From b4da757c599c4bedd345879bfdcd36026e365abc Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sun, 14 Jul 2024 20:53:12 -0300
Subject: [PATCH] ci: sign & notarize macos binaries (#537)

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 .github/workflows/goreleaser.yml | 8 ++++++--
 .github/workflows/nightly.yml    | 5 +++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index 3ee859531..171861cd2 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: goreleaser
 
 on:
@@ -20,5 +21,8 @@ jobs:
       fury_token: ${{ secrets.FURY_TOKEN }}
       nfpm_gpg_key: ${{ secrets.NFPM_GPG_KEY }}
       nfpm_passphrase: ${{ secrets.NFPM_PASSPHRASE }}
-
-# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+      macos_sign_p12: ${{ secrets.MACOS_SIGN_P12 }}
+      macos_sign_password: ${{ secrets.MACOS_SIGN_PASSWORD }}
+      macos_notary_issuer_id: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
+      macos_notary_key_id: ${{ secrets.MACOS_NOTARY_KEY_ID }}
+      macos_notary_key: ${{ secrets.MACOS_NOTARY_KEY }}
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 28f61f76a..d86e6abd7 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -12,3 +12,8 @@ jobs:
       docker_username: ${{ secrets.DOCKERHUB_USERNAME }}
       docker_token: ${{ secrets.DOCKERHUB_TOKEN }}
       goreleaser_key: ${{ secrets.GORELEASER_KEY }}
+      macos_sign_p12: ${{ secrets.MACOS_SIGN_P12 }}
+      macos_sign_password: ${{ secrets.MACOS_SIGN_PASSWORD }}
+      macos_notary_issuer_id: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
+      macos_notary_key_id: ${{ secrets.MACOS_NOTARY_KEY_ID }}
+      macos_notary_key: ${{ secrets.MACOS_NOTARY_KEY }}