +0000 Subject: [PATCH] we have to pass the secret values to the composite github actions --- .github/actions/build-electron/action.yml | 14 +++++++------- .github/workflows/main.yml | 4 ++++ .github/workflows/nightly.yml | 10 +++++++++- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml index f40535d38..dca9bc3b8 100644 --- a/.github/actions/build-electron/action.yml +++ b/.github/actions/build-electron/action.yml @@ -20,8 +20,8 @@ runs: if: inputs.os == 'macos' uses: apple-actions/import-codesign-certs@v2 with: - p12-file-base64: ${{ secrets.APPLE_APP_CERTIFICATE_BASE64 }} - p12-password: ${{ secrets.APPLE_APP_CERTIFICATE_PASSWORD }} + p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} + p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} keychain: build keychain-password: ${{ github.run_id }} @@ -29,8 +29,8 @@ runs: if: inputs.os == 'macos' uses: apple-actions/import-codesign-certs@v2 with: - p12-file-base64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }} - p12-password: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} + p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} + p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} keychain: build keychain-password: ${{ github.run_id }} # We don't need to create a keychain here because we're using the build keychain that was created in the previous step @@ -74,9 +74,9 @@ runs: shell: bash env: # Pass through required environment variables for signing and notarization - APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - APPLE_ID: ${{ secrets.APPLE_ID }} - APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} + APPLE_ID: ${{ env.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }} run: | # Map OS names to Electron Forge platform names if [ "${{ inputs.os }}" = "macos" ]; then diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 704dc4be5..1acdf4709 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -44,6 +44,10 @@ jobs: arch: ${{ matrix.arch }} extension: ${{ matrix.os.extension }} env: + APPLE_APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_CERTIFICATE_BASE64 }} + APPLE_APP_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APP_CERTIFICATE_PASSWORD }} + APPLE_INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }} + APPLE_INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index c339fd37d..1a7437423 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -2,7 +2,7 @@ name: Nightly Release on: # This can be used to automatically publish nightlies at UTC nighttime schedule: - - cron: '0 2 * * *' # run at 2 AM UTC + - cron: "0 2 * * *" # run at 2 AM UTC # This can be used to allow manually triggering nightlies from the web interface workflow_dispatch: env: @@ -45,6 +45,14 @@ jobs: os: ${{ matrix.os.name }} arch: ${{ matrix.arch }} extension: ${{ join(matrix.os.extension, ' ') }} + env: + APPLE_APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_CERTIFICATE_BASE64 }} + APPLE_APP_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APP_CERTIFICATE_PASSWORD }} + APPLE_INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }} + APPLE_INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - name: Publish release uses: softprops/action-gh-release@v2