Merge pull request #136 from bcmi-labs/per1234/sign-in-gh-hosted-runner

Use GitHub hosted macOS GitHub Actions runner instead of self hosted runner
2025-07-24 11:46:32 +00:00 · 2020-08-19 10:47:46 +02:00 · 2020-08-19 10:47:46 +02:00 · 84016f4e1e
commit 84016f4e1e
parent 1b8c510f33 fd2b03e286
1 changed files with 14 additions and 5 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -20,10 +20,13 @@ jobs:
        config:
          - os: windows-2016
          - os: ubuntu-latest
-          - os: turin-macmini # self-hosted macOS
+          - os: macos-latest
          # - os: rsora-rpi-arm # self-hosted armhf
    runs-on: ${{ matrix.config.os }}
    timeout-minutes: 30
+    env:
+      CERTIFICATE_PATH: /tmp/macos_signing_certificate.p12
+
    steps:
      - name: Checkout
        uses: actions/checkout@v2
@ -39,12 +42,12 @@ jobs:
        with:
          python-version: '2.7'

-      - name: Update Keychain [macOS]
+      - name: Generate signing certificate file [macOS]
        if: runner.OS == 'macOS'
        run: |
-            echo "${{ secrets.KEYCHAIN }}" | base64 --decode > ~/Library/Keychains/apple-developer.keychain-db
-            security list-keychains -s ~/Library/Keychains/apple-developer.keychain-db
-            security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" ~/Library/Keychains/apple-developer.keychain-db
+            # APPLE_SIGNING_CERTIFICATE_P12 secret was produced by following the procedure from:
+            # https://www.kencochrane.com/2020/08/01/build-and-sign-golang-binaries-for-macos-with-github-actions/#exporting-the-developer-certificate
+            echo "${{ secrets.APPLE_SIGNING_CERTIFICATE_P12 }}" | base64 --decode > "${{ env.CERTIFICATE_PATH }}"

      - name: Package
        shell: bash
@ -58,6 +61,12 @@ jobs:
          IS_NIGHTLY: ${{ github.event_name == 'schedule' }}
          IS_RELEASE: ${{ startsWith(github.ref, 'refs/tags/') }}
        run: |
+            # electron-builder will try to sign during the Windows job if these environment variables are defined
+            if [ "${{ runner.OS }}" = "macOS" ]; then
+              # See: https://www.electron.build/code-signing
+              export CSC_LINK="${{ env.CERTIFICATE_PATH }}"
+              export CSC_KEY_PASSWORD="${{ secrets.KEYCHAIN_PASSWORD }}"
+            fi
            yarn --cwd ./electron/packager/
            yarn --cwd ./electron/packager/ package