diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8991a74..ad72e1f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -58,6 +58,14 @@ jobs: APPLE_DEVELOPER_ID: ${{ vars.APPLE_DEVELOPER_ID }} APPLE_SIGNING_PASSWORD: ${{ secrets.APPLE_SIGNING_PASSWORD }} + - name: Notarize Darwin binaries + env: + APPLE_DEVELOPER_ID: ${{ vars.APPLE_DEVELOPER_ID }} + APPLE_APPLICATION_CERT: ${{ secrets.APPLE_APPLICATION_CERT }} + APPLE_APPLICATION_CERT_PASSWORD: ${{ secrets.APPLE_APPLICATION_CERT_PASSWORD }} + APPLE_SIGNING_PASSWORD: ${{ secrets.APPLE_SIGNING_PASSWORD }} + run: | + - uses: actions/upload-artifact@v3 with: name: macos diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 29044f6..e85c004 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -49,16 +49,16 @@ builds: ldflags: - "-w -X main.version={{ .Version }}" hooks: - #post: | - # sh -c ' - # codesign --timestamp \ - # --options=runtime \ - # -s "${APPLE_DEVELOPER_ID}" \ - # -v \ - # dist/ipfool-osx_darwin_${ARCH}/ipfool - # ' post: | - sh -c build/buildosx.sh + sh -c ' + codesign --timestamp \ + --options=runtime \ + -s "${APPLE_DEVELOPER_ID}" \ + -v \ + dist/ipfool-osx_darwin_${ARCH}/ipfool + ' + #post: | + # sh -c build/buildosx.sh #Configuration for building packages for rpm and deb package managers nfpms: @@ -86,6 +86,30 @@ archives: - goos: windows format: zip +signs: + - id: gatekeeper + ids: + - ipfool-osx + signature: "${artifact}" + env: + - >- + {{- if eq .Arch "amd64"}}ARCH=amd64_v1{{- end }} + {{- if eq .Arch "arm64"}}ARCH=arm64{{- end }} + cmd: xcrun + args: + [ + "notarytool", + "submit", + "./dist/{{ .ProjectName }}_{{ .Version }}_darwin_{{ .Arch }}.zip", + "--apple-id", + "chadr@zang.com", + "--password", + "{{ .Env.APPLE_SIGNING_PASSWORD }}", + "--team-id", + "{{ .Env.APPLE_DEVELOPER_ID }}", + "--progress", + "--wait", + ] changelog: sort: asc filters: