summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNat Goodspeed <nat@lindenlab.com>2023-09-25 11:19:38 -0400
committerNat Goodspeed <nat@lindenlab.com>2023-09-25 11:19:38 -0400
commit50e3d4020d2431d01ae3b8c6cc28c49a2762d267 (patch)
tree2c398e31085dfcb447b1380b642385eb31577275
parente8dfbbaf880314359c0c2d18c944199e3f26db07 (diff)
SL-19242: Reference the actual stored GitHub repo secrets.
Add a Mac signing step to unpack the credentials bundled into NOTARIZE_CREDS_MACOS so viewer-build-util/sign-pkg-mac need not know about that peculiarity of our secrets formatting.
-rw-r--r--.github/workflows/build.yaml25
1 files changed, 25 insertions, 0 deletions
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index b010115e9c..d7bc4a84af 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -279,11 +279,36 @@ jobs:
needs: build
runs-on: macos-latest
steps:
+ - name: Unpack Mac notarization credentials
+ id: note-creds
+ shell: bash
+ run: |
+ # In NOTARIZE_CREDS_MACOS we expect to find:
+ # USERNAME="..."
+ # PASSWORD="..."
+ # ASC_PROVIDER="..."
+ eval "${{ secrets.NOTARIZE_CREDS_MACOS }}
+ echo "::add-mask::$USERNAME"
+ echo "::add-mask::$PASSWORD"
+ echo "::add-mask::$ASC_PROVIDER"
+ echo "note_user=$USERNAME" >> "$GITHUB_OUTPUT"
+ echo "note_pass=$PASSWORD" >> "$GITHUB_OUTPUT"
+ echo "note_asc=$ASC_PROVIDER" >> "$GITHUB_OUTPUT"
+ # If we didn't manage to retrieve all of these credentials, better
+ # find out sooner than later.
+ [[ -n "$USERNAME" && -n "$PASSWORD && -n "$ASC_PROVIDER" ]]
+
- name: Sign and package Mac viewer
uses: secondlife/viewer-build-util/sign-pkg-mac@main
with:
channel: ${{ needs.build.outputs.viewer_channel }}
imagename: ${{ needs.build.outputs.imagename }}
+ cert_base64: ${{ secrets.SIGNING_CERT_MACOS }}
+ cert_name: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }}
+ cert_pass: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }}
+ note_user: ${{ steps.note-creds.outputs.note_user }}
+ note_pass: ${{ steps.note-creds.outputs.note_pass }}
+ note_asc: ${{ steps.note-creds.outputs.note_asc }}
post-windows-symbols:
needs: build