diff options
author | Nat Goodspeed <nat@lindenlab.com> | 2023-09-25 11:19:38 -0400 |
---|---|---|
committer | Nat Goodspeed <nat@lindenlab.com> | 2023-09-25 11:19:38 -0400 |
commit | 50e3d4020d2431d01ae3b8c6cc28c49a2762d267 (patch) | |
tree | 2c398e31085dfcb447b1380b642385eb31577275 | |
parent | e8dfbbaf880314359c0c2d18c944199e3f26db07 (diff) |
SL-19242: Reference the actual stored GitHub repo secrets.
Add a Mac signing step to unpack the credentials bundled into
NOTARIZE_CREDS_MACOS so viewer-build-util/sign-pkg-mac need not know about
that peculiarity of our secrets formatting.
-rw-r--r-- | .github/workflows/build.yaml | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b010115e9c..d7bc4a84af 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -279,11 +279,36 @@ jobs: needs: build runs-on: macos-latest steps: + - name: Unpack Mac notarization credentials + id: note-creds + shell: bash + run: | + # In NOTARIZE_CREDS_MACOS we expect to find: + # USERNAME="..." + # PASSWORD="..." + # ASC_PROVIDER="..." + eval "${{ secrets.NOTARIZE_CREDS_MACOS }} + echo "::add-mask::$USERNAME" + echo "::add-mask::$PASSWORD" + echo "::add-mask::$ASC_PROVIDER" + echo "note_user=$USERNAME" >> "$GITHUB_OUTPUT" + echo "note_pass=$PASSWORD" >> "$GITHUB_OUTPUT" + echo "note_asc=$ASC_PROVIDER" >> "$GITHUB_OUTPUT" + # If we didn't manage to retrieve all of these credentials, better + # find out sooner than later. + [[ -n "$USERNAME" && -n "$PASSWORD && -n "$ASC_PROVIDER" ]] + - name: Sign and package Mac viewer uses: secondlife/viewer-build-util/sign-pkg-mac@main with: channel: ${{ needs.build.outputs.viewer_channel }} imagename: ${{ needs.build.outputs.imagename }} + cert_base64: ${{ secrets.SIGNING_CERT_MACOS }} + cert_name: ${{ secrets.SIGNING_CERT_MACOS_IDENTITY }} + cert_pass: ${{ secrets.SIGNING_CERT_MACOS_PASSWORD }} + note_user: ${{ steps.note-creds.outputs.note_user }} + note_pass: ${{ steps.note-creds.outputs.note_pass }} + note_asc: ${{ steps.note-creds.outputs.note_asc }} post-windows-symbols: needs: build |