attempt to manually notarize for the 6Th time #137
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: [ master ] | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: [ master ] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest-large, windows-latest, macos-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18.x' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build React app | |
| env: | |
| CI: false | |
| run: npm run react-build | |
| # --------------------------------- | |
| # macOS Build (Sign only, no auto-notarize) | |
| # --------------------------------- | |
| - name: Print environment for debugging | |
| if: matrix.os == 'macos-latest' | |
| run: printenv | sort | |
| - name: Build & Sign Electron app (macOS) | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| # Provide ONLY the .p12 certificate for code signing. | |
| CSC_LINK: ${{ secrets.MACOS_CERTIFICATE }} | |
| CSC_KEY_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} | |
| # Remove or omit the Apple API key vars from electron-builder, | |
| # so it doesn't attempt notarization internally. | |
| DEBUG: electron-builder | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Remove any "notarize" block from package.json or set "notarize": false | |
| # to ensure electron-builder won't attempt notarization automatically. | |
| npm run electron-build | |
| - name: Setup notarization credentials | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| echo ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY }} | base64 --decode > notarization_api_key.p8 | |
| - name: Submit app for notarization | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| GODOT_MACOS_NOTARIZATION_API_KEY_ID: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_KEY_ID }} | |
| GODOT_MACOS_NOTARIZATION_API_KEY: ./notarization_api_key.p8 | |
| GODOT_MACOS_NOTARIZATION_API_UUID: ${{ secrets.GODOT_MACOS_NOTARIZATION_API_UUID }} | |
| run: | | |
| # We'll assume your DMG name matches something like: | |
| # dist/Drivechain-Launcher-<version>-x64.dmg | |
| # If you produce multiple DMGs (x64, arm64), pick the correct one or do both. | |
| DMG_FILE=$(ls dist/*-x64.dmg | head -n 1) | |
| if [ -z "$DMG_FILE" ]; then | |
| echo "No x64 DMG found to notarize!" | |
| exit 1 | |
| fi | |
| echo "Submitting $DMG_FILE for notarization..." | |
| echo "Running notarytool submit..." | |
| request_uuid=$(xcrun notarytool submit "$DMG_FILE" \ | |
| --key "$GODOT_MACOS_NOTARIZATION_API_KEY" \ | |
| --key-id "$GODOT_MACOS_NOTARIZATION_API_KEY_ID" \ | |
| --issuer "$GODOT_MACOS_NOTARIZATION_API_UUID" \ | |
| --output-format json \ | |
| | jq -r '.id') | |
| echo "Notarization UUID: $request_uuid" | |
| echo "Waiting for notarization to complete..." | |
| xcrun notarytool wait "$request_uuid" \ | |
| --key "$GODOT_MACOS_NOTARIZATION_API_KEY" \ | |
| --key-id "$GODOT_MACOS_NOTARIZATION_API_KEY_ID" \ | |
| --issuer "$GODOT_MACOS_NOTARIZATION_API_UUID" | |
| echo "Stapling notarization..." | |
| xcrun stapler staple "$DMG_FILE" |