Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-27 18:12:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

let's see if we can contain the signing explosion to just build-electron

Browse Source
This commit is contained in:
perf3ct 2025-02-26 18:33:57 +00:00
parent 6fcd229b52
commit 634b57ce5d
No known key found for this signature in database
GPG Key ID: 569C4EEC436F5232
2 changed files with 7 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/actions/build-electron/action.yml vendored
View File

@ -20,8 +20,8 @@ runs:
if: inputs.os == 'macos' if: inputs.os == 'macos'
uses: apple-actions/import-codesign-certs@v2 uses: apple-actions/import-codesign-certs@v2
with: with:
p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} p12-file-base64: ${{ secrets.APPLE_APP_CERTIFICATE_BASE64 }}
p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} p12-password: ${{ secrets.APPLE_APP_CERTIFICATE_PASSWORD }}
keychain: build keychain: build
keychain-password: ${{ github.run_id }} keychain-password: ${{ github.run_id }}
@ -29,8 +29,8 @@ runs:
if: inputs.os == 'macos' if: inputs.os == 'macos'
uses: apple-actions/import-codesign-certs@v2 uses: apple-actions/import-codesign-certs@v2
with: with:
p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} p12-file-base64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }}
p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} p12-password: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}
keychain: build keychain: build
keychain-password: ${{ github.run_id }} keychain-password: ${{ github.run_id }}
# We don't need to create a keychain here because we're using the build keychain that was created in the previous step # We don't need to create a keychain here because we're using the build keychain that was created in the previous step
@ -74,9 +74,9 @@ runs:
shell: bash shell: bash
env: env:
# Pass through required environment variables for signing and notarization # Pass through required environment variables for signing and notarization
APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_ID: ${{ env.APPLE_ID }} APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }} APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: | run: |
# Map OS names to Electron Forge platform names # Map OS names to Electron Forge platform names
if [ "${{ inputs.os }}" = "macos" ]; then if [ "${{ inputs.os }}" = "macos" ]; then

30
.github/workflows/main.yml vendored
View File

@ -33,36 +33,6 @@ jobs:
runs-on: ${{ matrix.os.image }} runs-on: ${{ matrix.os.image }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
# Set up certificates and keychain for macOS
- name: Install Apple Certificates
if: matrix.os.name == 'macos'
env:
APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_CERTIFICATE_BASE64 }}
APP_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APP_CERTIFICATE_PASSWORD }}
INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }}
INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ github.run_id }}
run: |
# Create keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security set-keychain-settings -t 3600 -u build.keychain
# Import application certificate
echo "$APP_CERTIFICATE_BASE64" | base64 --decode > application.p12
security import application.p12 -k build.keychain -P "$APP_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
rm application.p12
# Import installer certificate
echo "$INSTALLER_CERTIFICATE_BASE64" | base64 --decode > installer.p12
security import installer.p12 -k build.keychain -P "$INSTALLER_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
rm installer.p12
# Update keychain settings
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
- name: Set up node & dependencies - name: Set up node & dependencies
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with: