diff --git a/.github/workflows/README-tauri.md b/.github/workflows/README-tauri.md index 0ab3823f0..83b5db829 100644 --- a/.github/workflows/README-tauri.md +++ b/.github/workflows/README-tauri.md @@ -79,9 +79,43 @@ This directory contains GitHub Actions workflows for building Tauri desktop appl ## Configuration -### Required Secrets (Optional) +### Required Secrets -For signed builds, configure these secrets in your repository: +#### For macOS Code Signing (Required for distribution) + +Configure these secrets in your repository for macOS app signing: + +- `APPLE_CERTIFICATE`: Base64-encoded .p12 certificate file +- `APPLE_CERTIFICATE_PASSWORD`: Password for the .p12 certificate +- `APPLE_SIGNING_IDENTITY`: Certificate name (e.g., "Developer ID Application: Your Name") +- `APPLE_ID`: Your Apple ID email +- `APPLE_PASSWORD`: App-specific password for your Apple ID +- `APPLE_TEAM_ID`: Your Apple Developer Team ID + +#### Setting Up Apple Code Signing + +1. **Get a Developer ID Certificate**: + - Join the Apple Developer Program ($99/year) + - Create a "Developer ID Application" certificate in Apple Developer portal + - Download the certificate as a .p12 file + +2. **Convert Certificate to Base64**: + ```bash + base64 -i certificate.p12 | pbcopy + ``` + +3. **Create App-Specific Password**: + - Go to appleid.apple.com → Sign-In and Security → App-Specific Passwords + - Generate a new password for "Tauri CI" + +4. **Find Your Team ID**: + - Apple Developer portal → Membership → Team ID + +5. **Add to GitHub Secrets**: + - Repository → Settings → Secrets and variables → Actions + - Add each secret with the exact names listed above + +#### For General Tauri Signing (Optional) - `TAURI_SIGNING_PRIVATE_KEY`: Private key for signing Tauri applications - `TAURI_SIGNING_PRIVATE_KEY_PASSWORD`: Password for the signing private key diff --git a/.github/workflows/tauri-test.yml b/.github/workflows/tauri-test.yml index 5599cf881..6a0bfbbda 100644 --- a/.github/workflows/tauri-test.yml +++ b/.github/workflows/tauri-test.yml @@ -193,11 +193,48 @@ jobs: - name: Install frontend dependencies working-directory: ./frontend run: npm install + + - name: Import Apple Developer Certificate + if: matrix.platform == 'macos-latest' + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + echo "Importing Apple Developer Certificate..." + echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12 + security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain + security set-keychain-settings -t 3600 -u build.keychain + security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain + security find-identity -v -p codesigning build.keychain + - name: Verify Certificate + if: matrix.platform == 'macos-latest' + run: | + echo "Verifying Apple Developer Certificate..." + CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application") + echo "Certificate Info: $CERT_INFO" + CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}') + echo "Certificate ID: $CERT_ID" + echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV + echo "Certificate imported." + - name: Build Tauri app (test mode) uses: tauri-apps/tauri-action@v0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} with: projectPath: ./frontend tauriScript: npx tauri