Skip to content

Commit 04afad0

Browse files
offyottooffyotto
committed
Fix release notarization credential fallback
1 parent 4dc3880 commit 04afad0

3 files changed

Lines changed: 18 additions & 6 deletions

File tree

.github/workflows/release.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,6 @@ jobs:
105105
APPLE_ID: ${{ secrets.APPLE_ID }}
106106
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
107107
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
108-
NOTARYTOOL_PROFILE: ${{ secrets.NOTARYTOOL_PROFILE }}
109108
APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
110109
APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }}
111110
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
@@ -119,7 +118,6 @@ jobs:
119118
APPLE_ID: ${{ secrets.APPLE_ID }}
120119
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
121120
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
122-
NOTARYTOOL_PROFILE: ${{ secrets.NOTARYTOOL_PROFILE }}
123121
APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
124122
APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }}
125123
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}

scripts/release/notarize_disk_image.sh

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ elif [[ -n "${APP_STORE_CONNECT_KEY_PATH}" ]]; then
3636
submit_with_api_key "${DMG_PATH}" "${APP_STORE_CONNECT_KEY_PATH}"
3737
elif xcrun notarytool history --keychain-profile "${PROFILE_NAME}" >/dev/null 2>&1; then
3838
submit_with_keychain_profile "${DMG_PATH}"
39-
elif [[ -z "${NOTARYTOOL_PROFILE:-}" ]]; then
39+
elif [[ -n "${APPLE_ID:-}" || -n "${APPLE_APP_SPECIFIC_PASSWORD:-}" || -n "${APPLE_TEAM_ID:-}" ]]; then
4040
: "${APPLE_ID:?Set APPLE_ID or NOTARYTOOL_PROFILE}"
4141
: "${APPLE_APP_SPECIFIC_PASSWORD:?Set APPLE_APP_SPECIFIC_PASSWORD or NOTARYTOOL_PROFILE}"
4242
: "${APPLE_TEAM_ID:?Set APPLE_TEAM_ID or NOTARYTOOL_PROFILE}"
@@ -47,8 +47,15 @@ elif [[ -z "${NOTARYTOOL_PROFILE:-}" ]]; then
4747
--password "${APPLE_APP_SPECIFIC_PASSWORD}"
4848

4949
submit_with_keychain_profile "${DMG_PATH}"
50+
elif [[ -n "${NOTARYTOOL_PROFILE:-}" ]]; then
51+
echo "Keychain profile '${PROFILE_NAME}' was not found." >&2
52+
echo "NOTARYTOOL_PROFILE is only a local keychain profile name, not a portable GitHub Actions secret." >&2
53+
echo "Configure APP_STORE_CONNECT_API_KEY_BASE64 with APP_STORE_CONNECT_KEY_ID and APP_STORE_CONNECT_ISSUER_ID, or APPLE_ID with APPLE_APP_SPECIFIC_PASSWORD and APPLE_TEAM_ID." >&2
54+
exit 1
5055
else
51-
submit_with_keychain_profile "${DMG_PATH}"
56+
echo "Missing notarization credentials." >&2
57+
echo "Configure APP_STORE_CONNECT_API_KEY_BASE64 with APP_STORE_CONNECT_KEY_ID and APP_STORE_CONNECT_ISSUER_ID, or APPLE_ID with APPLE_APP_SPECIFIC_PASSWORD and APPLE_TEAM_ID." >&2
58+
exit 1
5259
fi
5360

5461
xcrun stapler staple "${DMG_PATH}"

scripts/release/notarize_release.sh

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ elif [[ -n "${APP_STORE_CONNECT_KEY_PATH}" ]]; then
3131
submit_with_api_key "${APP_STORE_CONNECT_KEY_PATH}"
3232
elif xcrun notarytool history --keychain-profile "${PROFILE_NAME}" >/dev/null 2>&1; then
3333
xcrun notarytool submit "${ZIP_PATH}" --keychain-profile "${PROFILE_NAME}" --wait
34-
elif [[ -z "${NOTARYTOOL_PROFILE:-}" ]]; then
34+
elif [[ -n "${APPLE_ID:-}" || -n "${APPLE_APP_SPECIFIC_PASSWORD:-}" || -n "${APPLE_TEAM_ID:-}" ]]; then
3535
: "${APPLE_ID:?Set APPLE_ID or NOTARYTOOL_PROFILE}"
3636
: "${APPLE_APP_SPECIFIC_PASSWORD:?Set APPLE_APP_SPECIFIC_PASSWORD or NOTARYTOOL_PROFILE}"
3737
: "${APPLE_TEAM_ID:?Set APPLE_TEAM_ID or NOTARYTOOL_PROFILE}"
@@ -42,8 +42,15 @@ elif [[ -z "${NOTARYTOOL_PROFILE:-}" ]]; then
4242
--password "${APPLE_APP_SPECIFIC_PASSWORD}"
4343

4444
xcrun notarytool submit "${ZIP_PATH}" --keychain-profile "${PROFILE_NAME}" --wait
45+
elif [[ -n "${NOTARYTOOL_PROFILE:-}" ]]; then
46+
echo "Keychain profile '${PROFILE_NAME}' was not found." >&2
47+
echo "NOTARYTOOL_PROFILE is only a local keychain profile name, not a portable GitHub Actions secret." >&2
48+
echo "Configure APP_STORE_CONNECT_API_KEY_BASE64 with APP_STORE_CONNECT_KEY_ID and APP_STORE_CONNECT_ISSUER_ID, or APPLE_ID with APPLE_APP_SPECIFIC_PASSWORD and APPLE_TEAM_ID." >&2
49+
exit 1
4550
else
46-
xcrun notarytool submit "${ZIP_PATH}" --keychain-profile "${PROFILE_NAME}" --wait
51+
echo "Missing notarization credentials." >&2
52+
echo "Configure APP_STORE_CONNECT_API_KEY_BASE64 with APP_STORE_CONNECT_KEY_ID and APP_STORE_CONNECT_ISSUER_ID, or APPLE_ID with APPLE_APP_SPECIFIC_PASSWORD and APPLE_TEAM_ID." >&2
53+
exit 1
4754
fi
4855

4956
xcrun stapler staple "${APP_PATH}"

0 commit comments

Comments
 (0)