Skip to content

Commit 6630366

Browse files
Notarize in CI to keep up with Gatekeeper (#15)
1 parent abcef05 commit 6630366

2 files changed

Lines changed: 13 additions & 0 deletions

File tree

.github/workflows/build.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@ jobs:
2929
targets: aarch64-apple-darwin, x86_64-apple-darwin
3030
- uses: Swatinem/rust-cache@v2
3131
- name: Build and test
32+
env:
33+
APPLE_ID: ${{ secrets.APPLE_ID }}
34+
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
35+
APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
3236
run: |
3337
cargo install just
3438
just release

Justfile

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ build:
2727
[macos]
2828
release:
2929
just -f {{justfile()}} create_bundle release {{TargetDir}} 'Developer ID Application' --release
30+
just -f {{justfile()}} notarize_and_staple release {{TargetDir}}
3031

3132
[macos]
3233
create_bundle BuildType TargetDir CertType BuildFlags:
@@ -51,3 +52,11 @@ create_bundle BuildType TargetDir CertType BuildFlags:
5152
lipo {{TargetDir}}/{x86_64,aarch64}-apple-darwin/{{BuildType}}/lib{{CrateName}}.dylib -create -output {{TargetDir}}/{{BuildType}}/{{PluginName}}.plugin/Contents/MacOS/{{BinaryName}}.dylib
5253
mv {{TargetDir}}/{{BuildType}}/{{PluginName}}.plugin/Contents/MacOS/{{BinaryName}}.dylib {{TargetDir}}/{{BuildType}}/{{PluginName}}.plugin/Contents/MacOS/{{PluginName}}
5354
/usr/bin/codesign --force --options runtime --timestamp -s $( security find-identity -v -p codesigning | grep -m 1 "{{CertType}}" | awk -F ' ' '{print $2}' ) {{TargetDir}}/{{BuildType}}/{{PluginName}}.plugin
55+
56+
[macos]
57+
notarize_and_staple BuildType TargetDir:
58+
echo "Notarizing and stapling plugin bundle"
59+
ditto -c -k --keepParent {{TargetDir}}/{{BuildType}}/{{PluginName}}.plugin {{TargetDir}}/{{BuildType}}/{{PluginName}}.zip
60+
xcrun notarytool submit {{TargetDir}}/{{BuildType}}/{{PluginName}}.zip --apple-id "${APPLE_ID}" --password "${APPLE_APP_PASSWORD}" --team-id "${APPLE_TEAM_ID}" --wait
61+
xcrun stapler staple {{TargetDir}}/{{BuildType}}/{{PluginName}}.plugin
62+
echo "Notarization and stapling completed"

0 commit comments

Comments
 (0)