From 44f6ee4cfdfad5fb21d96e69f8776c0e68685682 Mon Sep 17 00:00:00 2001 From: david Date: Sun, 8 Aug 2021 14:19:45 -0700 Subject: [PATCH] chore(ci): add step to detect code signing (#2245) * chore(ci): add step to detect code signing * fix variable name and add changefile --- .changes/cli-rs-macos-signing-id-env.md | 5 +++++ .github/workflows/artifacts-updater.yml | 12 ++++++++++-- examples/updater/src-tauri/tauri.conf.json | 2 +- tooling/cli.rs/src/interface/rust.rs | 12 +++++++++++- 4 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 .changes/cli-rs-macos-signing-id-env.md diff --git a/.changes/cli-rs-macos-signing-id-env.md b/.changes/cli-rs-macos-signing-id-env.md new file mode 100644 index 000000000..228ebed5d --- /dev/null +++ b/.changes/cli-rs-macos-signing-id-env.md @@ -0,0 +1,5 @@ +--- +"cli.rs": patch +--- + +Added `APPLE_SIGNING_IDENTITY` as supported environment variable for the bundler. diff --git a/.github/workflows/artifacts-updater.yml b/.github/workflows/artifacts-updater.yml index f821c33a1..af4801425 100644 --- a/.github/workflows/artifacts-updater.yml +++ b/.github/workflows/artifacts-updater.yml @@ -95,9 +95,16 @@ jobs: - name: build cli working-directory: ./tooling/cli.js run: yarn build + - name: Check whether code signing should be enabled + id: enablecodesigning + env: + ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }} + run: | + echo "Enable code signing: ${{ env.ENABLE_CODE_SIGNING != '' }}" + echo "::set-output name=enabled::${{ env.ENABLE_CODE_SIGNING != '' }}" # run only on tauri-apps/tauri repo (require secrets) - name: build sample artifacts + code signing (updater) - if: github.repository == 'tauri-apps/tauri' + if: steps.enablecodesigning.outputs.enabled == 'true' working-directory: ./examples/updater run: | yarn install @@ -112,11 +119,12 @@ jobs: # Apple code signing testing APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} # Updater signature is exposed here to make sure it works in PR's TAURI_PRIVATE_KEY: dW50cnVzdGVkIGNvbW1lbnQ6IHJzaWduIGVuY3J5cHRlZCBzZWNyZXQga2V5ClJXUlRZMEl5YTBGV3JiTy9lRDZVd3NkL0RoQ1htZmExNDd3RmJaNmRMT1ZGVjczWTBKZ0FBQkFBQUFBQUFBQUFBQUlBQUFBQWdMekUzVkE4K0tWQ1hjeGt1Vkx2QnRUR3pzQjVuV0ZpM2czWXNkRm9hVUxrVnB6TUN3K1NheHJMREhQbUVWVFZRK3NIL1VsMDBHNW5ET1EzQno0UStSb21nRW4vZlpTaXIwZFh5ZmRlL1lSN0dKcHdyOUVPclVvdzFhVkxDVnZrbHM2T1o4Tk1NWEU9Cg== # run on PRs and forks - name: build sample artifacts (updater) - if: github.repository != 'tauri-apps/tauri' + if: steps.enablecodesigning.outputs.enabled != 'true' working-directory: ./examples/updater run: | yarn install diff --git a/examples/updater/src-tauri/tauri.conf.json b/examples/updater/src-tauri/tauri.conf.json index adb35ebad..1efea3442 100644 --- a/examples/updater/src-tauri/tauri.conf.json +++ b/examples/updater/src-tauri/tauri.conf.json @@ -28,7 +28,7 @@ "useBootstrapper": false }, "macOS": { - "signingIdentity": "Developer ID Application: David Lemarier (3KF8V3679C)", + "signingIdentity": null, "entitlements": "../entitlements.plist", "frameworks": [], "minimumSystemVersion": "", diff --git a/tooling/cli.rs/src/interface/rust.rs b/tooling/cli.rs/src/interface/rust.rs index df29b085e..045584465 100644 --- a/tooling/cli.rs/src/interface/rust.rs +++ b/tooling/cli.rs/src/interface/rust.rs @@ -390,6 +390,16 @@ fn tauri_config_to_bundle_settings( } } + let signing_identity = match std::env::var_os("APPLE_SIGNING_IDENTITY") { + Some(signing_identity) => Some( + signing_identity + .to_str() + .expect("failed to convert APPLE_SIGNING_IDENTITY to string") + .to_string(), + ), + None => config.macos.signing_identity, + }; + Ok(BundleSettings { identifier: config.identifier, icon: config.icon, @@ -424,7 +434,7 @@ fn tauri_config_to_bundle_settings( license: config.macos.license, use_bootstrapper: Some(config.macos.use_bootstrapper), exception_domain: config.macos.exception_domain, - signing_identity: config.macos.signing_identity, + signing_identity, entitlements: config.macos.entitlements, }, windows: WindowsSettings {