diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6cc14b3e..6af2b570 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -137,6 +137,14 @@ jobs: echo "VERSION=$(cat build/version.txt)" >> $GITHUB_ENV cpack --config build/CPackConfig.cmake -B build/installer --verbose mv build/installer/*.dmg build/Release + - name: Notarize + if: github.ref_name == 'main' + run: | + misc/ci-macos-notarize.sh build/Release/*.dmg + env: + APPLE_NOTARIZATION_USERNAME: ${{ secrets.APPLE_NOTARIZATION_USERNAME }} + APPLE_NOTARIZATION_PASSWORD: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - name: Upload uses: actions/upload-artifact@v4 with: diff --git a/misc/ci-macos-notarize.sh b/misc/ci-macos-notarize.sh new file mode 100755 index 00000000..e3deb766 --- /dev/null +++ b/misc/ci-macos-notarize.sh @@ -0,0 +1,44 @@ +#!/bin/sh + +set -e + +if [ -z "${APPLE_NOTARIZATION_USERNAME}" ] +then + echo "No notarization credentials supplied, skipping..." + exit 0 +fi + +echo "Creating NotarizationProfile..." +xcrun notarytool store-credentials --apple-id "${APPLE_NOTARIZATION_USERNAME}" \ + --password "${APPLE_NOTARIZATION_PASSWORD}" \ + --team-id "${APPLE_TEAM_ID}" "NotarizationProfile" + +if [ "$#" -eq 0 ] +then + echo "Error: Please provide one or more .dmg files" + exit 1 +fi + +for FILE in "$@"; do + case ${FILE} in + *.dmg) + if [ ! -f "${FILE}" ] + then + echo "Error: '${FILE}' does not exist or is not a regular file" + exit 1 + fi + + echo "Submitting notarization request..." + xcrun notarytool submit "${FILE}" \ + --keychain-profile "NotarizationProfile" --wait + + echo "Stapling..." + xcrun stapler staple "${FILE}" + ;; + + *) + echo "Error: '${FILE}' does not have a .dmg extension" + exit 1 + ;; + esac +done