Avoid codesign and notarization in PR and forks

drhelius · Sep 4, 2024 · 1b344d7 · 1b344d7
1 parent 2b4ef4a
commit 1b344d7
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/gearsystem.yml b/.github/workflows/gearsystem.yml
@@ -124,6 +124,7 @@ jobs:
       run: make dist
       working-directory: platforms/macos
     - name: Codesign app bundle
+      if: needs.pr-check.outputs.number == null && github.repository_owner == 'drhelius'
       env:
         MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
         MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
@@ -145,6 +146,7 @@ jobs:
         codesign -v -vvv --deep "${{ env.NAME_UPPER }}.app"
       working-directory: platforms/macos
     - name: Notarize app bundle
+      if: needs.pr-check.outputs.number == null && github.repository_owner == 'drhelius'
       env:
         PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
         PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
@@ -155,12 +157,12 @@ jobs:
         xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
         xcrun stapler staple "${{ env.NAME_UPPER }}.app"
         spctl -a -vvv -t install "${{ env.NAME_UPPER }}.app"
-        ditto -c -k --keepParent "${{ env.NAME_UPPER }}.app" "${{ env.NAME_UPPER }}.app.zip"
       working-directory: platforms/macos
     - name: Prepare artifact directory
       run: |
         mkdir -p artifact
         cp platforms/README.txt artifact/
+        ditto -c -k --keepParent "platforms/macos/${{ env.NAME_UPPER }}.app" "platforms/macos/${{ env.NAME_UPPER }}.app.zip"
         mv platforms/macos/${{ env.NAME_UPPER }}.app.zip artifact/
     - name: Archive binary
       uses: actions/upload-artifact@v4