From 654be3f9f10ed40bdb20fd400f1a7e9f6712f3f4 Mon Sep 17 00:00:00 2001 From: Kondal Kolipaka Date: Tue, 3 Mar 2026 23:13:34 +0530 Subject: [PATCH] ci(macos): switch to release-sign action for code signing --- .github/workflows/ci.yml | 53 +++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 45e499231..0f762e888 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,7 +59,7 @@ jobs: runs-on: macos-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up JDK 21 uses: actions/setup-java@v4 @@ -106,35 +106,28 @@ jobs: path: releng/com.espressif.idf.product/target/products/Espressif-IDE-${{ env.VERSION }}-linux.gtk.aarch64.tar.gz - name: Codesign Espressif-IDE - env: - MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} - MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} - run: | - echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 - /usr/bin/security create-keychain -p espressif build.keychain - /usr/bin/security default-keychain -s build.keychain - /usr/bin/security unlock-keychain -p espressif build.keychain - /usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign - /usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain - - echo "codesigning espressif-ide-macosx.cocoa.x86_64" - /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app -v - /usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app - - echo "codesigning espressif-ide-macosx.cocoa.aarch64" - /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app -v - /usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app - - echo "Creating dmg for espressif-ide-macosx.cocoa.x86_64" - $PWD/releng/ide-dmg-builder/ide-dmg-builder.sh - /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg -v - /usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg - - echo "Creating dmg for espressif-ide-macosx.cocoa.aarch64" - $PWD/releng/ide-dmg-builder/ide-dmg-builder-aarch64.sh - /usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg -v - /usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg - + uses: espressif/release-sign@master + with: + path: releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa + macos-signing-identity: ${{ secrets.MACOS_CS_IDENTITY_ID }} + macos-certificate: ${{ secrets.MACOS_CS_CERTIFICATE }} + macos-certificate-pwd: ${{ secrets.MACOS_CS_CERTIFICATE_PWD }} + macos-entitlements: releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement + + - name: Create DMG for macOS x86_64 + run: $PWD/releng/ide-dmg-builder/ide-dmg-builder.sh + + - name: Create DMG for macOS aarch64 + run: $PWD/releng/ide-dmg-builder/ide-dmg-builder-aarch64.sh + + - name: Codesign Espressif-IDE + uses: espressif/release-sign@master + with: + path: releng/ide-dmg-builder + macos-signing-identity: ${{ secrets.MACOS_CS_IDENTITY_ID }} + macos-certificate: ${{ secrets.MACOS_CS_CERTIFICATE }} + macos-certificate-pwd: ${{ secrets.MACOS_CS_CERTIFICATE_PWD }} + - name: Upload espressif-ide-macosx.cocoa.x86_64 dmg if: ${{ !cancelled() }} uses: actions/upload-artifact@v4