diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9865062e..166ece43 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -45,11 +45,19 @@ jobs: if: fromJson(needs.get-platform.outputs.build-os) == 'macos-11' run: sudo mv /usr/local/bin/* /tmp/ + # setup macOS codesigning + - uses: teaxyz/brewkit/actions/setup-codesign@v0 + if: startsWith(inputs.platform, 'darwin+') && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name + with: + p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} + p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} + - run: pkg build ${{ inputs.projects }} id: build env: GITHUB_TOKEN: ${{ github.token }} FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root + APPLE_IDENTITY: ${{ secrets.APPLE_IDENTITY }} - run: | ABS_PATHS=$(echo $PATHS | tr ' ' '\n' | sed -e "s_^_$TEA_PREFIX/_" | tr '\n' ' ') @@ -60,15 +68,6 @@ jobs: PATHS: ${{ steps.build.outputs.relative-paths }} TEA_PREFIX: ${{ steps.tea.outputs.prefix }} - # sign macOS binaries - - uses: teaxyz/brewkit/actions/codesign@v0 - if: startsWith(inputs.platform, 'darwin+') && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name - with: - p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} - p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} - identity: "Developer ID Application: Tea Inc. (7WV56FL599)" - paths: ${{ steps.absolute-paths.outputs.paths }} - # cache data we'll need in the bottling job - name: assemble artifact metadata run: |