Codesign macos

.github/workflows/build-mac.yml

@@ -20,7 +20,25 @@ jobs:
           echo $PWD/flutter/bin >> $GITHUB_PATH
 
       - name: build
-        run: ./build-scripts/build-mac.sh "${{ env.FLUTTER_VERSION }}"
+        run: ./build-scripts/mac/build-mac.sh "$FLUTTER_VERSION"
+
+      - name: codesign
+        env:
+          MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
+          MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+          MACOS_CI_KEYCHAIN_PWD: ${{ secrets.MACOS_CI_KEYCHAIN_PWD }}
+          MACOS_CERTIFICATE_ID: ${{ secrets.MACOS_CERTIFICATE_ID }}
+        run: ./build-scripts/mac/codesign-mac.sh "$MACOS_CERTIFICATE" "$MACOS_CERTIFICATE_PWD" "$MACOS_CI_KEYCHAIN_PWD" "$MACOS_CERTIFICATE_ID"
+
+      - name: notarize
+        env:
+          MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
+          MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
+          MACOS_NOTARIZATION_PWD: ${{ secrets.MACOS_NOTARIZATION_PWD }}
+        run: ./build-scripts/mac/notarize-mac.sh "$MACOS_NOTARIZATION_APPLE_ID" "$MACOS_NOTARIZATION_TEAM_ID" "$MACOS_NOTARIZATION_PWD"
+
+      - name: package
+        run: ./build-scripts/mac/pkg-mac.sh
 
       - name: Release
         uses: softprops/action-gh-release@v1

build-scripts/mac/build-mac.sh

@@ -21,8 +21,3 @@ cp native/zcash-sync/binding.h packages/warp_api_ffi/ios/Classes/binding.h
 
 ./configure.sh
 flutter build macos
-
-npm install -g appdmg
-pushd misc
-appdmg app.json ../ywallet-universal.dmg
-popd

build-scripts/mac/codesign-mac.sh

@@ -0,0 +1,8 @@
+# cert.p12 cert_pwd keychain_pwd cert_id
+echo $1 | base64 --decode > certificate.p12
+security create-keychain -p $3 build.keychain
+security default-keychain -s build.keychain
+security unlock-keychain -p $3 build.keychain
+security import certificate.p12 -k build.keychain -P $2 -T /usr/bin/codesign
+security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $3 build.keychain
+/usr/bin/codesign --force -s $4 --deep --options runtime build/macos/Build/Products/Release/ywallet.app -v

build-scripts/mac/notarize-mac.sh

@@ -0,0 +1,11 @@
+echo "Create keychain profile"
+xcrun notarytool store-credentials "notarytool-profile" --apple-id "$1" --team-id "$2" --password "$3"
+
+echo "Creating temp notarization archive"
+ditto -c -k --keepParent "build/macos/Build/Products/Release/ywallet.app" "notarization.zip"
+
+echo "Notarize app"
+xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
+
+echo "Attach staple"
+xcrun stapler staple "build/macos/Build/Products/Release/ywallet.app"

build-scripts/mac/pkg-mac.sh

@@ -0,0 +1,4 @@
+npm install -g appdmg
+pushd misc
+appdmg app.json ../ywallet-universal.dmg
+popd

native/zcash-params

@@ -1 +1 @@
-Subproject commit 154f3544781500c27f58923ccc6c7e779eecf9df
+Subproject commit c46f4ad78420c5a3891429212d8522d91fd5d81b

pubspec.yaml

@@ -15,7 +15,7 @@ publish_to: 'none' # Remove this line if you wish to publish to pub.dev
 # In iOS, build-name is used as CFBundleShortVersionString while build-number used as CFBundleVersion.
 # Read more about iOS versioning at
 # https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html
-version: 1.3.6+427
+version: 1.3.6+428
 
 environment:
   sdk: ">=2.12.0 <3.0.0"