From 780107bc072b52e8d7cb1398b22a57335a2118dd Mon Sep 17 00:00:00 2001
From: Sergei Chestakov <me@sergei.com>
Date: Mon, 16 Oct 2023 13:42:09 -0400
Subject: [PATCH] Fix generating cert on M1 machines and sign apps in build
 workflow (#137)

* 1.0.4

* Sign apps with build workflow

* fix dir name

* Pass in identity

* More specific

* Pass in debug env

* Empty obj

* Test find-identity, skip everything else for now

* Reset package.json

* Actually generate the certs

* Remove excludes

* Remove debug
---
 .github/workflows/build.yml   | 22 +++++++++++++++++++++-
 .github/workflows/publish.yml |  2 +-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e28ac1f..0691d3c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -47,7 +47,7 @@ jobs:
               - package.json
               - tsconfig.json
               - forge.config.js
-              - .github/workflow/**
+              - .github/workflows/**
 
   make:
     name: Make (${{ matrix.os }} - ${{ matrix.arch }})
@@ -82,5 +82,25 @@ jobs:
           cache: pnpm
       - name: Install
         run: pnpm install
+      - name: Generate Windows code signing certificate 
+        if: matrix.os == 'windows-latest'
+        id: write_file
+        uses: timheuer/base64-to-file@v1.2
+        with:
+          fileName: 'windows-certificate.pfx'
+          encodedString: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE }}
+      - name: Generate MacOS code signing certificate
+        if: matrix.os == 'macOS-latest' || matrix.os == 'macOS-13-xlarge'
+        run: ./scripts/add-macos-cert.sh
+        env:
+          MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }}
+          MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }}
       - name: Make
         run: pnpm run make --arch=${{ matrix.arch }}
+        env:
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          WINDOWS_CERTIFICATE_FILE: ${{ steps.write_file.outputs.filePath }}
+          WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_PASSWORD }}
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index ead4920..bf21511 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -46,7 +46,7 @@ jobs:
           fileName: 'windows-certificate.pfx'
           encodedString: ${{ secrets.WINDOWS_CODESIGN_CERTIFICATE }}
       - name: Generate MacOS code signing certificate
-        if: matrix.os == 'macOS-latest'
+        if: matrix.os == 'macOS-latest' || matrix.os == 'macOS-13-xlarge'
         run: ./scripts/add-macos-cert.sh
         env:
           MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }}