Build Rust CLI -> .app -> .dmg -> Notarize

Fixing apple signing #21

Workflow file for this run

	name: "Build Rust CLI -> .app -> .dmg -> Notarize"

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	# If you want to auto-release on tags, also add:
	# tags:
	# - 'v..*'

	jobs:
	build-macos-dmg:
	name: "Build, .app, Notarize macOS"
	runs-on: macos-latest

	steps:
	# 1) Check out
	- name: Check out code
	uses: actions/checkout@v3

	# 2) Install Rust
	- name: Set up Rust
	uses: dtolnay/rust-toolchain@v1
	with:
	toolchain: stable

	# 3) Build CLI
	- name: Cargo build
	run: cargo build --release

	# 4) Import Developer ID certificate
	- name: Install Code Signing Certificate
	run: \|
	echo "$APPLE_CERT" \| base64 --decode > signing.p12

	security create-keychain -p "" build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p "" build.keychain

	security import signing.p12 -k build.keychain -P "$APPLE_CERT_PASS" -T /usr/bin/codesign
	security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain
	env:
	APPLE_CERT: ${{ secrets.APPLE_CERT }}
	APPLE_CERT_PASS: ${{ secrets.APPLE_CERT_PASS }}

	# 5) Create .app folder + Info.plist
	- name: Create .app bundle
	run: \|
	mkdir -p QuickPass.app/Contents/MacOS
	cp target/release/QuickPass QuickPass.app/Contents/MacOS/

	# Minimal Info.plist with CFBundleIdentifier
	echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n\<plist version=\"1.0\">\n\<dict>\n\ <key>CFBundleIdentifier</key>\n\ <string>com.KANFER.QuickPass</string>\n\ <key>CFBundlePackageType</key>\n\ <string>APPL</string>\n\ <key>CFBundleName</key>\n\ <string>QuickPass</string>\n\ <key>CFBundleShortVersionString</key>\n\ <string>1.0</string>\n\ <key>CFBundleVersion</key>\n\ <string>1</string>\n\</dict>\n\</plist>\n" > QuickPass.app/Contents/Info.plist


	# 6) Code sign only the .app
	- name: Code Sign .app
	run: \|
	codesign --force --options runtime \
	--sign "Developer ID Application: Jacob Kanfer (M7SN262HK4)" \
	QuickPass.app

	# 7) Make .dmg with HFS+ (skip code signing the .dmg)
	- name: Create .dmg
	run: \|
	# Move .app into target/release
	mv QuickPass.app target/release/
	cd target/release

	mkdir QuickPassDmgContent
	mv QuickPass.app QuickPassDmgContent/

	# Create .dmg using HFS+ filesystem
	hdiutil create QuickPass.dmg \
	-volname "QuickPass" \
	-srcfolder "QuickPassDmgContent" \
	-fs HFS+ \
	-ov

	# 8) Notarize the .dmg with primary-bundle-id
	- name: Notarize .dmg
	if: env.APPLE_APP_SPECIFIC_PASSWORD
	run: \|
	cd target/release
	xcrun notarytool submit QuickPass.dmg \
	--apple-id "$APPLE_ID" \
	--team-id "$APPLE_TEAM_ID" \
	--password "$APPLE_APP_SPECIFIC_PASSWORD" \
	--wait

	# After success, staple the .dmg
	xcrun stapler staple QuickPass.dmg
	env:
	APPLE_ID: ${{ secrets.APPLE_ID }}
	APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}

	# 9) Upload final .dmg
	- name: Upload notarized .dmg
	uses: actions/upload-artifact@v4
	with:
	name: QuickPass-macOS-dmg
	path: target/release/QuickPass.dmg
	overwrite: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fixing apple signing #21

Workflow file

Fixing apple signing #21

Uh oh!

Jobs

Run details

Workflow file for this run