DISTRHO
/
DPF
mirror of https://github.com/DISTRHO/DPF
1
0
Fork 0
Code Releases 0 Activity
Browse Source

macOS signing and notarization (#516) 

* Allow to pass p12 certificates to CI for macOS signing

* test passing secrets to CI job

* fix html file location for web-meters example

* push all builds for notarization
pull/517/head
Filipe Coelho GitHub 1 week ago
parent
d38701abff
commit
5b32b1cac4
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
4 changed files with 48 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +14
    -0
      .github/workflows/cmake.yml
  2. +14
    -0
      .github/workflows/example-plugins.yml
  3. +6
    -2
      examples/WebMeters/Makefile
  4. +14
    -0
      utils/package-osx-bundles.sh

+ 14
- 0
.github/workflows/cmake.yml View File

@@ -49,6 +49,13 @@ jobs:
with:
submodules: recursive
- uses: distrho/dpf-cmake-action@v1
env:
MACOS_APP_CERTIFICATE: ${{ secrets.MACOS_APP_CERTIFICATE }}
MACOS_INSTALLER_CERTIFICATE: ${{ secrets.MACOS_INSTALLER_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
MACOS_NOTARIZATION_USER: ${{ secrets.MACOS_NOTARIZATION_USER }}
MACOS_NOTARIZATION_PASS: ${{ secrets.MACOS_NOTARIZATION_PASS }}
MACOS_NOTARIZATION_TEAM: ${{ secrets.MACOS_NOTARIZATION_TEAM }}
with:
dpf_path: .
suffix: _14
@@ -64,6 +71,13 @@ jobs:
with:
submodules: recursive
- uses: distrho/dpf-cmake-action@v1
env:
MACOS_APP_CERTIFICATE: ${{ secrets.MACOS_APP_CERTIFICATE }}
MACOS_INSTALLER_CERTIFICATE: ${{ secrets.MACOS_INSTALLER_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
MACOS_NOTARIZATION_USER: ${{ secrets.MACOS_NOTARIZATION_USER }}
MACOS_NOTARIZATION_PASS: ${{ secrets.MACOS_NOTARIZATION_PASS }}
MACOS_NOTARIZATION_TEAM: ${{ secrets.MACOS_NOTARIZATION_TEAM }}
with:
dpf_path: .
suffix: _15


+ 14
- 0
.github/workflows/example-plugins.yml View File

@@ -49,6 +49,13 @@ jobs:
with:
submodules: recursive
- uses: distrho/dpf-makefile-action@v1
env:
MACOS_APP_CERTIFICATE: ${{ secrets.MACOS_APP_CERTIFICATE }}
MACOS_INSTALLER_CERTIFICATE: ${{ secrets.MACOS_INSTALLER_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
MACOS_NOTARIZATION_USER: ${{ secrets.MACOS_NOTARIZATION_USER }}
MACOS_NOTARIZATION_PASS: ${{ secrets.MACOS_NOTARIZATION_PASS }}
MACOS_NOTARIZATION_TEAM: ${{ secrets.MACOS_NOTARIZATION_TEAM }}
with:
dpf_path: .
suffix: _14
@@ -64,6 +71,13 @@ jobs:
with:
submodules: recursive
- uses: distrho/dpf-makefile-action@v1
env:
MACOS_APP_CERTIFICATE: ${{ secrets.MACOS_APP_CERTIFICATE }}
MACOS_INSTALLER_CERTIFICATE: ${{ secrets.MACOS_INSTALLER_CERTIFICATE }}
MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
MACOS_NOTARIZATION_USER: ${{ secrets.MACOS_NOTARIZATION_USER }}
MACOS_NOTARIZATION_PASS: ${{ secrets.MACOS_NOTARIZATION_PASS }}
MACOS_NOTARIZATION_TEAM: ${{ secrets.MACOS_NOTARIZATION_TEAM }}
with:
dpf_path: .
suffix: _15


+ 6
- 2
examples/WebMeters/Makefile View File

@@ -43,13 +43,17 @@ TARGETS += clap
TARGETS += au

ifeq ($(MACOS_APP_BUNDLE),true)
aufiles += $(TARGET_DIR)/$(NAME).component/Contents/Resources/index.html
clapfiles += $(TARGET_DIR)/$(NAME).clap/Contents/Resources/index.html
jackfiles += $(TARGET_DIR)/$(NAME).app/Contents/Resources/index.html
vst2files += $(TARGET_DIR)/$(NAME).vst/Contents/Resources/index.html
else
clapfiles += $(TARGET_DIR)/$(NAME).clap/resources/index.html
jackfiles += $(TARGET_DIR)/resources/index.html
lv2files += $(TARGET_DIR)/$(NAME).lv2/resources/index.html
vst2files += $(TARGET_DIR)/$(NAME).vst/resources/index.html
endif

clapfiles += $(TARGET_DIR)/$(NAME).clap/resources/index.html
vst2files += $(TARGET_DIR)/$(NAME).vst/resources/index.html
vst3files += $(TARGET_DIR)/$(NAME).vst3/Contents/Resources/index.html

all: $(TARGETS) $(jackfiles) $(clapfiles) $(vst2files) $(vst3files)


+ 14
- 0
utils/package-osx-bundles.sh View File

@@ -20,6 +20,20 @@ else
exit
fi

if [ -n "${MACOS_APP_CERTIFICATE}" ] && [ -n "${MACOS_INSTALLER_CERTIFICATE}" ] && [ -n "${MACOS_CERTIFICATE_PASSWORD}" ]; then
security create-keychain -p "" $(pwd)/keychain.db
security unlock-keychain -p "" $(pwd)/keychain.db
echo -n "${MACOS_APP_CERTIFICATE}" | base64 --decode -o cert.p12
security import cert.p12 -P "${MACOS_CERTIFICATE_PASSWORD}" -A -t cert -f pkcs12 -k $(pwd)/keychain.db
echo -n "${MACOS_INSTALLER_CERTIFICATE}" | base64 --decode -o cert.p12
security import cert.p12 -P "${MACOS_CERTIFICATE_PASSWORD}" -A -t cert -f pkcs12 -k $(pwd)/keychain.db
rm cert.p12
# security set-key-partition-list -S apple-tool:,apple: -k "" $(pwd)/keychain.db
security list-keychain -d user -s $(pwd)/keychain.db
export MACOS_APP_DEV_ID="$(security find-identity -v $(pwd)/keychain.db | grep 'Developer ID Application:' | head -n 1 | cut -d' ' -f 5-99 | sed 's/\"//g')"
export MACOS_INSTALLER_DEV_ID="$(security find-identity -v $(pwd)/keychain.db | grep 'Developer ID Installer:' | head -n 1 | cut -d' ' -f 5-99 | sed 's/\"//g')"
fi

# can be overridden by environment variables
MACOS_PKG_LICENSE_FILE=${MACOS_PKG_LICENSE_FILE:=""}
MACOS_PKG_NAME=${MACOS_PKG_NAME:="$(basename $(git rev-parse --show-toplevel))"}


Write Preview
Loading…
Cancel
Save