From c8dc01436473ff2eb4ab4f219804d474720b02fe Mon Sep 17 00:00:00 2001
From: Yong He <yonghe@outlook.com>
Date: Wed, 15 Jun 2022 14:03:40 -0700
Subject: Sign macos binaries.

---
 .github/workflows/macos.yml | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 2feb44712..d14c25c2f 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -7,7 +7,7 @@ on:
     branches: [ master ]
 
 jobs:
-  build: 
+  build_with_signing: 
     name: MacOS Build CI
 
     runs-on: macos-latest
@@ -23,7 +23,34 @@ jobs:
       with:
         submodules: 'true'
         fetch-depth: '0'
-        
+    - name: Install the Apple certificate and provisioning profile
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate and provisioning profile from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # apply provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles    
     - name: build
       run: 
         CC=${{matrix.compiler}}
@@ -37,8 +64,6 @@ jobs:
           bin/**/slangc
           bin/**/slangd
           bin/**/libslang.dylib
-          bin/**/libslang-llvm.dylib
-          bin/**/libslang-glslang.dylib
     - name: test
       run: 
         CONFIGURATION=${{matrix.configuration}}
-- 
cgit v1.2.3