Added mac signing

This commit is contained in:
Connor Yoh 2025-07-09 16:11:08 +01:00
parent d5517a16ab
commit a312e09163
2 changed files with 73 additions and 2 deletions

View File

@ -79,9 +79,43 @@ This directory contains GitHub Actions workflows for building Tauri desktop appl
## Configuration
### Required Secrets (Optional)
### Required Secrets
For signed builds, configure these secrets in your repository:
#### For macOS Code Signing (Required for distribution)
Configure these secrets in your repository for macOS app signing:
- `APPLE_CERTIFICATE`: Base64-encoded .p12 certificate file
- `APPLE_CERTIFICATE_PASSWORD`: Password for the .p12 certificate
- `APPLE_SIGNING_IDENTITY`: Certificate name (e.g., "Developer ID Application: Your Name")
- `APPLE_ID`: Your Apple ID email
- `APPLE_PASSWORD`: App-specific password for your Apple ID
- `APPLE_TEAM_ID`: Your Apple Developer Team ID
#### Setting Up Apple Code Signing
1. **Get a Developer ID Certificate**:
- Join the Apple Developer Program ($99/year)
- Create a "Developer ID Application" certificate in Apple Developer portal
- Download the certificate as a .p12 file
2. **Convert Certificate to Base64**:
```bash
base64 -i certificate.p12 | pbcopy
```
3. **Create App-Specific Password**:
- Go to appleid.apple.com → Sign-In and Security → App-Specific Passwords
- Generate a new password for "Tauri CI"
4. **Find Your Team ID**:
- Apple Developer portal → Membership → Team ID
5. **Add to GitHub Secrets**:
- Repository → Settings → Secrets and variables → Actions
- Add each secret with the exact names listed above
#### For General Tauri Signing (Optional)
- `TAURI_SIGNING_PRIVATE_KEY`: Private key for signing Tauri applications
- `TAURI_SIGNING_PRIVATE_KEY_PASSWORD`: Password for the signing private key

View File

@ -193,11 +193,48 @@ jobs:
- name: Install frontend dependencies
working-directory: ./frontend
run: npm install
- name: Import Apple Developer Certificate
if: matrix.platform == 'macos-latest'
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
echo "Importing Apple Developer Certificate..."
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security set-keychain-settings -t 3600 -u build.keychain
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
security find-identity -v -p codesigning build.keychain
- name: Verify Certificate
if: matrix.platform == 'macos-latest'
run: |
echo "Verifying Apple Developer Certificate..."
CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application")
echo "Certificate Info: $CERT_INFO"
CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
echo "Certificate ID: $CERT_ID"
echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
echo "Certificate imported."
- name: Build Tauri app (test mode)
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
projectPath: ./frontend
tauriScript: npx tauri