build: Switch to Apple's new notarization tool

Implements ptarmiganlabs#235
mountaindude · Jun 19, 2023 · 39008fb · 39008fb
1 parent e787589
commit 39008fb
Showing 1 changed file with 3 additions and 45 deletions.
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -186,45 +186,11 @@ jobs:
         run: |
           chmod +x ${{ env.DIST_DIR }}/${DIST_FILE_NAME}
 
-      # Needed for GitHub hosted runner
-      # For self-hosted runner the cert must either be installed manually, or the code below run once and then disabled.
-      # - name: Import Code-Signing Certificates
-      #   uses: Apple-Actions/import-codesign-certs@v1
-      #   with:
-      #     # The certificates in a PKCS12 file encoded as a base64 string
-      #     p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
-      #     # The password used to import the PKCS12 file.
-      #     p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
-
-      # - name: Install gon via HomeBrew for code signing and app notarization
-      #   run: |
-      #     brew tap mitchellh/gon
-      #     brew install mitchellh/gon/gon
-
       - name: Debug
         run: |
           ls -la
           ls -la ./${{ env.DIST_DIR }}
 
-      # - name: Sign the mac binaries with Gon
-      #   env:
-      #     AC_USERNAME: ${{ secrets.AC_USERNAME }}
-      #     AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
-      #   run: |
-      #     pwd
-      #     ls -la
-      #     gon ./release-config/gon.json
-
-      # - name: Import certificates
-      #   uses: apple-actions/import-codesign-certs@v1
-      #   with:
-      #     p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP_CERT_BASE64 }}
-      #     p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASSWORD }}
-
-
-
-
-
       # Remove build keychains if it exists. 
       - name: Remove build keychain
         continue-on-error: true
@@ -286,23 +252,15 @@ jobs:
           # notarization service
 
           echo "Creating temp notarization archive"
-          ditto -c -k --keepParent "./${DIST_FILE_NAME}" "./${DIST_FILE_NAME}-${{ needs.release-please.outputs.release_tag_name }}-macos.zip"
+          ditto -c -k --keepParent "./${DIST_FILE_NAME}" "./${{ needs.release-please.outputs.release_tag_name }}-macos.zip"
 
           # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
           # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
           # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
           # you're curious
 
           echo "Notarize app"
-          xcrun notarytool submit "./${DIST_FILE_NAME}-${{ needs.release-please.outputs.release_tag_name }}-macos.zip" --keychain-profile "notarytool-profile" --wait
-
-
-      # - name: Change name of zip file
-      #   run: |
-      #     pwd
-      #     ls -la
-      #     ls -la ./${{ env.DIST_DIR }}
-      #     mv ./${{ env.DIST_FILE_NAME }}-macos.zip ./${{ needs.release-please.outputs.release_tag_name }}-macos.zip
+          xcrun notarytool submit "./${{ needs.release-please.outputs.release_tag_name }}-macos.zip" --keychain-profile "notarytool-profile" --wait
 
       - name: Upload to existing release
         uses: ncipollo/release-action@v1
@@ -314,7 +272,7 @@ jobs:
           # artifactContentType: application/zip
           draft: true
           tag: ${{ needs.release-please.outputs.release_tag_name }}
-          artifacts: ./${DIST_FILE_NAME}-${{ needs.release-please.outputs.release_tag_name }}-macos.zip
+          artifacts: ./${{ needs.release-please.outputs.release_tag_name }}-macos.zip
           token: ${{ github.token }}
 
       - name: Tidy up before existing