Use Xcode Notarization Action (#2267)

[ci skip]
2026-05-19 19:21:27 +00:00 · 2022-05-27 12:21:13 +02:00
parent dc3f80ffc9
commit aca55734b0
1 changed files with 6 additions and 29 deletions
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -188,33 +188,14 @@ jobs:
          Cryptomator-${VERSION_NO}.dmg dmg
        env:
          VERSION_NO: ${{ steps.versions.outputs.semVerNum }}
-      - name: Install notarization credentials
-        if: startsWith(github.ref, 'refs/tags/')
-        run: |
-          # create temporary keychain
-          KEYCHAIN_PATH=$RUNNER_TEMP/notarization.keychain-db
-          security create-keychain -p "${NOTARIZATION_TMP_KEYCHAIN_PW}" ${KEYCHAIN_PATH}
-          security set-keychain-settings -lut 900 ${KEYCHAIN_PATH}
-          security unlock-keychain -p "${NOTARIZATION_TMP_KEYCHAIN_PW}" ${KEYCHAIN_PATH}
-
-          # import credentials from secrets
-          sudo xcode-select -s /Applications/Xcode_13.0.app
-          xcrun notarytool store-credentials "${NOTARIZATION_KEYCHAIN_PROFILE}" --apple-id "${NOTARIZATION_APPLE_ID}" --password "${NOTARIZATION_PW}" --team-id "${NOTARIZATION_TEAM_ID}" --keychain "${KEYCHAIN_PATH}"
-        env:
-          NOTARIZATION_KEYCHAIN_PROFILE: ${{ secrets.MACOS_NOTARIZATION_KEYCHAIN_PROFILE }}
-          NOTARIZATION_APPLE_ID: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
-          NOTARIZATION_PW: ${{ secrets.MACOS_NOTARIZATION_PW }}
-          NOTARIZATION_TEAM_ID: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
-          NOTARIZATION_TMP_KEYCHAIN_PW: ${{ secrets.MACOS_NOTARIZATION_TMP_KEYCHAIN_PW }}
      - name: Notarize .dmg
        if: startsWith(github.ref, 'refs/tags/')
-        run: |
-          KEYCHAIN_PATH=$RUNNER_TEMP/notarization.keychain-db
-          sudo xcode-select -s /Applications/Xcode_13.0.app
-          xcrun notarytool submit Cryptomator-*.dmg --keychain-profile "${NOTARIZATION_KEYCHAIN_PROFILE}" --keychain "${KEYCHAIN_PATH}" --wait
-          xcrun stapler staple Cryptomator-*.dmg
-        env:
-          NOTARIZATION_KEYCHAIN_PROFILE: ${{ secrets.MACOS_NOTARIZATION_KEYCHAIN_PROFILE }}
+        uses: cocoalibs/xcode-notarization-action@v1
+        with:
+          app-path: 'Cryptomator-*.dmg'
+          apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
+          password: ${{ secrets.MACOS_NOTARIZATION_PW }}
+          team-id: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
      - name: Add possible alpha/beta tags to installer name
        run: mv Cryptomator-*.dmg Cryptomator-${{ steps.versions.outputs.semVerStr }}.dmg
      - name: Create detached GPG signature with key 615D449FE6E6A235
@@ -228,10 +209,6 @@ jobs:
        if: ${{ always() }}
        run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
        continue-on-error: true
-      - name: Clean up notarization credentials
-        if: ${{ always() }}
-        run: security delete-keychain $RUNNER_TEMP/notarization.keychain-db
-        continue-on-error: true
      - name: Upload artifacts
        uses: actions/upload-artifact@v3
        with: