fix: Add codesigning for macOS build artifacts #104
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Rust | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| jobs: | |
| build: | |
| name: Build for multiple platforms | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest, macos-12] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Rust | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| override: true | |
| - name: Install OpenSSL (Windows) | |
| if: runner.os == 'Windows' | |
| shell: powershell | |
| run: | | |
| echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| vcpkg install openssl:x64-windows-static-md | |
| - name: Install OpenSSL (Macos) | |
| if: matrix.os == 'macos-latest' | |
| run: brew install openssl | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry | |
| key: ${{ runner.os }}-cargo-registry | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-registry | |
| - name: Cache cargo index | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/git | |
| key: ${{ runner.os }}-cargo-index | |
| restore-keys: | | |
| ${{ runner.os }}-cargo-index | |
| - name: Build | |
| run: cargo build --release | |
| # - name: Run tests | |
| # run: cargo test --release | |
| - name: Create release directory | |
| run: mkdir -p release | |
| - name: Create release system directory | |
| run: mkdir -p release/${{ matrix.os }} | |
| - name: Copy binary to release directory Windows | |
| if: matrix.os == 'windows-latest' | |
| run: cp target/release/idf-im-cli.exe release/${{ matrix.os }}/eim.exe | |
| - name: Copy binary to release directory POSIX | |
| if: matrix.os != 'windows-latest' | |
| run: cp target/release/idf-im-cli release/${{ matrix.os }}/eim | |
| - name: Codesign macOS build artifacts | |
| if: matrix.os == 'macos-latest' | |
| env: | |
| MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} | |
| MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }} | |
| run: | | |
| echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
| /usr/bin/security create-keychain -p espressif build.keychain | |
| /usr/bin/security default-keychain -s build.keychain | |
| /usr/bin/security unlock-keychain -p espressif build.keychain | |
| /usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign | |
| /usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain | |
| /usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" release/${{ matrix.os }}/eim -v | |
| /usr/bin/codesign -v -vvv --deep release/${{ matrix.os }}/eim | |
| - name: Upload build artifacts for POSIX | |
| uses: actions/upload-artifact@v4 | |
| if: matrix.os != 'windows-latest' | |
| with: | |
| name: eim-${{ matrix.os }} | |
| path: release/${{ matrix.os }}/eim | |
| - name: Upload artifact for tag on POSIX | |
| if: startsWith(github.ref, 'refs/tags/') && matrix.os != 'windows-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: eim-${{ github.ref_name }}-${{ runner.os }} | |
| path: release/${{ matrix.os }}/eim | |
| - name: Upload build artifacts for Windows | |
| uses: actions/upload-artifact@v4 | |
| if: matrix.os == 'windows-latest' | |
| with: | |
| name: eim-${{ matrix.os }} | |
| path: release/${{ matrix.os }}/eim.exe | |
| - name: Upload artifact for tag on Windows | |
| if: startsWith(github.ref, 'refs/tags/') && runner.os == 'Windows' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: eim-${{ github.ref_name }}-${{ runner.os }} | |
| path: release/${{ matrix.os }}/eim.exe | |
| - name: Create aarch64-linux build | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| rustup target add aarch64-unknown-linux-gnu | |
| cargo install cross | |
| cross build --target aarch64-unknown-linux-gnu --release | |
| mkdir -p release/aarch64-unknown-linux-gnu | |
| cp target/aarch64-unknown-linux-gnu/release/idf-im-cli release/aarch64-unknown-linux-gnu/eim | |
| - name: Upload build artifacts for aarch64-linux | |
| uses: actions/upload-artifact@v4 | |
| if: matrix.os == 'ubuntu-latest' | |
| with: | |
| name: eim-linux-arm64 | |
| path: release/aarch64-unknown-linux-gnu/eim | |
| - name: Upload artifact for tag on aarch64-linux | |
| if: startsWith(github.ref, 'refs/tags/') && runner.os == 'Linux' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: eim-${{ github.ref_name }}-linux-arm64 | |
| path: release/aarch64-unknown-linux-gnu/eim |