ci: enable notarization for macOS builds

SiaFoundation · Mar 31, 2023 · 2b82f74 · 2b82f74
1 parent 2813d3d
commit 2b82f74
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 66 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -109,35 +109,35 @@ jobs:
           go-version: 'stable'
       - name: Build Version
         uses: ./.github/actions/version
-#      - name: Setup notarization
-#        env:
-#          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
-#          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
-#          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-#          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
-#          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
-#          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
-#          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
-#        run: |
-#          # extract apple cert
-#          APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
-#          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-#          echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH
-#
-#          # extract apple key
-#          mkdir -p ~/private_keys
-#          APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
-#          echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH
-#
-#          # create temp keychain
-#          security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-#          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-#          security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-#
-#          # import keychain
-#          security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-#          security list-keychain -d user -s $KEYCHAIN_PATH
-#          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH
+      - name: Setup notarization
+        env:
+          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
+          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
+          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
+          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
+          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
+          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+        run: |
+          # extract apple cert
+          APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH
+
+          # extract apple key
+          mkdir -p ~/private_keys
+          APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
+          echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH
+
+          # create temp keychain
+          security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import keychain
+          security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH
       - name: Build amd64
         env:
           CGO_ENABLED: 1
@@ -149,9 +149,9 @@ jobs:
           mkdir -p release
           go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd
           cp README.md LICENSE api/openapi.yml bin/
-          # codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
+          codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
           ditto -ck bin $ZIP_OUTPUT
-          # xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
+          xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
       - name: Build arm64
         env:
           CGO_ENABLED: 1
@@ -163,9 +163,9 @@ jobs:
           mkdir -p release
           go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd
           cp README.md LICENSE api/openapi.yml bin/
-          # codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
+          codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
           ditto -ck bin $ZIP_OUTPUT
-          # xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
+          xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
       - uses: actions/upload-artifact@v3
         with:
           name: hostd

diff --git a/.github/workflows/publish_testnet.yml b/.github/workflows/publish_testnet.yml
@@ -111,35 +111,35 @@ jobs:
           go-version: 'stable'
       - name: Build Version
         uses: ./.github/actions/version
-#      - name: Setup notarization
-#        env:
-#          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
-#          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
-#          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-#          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
-#          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
-#          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
-#          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
-#        run: |
-#          # extract apple cert
-#          APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
-#          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-#          echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH
-#
-#          # extract apple key
-#          mkdir -p ~/private_keys
-#          APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
-#          echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH
-#
-#          # create temp keychain
-#          security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-#          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-#          security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-#
-#          # import keychain
-#          security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-#          security list-keychain -d user -s $KEYCHAIN_PATH
-#          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH
+      - name: Setup notarization
+        env:
+          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
+          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
+          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
+          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
+          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
+          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+        run: |
+          # extract apple cert
+          APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH
+
+          # extract apple key
+          mkdir -p ~/private_keys
+          APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
+          echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH
+
+          # create temp keychain
+          security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import keychain
+          security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH
       - name: Build amd64
         env:
           CGO_ENABLED: 1
@@ -151,9 +151,9 @@ jobs:
           mkdir -p release
           go build -tags='testnet netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd
           cp README.md LICENSE api/openapi.yml bin/
-          # codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
+          codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
           ditto -ck bin $ZIP_OUTPUT
-          # xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
+          xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
       - name: Build arm64
         env:
           CGO_ENABLED: 1
@@ -165,9 +165,9 @@ jobs:
           mkdir -p release
           go build -tags='testnet netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd
           cp README.md LICENSE api/openapi.yml bin/
-          # codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
+          codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd
           ditto -ck bin $ZIP_OUTPUT
-          # xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
+          xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
       - uses: actions/upload-artifact@v3
         with:
           name: hostd