Avoid macOS codesign without certificate

2021-08-14 23:51:00 -04:00 · 2021-08-14 23:51:00 -04:00 · 601a5cba03
commit 601a5cba03
parent d6206f1a78
4 changed files with 24 additions and 10 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -191,7 +191,7 @@ jobs:
      - name: Create Windows Installers
        run: |
          poetry run poe dist
-          poetry run poe package
+          poetry run poe package-win
          poetry run poe win-installer
      - name: Sign Executables
        env:
@ -266,20 +266,24 @@ jobs:
        with:
          p12-file-base64: ${{ secrets.BASE64_ENCODED_P12 }}
          p12-password: ${{ secrets.CERTPASSWORD_P12 }}
-      - name: Create macOS Application
-        run: |
-          poetry run poe dist
-          poetry run poe package
+      - name: Build Wheel
+        run: poetry run poe dist
+      - name: Create Unsigned macOS Application
+        if: env.CERT_AVAILABLE == null || env.NOT_PR == 'false'
+        run: poetry run poe package
+      - name: Create Signed macOS Application
+        if: env.CERT_AVAILABLE != null && env.NOT_PR
+        run: poetry run poe package-macos-signed
      - name: Notarize app
        uses: devbotsxyz/xcode-notarize@v1
-        if: env.CERT_AVAILABLE!= null && env.NOT_PR
+        if: env.CERT_AVAILABLE != null && env.NOT_PR
        with:
          product-path: "packaging/dist/Gaphor.app"
          appstore-connect-username: ${{ secrets.AC_USERNAME }}
          appstore-connect-password: ${{ secrets.AC_PASSWORD }}
      - name: Staple app
        uses: devbotsxyz/xcode-staple@v1
-        if: env.CERT_AVAILABLE!= null && env.NOT_PR
+        if: env.CERT_AVAILABLE != null && env.NOT_PR
        with:
          product-path: "packaging/dist/Gaphor.app"
      - name: Create dmg
@ -294,7 +298,7 @@ jobs:
          "dist/Gaphor.app"
      - name: Notarize dmg
        uses: devbotsxyz/xcode-notarize@v1
-        if: env.CERT_AVAILABLE!= null && env.NOT_PR
+        if: env.CERT_AVAILABLE != null && env.NOT_PR
        with:
          product-path: "packaging/dist/Gaphor-${{ steps.meta.outputs.version }}.dmg"
          appstore-connect-username: ${{ secrets.AC_USERNAME }}
--- a/packaging/gaphor.spec
+++ b/packaging/gaphor.spec
@ -63,7 +63,6 @@ exe = EXE(
    icon="windows/gaphor.ico",
    version="windows/file_version_info.txt",
    console=False,
-    codesign_identity="Developer ID Application: Daniel Yeaw (Z7V37BLNR9)",
    entitlements_file="macos/entitlements.plist",
 )
 coll = COLLECT(
--- a/packaging/make-script.py
+++ b/packaging/make-script.py
@ -58,3 +58,11 @@ def make_file_version_info():
 def make_pyinstaller():
    os.chdir(packaging_path)
    subprocess.run(["pyinstaller", "-y", "gaphor.spec"])
+
+
+def make_pyinstaller_macos_signed():
+    os.chdir(packaging_path)
+    identity = "Developer ID Application: Daniel Yeaw (Z7V37BLNR9)"
+    subprocess.run(
+        ["pyinstaller", "-y", "--codesign-identity", identity, "gaphor.spec"]
+    )
--- a/pyproject.toml
+++ b/pyproject.toml
@ -115,7 +115,10 @@ clean = { "shell" = "rm -rf dist build packaging/dist packaging/build packaging/
 gaphor-script = { "script" = "packaging.make-script:make_gaphor_script" }
 version-file = { "script" = "packaging.make-script:make_file_version_info" }
 pyinstall = { "script" = "packaging.make-script:make_pyinstaller" }
-package = ["install-pyinstall", "gaphor-script", "version-file", "pyinstall"]
+pyinstall-macos-signed = { "script" = "packaging.make-script:make_pyinstaller_macos_signed" }
+package = ["install-pyinstall", "gaphor-script", "pyinstall"]
+package-win = ["install-pyinstall", "gaphor-script", "version-file", "pyinstall"]
+package-macos-signed = ["install-pyinstall", "gaphor-script", "pyinstall-macos-signed"]
 win-installer = { "script" = "packaging.windows.build-win-installer:main" }
 gettext-pot = "pybabel extract -o po/gaphor.pot -F po/babel.ini gaphor"
 gettext-po = { "script" = "po.build-babel:update_po_files" }