From 77ce21553e7bf6e5abc62cad5dcdec909017ff89 Mon Sep 17 00:00:00 2001 From: Black-Hole Date: Mon, 30 Oct 2023 14:48:07 +0800 Subject: [PATCH] chore(ci): add code sign step (#9) --- .github/workflows/release.yml | 14 ++++++++++++++ Makefile | 1 + 2 files changed, 15 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f344f37..f810d96 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,8 +21,22 @@ jobs: - name: Apply Patch run: make apply-all-patch + - name: Setup Codesign + run: | + echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 + security create-keychain -p action build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p action build.keychain + security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k action build.keychain + env: + MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} + MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} + - name: Build run: make build + env: + CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }} - name: Release uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 diff --git a/Makefile b/Makefile index 69514e4..53e2905 100644 --- a/Makefile +++ b/Makefile @@ -27,6 +27,7 @@ CODESIGN_IDENTITY ?= - @case $(_DIR) in \ gvproxy) \ GOARCH=$(_ARCH) $(GO_BUILD) -C $(ROOTDIR)/gvproxy/ -ldflags '-s -w' -o $(ROOTDIR)/out/gvproxy-$(_ARCH) ./cmd/gvproxy; \ + codesign --force --options runtime --sign $(CODESIGN_IDENTITY) $(ROOTDIR)/out/gvproxy-$(_ARCH); \ ;; \ vfkit) \ CGO_ENABLED=1 CGO_CFLAGS=-mmacosx-version-min=12.3 GOARCH=$(_ARCH) $(GO_BUILD) -C $(ROOTDIR)/vfkit/ -o $(ROOTDIR)/out/vfkit-$(_ARCH) ./cmd/vfkit; \