Merge pull request #1292 from TriliumNext/bugfix/macos-fix2

Pass the required `APPLE` secrets to the `build-electron` action
2025-10-31 13:01:31 +08:00 · 2025-02-26 21:01:29 +02:00 · 2025-02-26 21:01:29 +02:00 · 47f84fe4b4
commit 47f84fe4b4
parent 6fcd229b52 1056176624
2 changed files with 13 additions and 31 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -33,36 +33,6 @@ jobs:
    runs-on: ${{ matrix.os.image }}
    steps:
      - uses: actions/checkout@v4
-
-      # Set up certificates and keychain for macOS
-      - name: Install Apple Certificates
-        if: matrix.os.name == 'macos'
-        env:
-          APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_CERTIFICATE_BASE64 }}
-          APP_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APP_CERTIFICATE_PASSWORD }}
-          INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }}
-          INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}
-          KEYCHAIN_PASSWORD: ${{ github.run_id }}
-        run: |
-          # Create keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security default-keychain -s build.keychain
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security set-keychain-settings -t 3600 -u build.keychain
-
-          # Import application certificate
-          echo "$APP_CERTIFICATE_BASE64" | base64 --decode > application.p12
-          security import application.p12 -k build.keychain -P "$APP_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
-          rm application.p12
-
-          # Import installer certificate
-          echo "$INSTALLER_CERTIFICATE_BASE64" | base64 --decode > installer.p12
-          security import installer.p12 -k build.keychain -P "$INSTALLER_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
-          rm installer.p12
-
-          # Update keychain settings
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
-
      - name: Set up node & dependencies
        uses: actions/setup-node@v4
        with:
@ -74,6 +44,10 @@ jobs:
          arch: ${{ matrix.arch }}
          extension: ${{ matrix.os.extension }}
        env:
+          APPLE_APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_CERTIFICATE_BASE64 }}
+          APPLE_APP_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APP_CERTIFICATE_PASSWORD }}
+          APPLE_INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }}
+          APPLE_INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@ -2,7 +2,7 @@ name: Nightly Release
 on:
  # This can be used to automatically publish nightlies at UTC nighttime
  schedule:
-    - cron: '0 2 * * *' # run at 2 AM UTC
+    - cron: "0 2 * * *" # run at 2 AM UTC
  # This can be used to allow manually triggering nightlies from the web interface
  workflow_dispatch:
 env:
@ -45,6 +45,14 @@ jobs:
          os: ${{ matrix.os.name }}
          arch: ${{ matrix.arch }}
          extension: ${{ join(matrix.os.extension, ' ') }}
+        env:
+          APPLE_APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_CERTIFICATE_BASE64 }}
+          APPLE_APP_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APP_CERTIFICATE_PASSWORD }}
+          APPLE_INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }}
+          APPLE_INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}

      - name: Publish release
        uses: softprops/action-gh-release@v2