fix: macos signing cli release (#1527)

xataio · Jul 5, 2024 · 627e335 · 627e335
1 parent 15c1dab
commit 627e335
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/.github/workflows/release-cli-assets.yml b/.github/workflows/release-cli-assets.yml
@@ -44,6 +44,30 @@ jobs:
           node-version: ${{ steps.config.outputs.NVMRC }}
           cache: 'pnpm'
 
+      - name: Install the Apple certificate
+        if: matrix.os == 'macos-latest'
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_CERT_P12 }}
+          P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
+          KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
@@ -63,3 +87,8 @@ jobs:
           PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
           MATRIX_OS: ${{ matrix.os }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Clean up keychain
+        if: matrix.os == 'macos-latest'
+        run: |
+          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
diff --git a/cli/package.json b/cli/package.json
@@ -81,7 +81,8 @@
       "init": "./dist/hooks/init/compatibility"
     },
     "macos": {
-      "identifier": "io.xata.cli"
+      "identifier": "io.xata.cli",
+      "sign": "\"Developer ID Installer: Xatabase Inc (BNRJ8833Y2)\""
     },
     "deb": {
       "identifier": "io.xata.cli"