Debug MacOS signing (#24)

* Debug MacOS signing * More debug * Notarize binary * Zip before notarizing * Rollback unneeded
komodorio · Apr 4, 2024 · 1e9a9bf · 1e9a9bf
1 parent e840117
commit 1e9a9bf
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -105,6 +105,10 @@ jobs:
  CERTIFICATE_ID: ${{ secrets.CERTIFICATE_ID }}
  - name: Test Binary is Signed
  run: |
+ cat codesign.log
+ echo ===============================
+ cat notarytool.log
+ echo ===============================
  codesign -dv dist/build_macos_darwin_arm64/komocli
  - uses: actions/upload-artifact@v4
  with:

diff --git a/.goreleaser-mac.yml b/.goreleaser-mac.yml
@@ -19,7 +19,7 @@ builds:
  # sign
  - codesign --options runtime --keychain build.keychain --sign "{{ .Env.CERTIFICATE_ID }}" "{{ .Path }}"
  # notarize
- - chmod +x scripts/notarize-macos-app.sh && ./scripts/notarize-macos-app.sh {{ .Path }}.zip
+ - scripts/notarize-macos-app.sh "{{ .Path }}"
 archives:
  - id: komocli
  format: binary
diff --git a/scripts/notarize-macos-app.sh b/scripts/notarize-macos-app.sh
@@ -1,7 +1,8 @@
 #!/usr/bin/env sh
 echo "Notarizing $1"
-xcrun notarytool submit $1 \
+zip $1.zip $1
+xcrun notarytool submit $1.zip \
  --apple-id "$MACOS_NOTARY_APPLE_ID" \
  --team-id "$MACOS_NOTARY_TEAM_ID" \
  --password "$MACOS_NOTARY_PASSWORD" \
- --wait
+ --wait 2>&1 | tee -a notarytool.log