attempt to manually notarize for the third time #133
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: [ master ] | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: [ master ] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest-large, windows-latest, macos-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build React app | |
| env: | |
| CI: false | |
| run: npm run react-build | |
| # --------------------------------- | |
| # macOS Build (Sign only, no auto-notarize) | |
| # --------------------------------- | |
| - name: Print environment for debugging | |
| if: matrix.os == 'macos-latest' | |
| run: printenv | sort | |
| - name: Build & Sign Electron app (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| # Provide ONLY the .p12 certificate for code signing. | |
| CSC_LINK: ${{ secrets.MACOS_CERTIFICATE }} | |
| CSC_KEY_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} | |
| # Remove or omit the Apple API key vars from electron-builder, | |
| # so it doesn't attempt notarization internally. | |
| DEBUG: electron-builder | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Remove any "notarize" block from package.json or set "notarize": false | |
| # to ensure electron-builder won't attempt notarization automatically. | |
| npm run electron-build | |
| - name: Setup notarization credentials | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| echo ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY }} | base64 --decode > notarization_api_key.p8 | |
| - name: Submit app for notarization | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| GODOT_MACOS_NOTARIZATION_API_KEY_ID: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }} | |
| GODOT_MACOS_NOTARIZATION_API_KEY: ./notarization_api_key.p8 | |
| GODOT_MACOS_NOTARIZATION_API_UUID: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }} | |
| run: | | |
| # We'll assume your DMG name matches something like: | |
| # dist/Drivechain-Launcher-<version>-x64.dmg | |
| # If you produce multiple DMGs (x64, arm64), pick the correct one or do both. | |
| DMG_FILE=$(ls dist/*-x64.dmg | head -n 1) | |
| if [ -z "$DMG_FILE" ]; then | |
| echo "No x64 DMG found to notarize!" | |
| exit 1 | |
| fi | |
| echo "Submitting $DMG_FILE for notarization..." | |
| echo "DMG_FILE_PATH=$DMG_FILE" >> $GITHUB_ENV | |
| request_uuid=$(xcrun notarytool submit "$DMG_FILE" \ | |
| --key $GODOT_MACOS_NOTARIZATION_API_KEY \ | |
| --key-id $GODOT_MACOS_NOTARIZATION_API_KEY_ID \ | |
| --issuer $GODOT_MACOS_NOTARIZATION_API_UUID | tail -n1) | |
| echo "NOTARIZATION_UUID=$request_uuid" >> $GITHUB_ENV | |
| - name: Wait for notarization to finish | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| GODOT_MACOS_NOTARIZATION_API_KEY_ID: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }} | |
| GODOT_MACOS_NOTARIZATION_API_KEY: ./notarization_api_key.p8 | |
| GODOT_MACOS_NOTARIZATION_API_UUID: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }} | |
| run: | | |
| xcrun notarytool wait ${{ env.NOTARIZATION_UUID }} \ | |
| --key $GODOT_MACOS_NOTARIZATION_API_KEY \ | |
| --key-id $GODOT_MACOS_NOTARIZATION_API_KEY_ID \ | |
| --issuer $GODOT_MACOS_NOTARIZATION_API_UUID | |
| - name: Staple notarization | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| echo "Stapling ${{ env.DMG_FILE_PATH }}..." | |
| xcrun stapler staple "${{ env.DMG_FILE_PATH }}" |