onev.cat / Prowl
native macOS codings agent orchestrator
6
fork

Configure Feed

Select the types of activity you want to include in your feed.

Use deterministic Developer ID signing in release

khoi 86ee608a c8037dfc

+24 -9
+24 -9
.github/workflows/release.yml
··· 47 47 security list-keychains -d user -s build.keychain $(security list-keychains -d user | tr -d '"') 48 48 security default-keychain -s build.keychain 49 49 security find-identity -v -p codesigning build.keychain 50 + if [ -z "$DEVELOPER_ID_IDENTITY" ]; then 51 + echo "::error::DEVELOPER_ID_IDENTITY is empty" 52 + exit 1 53 + fi 54 + DEVELOPER_ID_IDENTITY_SHA=$(security find-identity -v -p codesigning build.keychain | rg -F "$DEVELOPER_ID_IDENTITY" | head -1 | awk '{print $2}') 55 + if [ -z "$DEVELOPER_ID_IDENTITY_SHA" ]; then 56 + echo "::error::Developer ID identity not found in keychain: $DEVELOPER_ID_IDENTITY" 57 + exit 1 58 + fi 59 + echo "DEVELOPER_ID_IDENTITY_SHA=$DEVELOPER_ID_IDENTITY_SHA" >> "$GITHUB_ENV" 50 60 - run: make build-ghostty-xcframework 51 61 - run: | 52 - xcodebuild -project supacode.xcodeproj -scheme supacode -configuration Release -archivePath build/supacode.xcarchive archive CODE_SIGN_IDENTITY="$DEVELOPER_ID_IDENTITY" OTHER_CODE_SIGN_FLAGS="--timestamp" 2>&1 | mise exec -- xcsift -qw 62 + xcodebuild -project supacode.xcodeproj -scheme supacode -configuration Release -archivePath build/supacode.xcarchive archive CODE_SIGN_IDENTITY="$DEVELOPER_ID_IDENTITY_SHA" OTHER_CODE_SIGN_FLAGS="--timestamp" 2>&1 | mise exec -- xcsift -qw 53 63 - run: | 54 64 cat > build/ExportOptions.plist <<EOF 55 65 <?xml version="1.0" encoding="UTF-8"?> ··· 61 71 <key>signingStyle</key> 62 72 <string>manual</string> 63 73 <key>signingCertificate</key> 64 - <string>$DEVELOPER_ID_IDENTITY</string> 74 + <string>$DEVELOPER_ID_IDENTITY</string> 65 75 <key>teamID</key> 66 76 <string>$APPLE_TEAM_ID</string> 67 77 </dict> ··· 77 87 echo "Using identity: $DEVELOPER_ID_IDENTITY" 78 88 security find-identity -v -p codesigning 79 89 80 - codesign -f -s "$DEVELOPER_ID_IDENTITY" -o runtime --timestamp -v "$SPARKLE/XPCServices/Installer.xpc" 81 - codesign -f -s "$DEVELOPER_ID_IDENTITY" -o runtime --timestamp --preserve-metadata=entitlements -v "$SPARKLE/XPCServices/Downloader.xpc" 82 - codesign -f -s "$DEVELOPER_ID_IDENTITY" -o runtime --timestamp -v "$SPARKLE/Updater.app" 83 - codesign -f -s "$DEVELOPER_ID_IDENTITY" -o runtime --timestamp -v "$SPARKLE/Autoupdate" 84 - codesign -f -s "$DEVELOPER_ID_IDENTITY" -o runtime --timestamp -v "$SPARKLE/Sparkle" 85 - codesign -f -s "$DEVELOPER_ID_IDENTITY" -o runtime --timestamp -v "$APP_PATH/Contents/Frameworks/Sparkle.framework" 86 - codesign -f -s "$DEVELOPER_ID_IDENTITY" -o runtime --timestamp -v "$APP_PATH" 90 + codesign -f -s "$DEVELOPER_ID_IDENTITY_SHA" -o runtime --timestamp -v "$SPARKLE/XPCServices/Installer.xpc" 91 + codesign -f -s "$DEVELOPER_ID_IDENTITY_SHA" -o runtime --timestamp --preserve-metadata=entitlements -v "$SPARKLE/XPCServices/Downloader.xpc" 92 + codesign -f -s "$DEVELOPER_ID_IDENTITY_SHA" -o runtime --timestamp -v "$SPARKLE/Updater.app" 93 + codesign -f -s "$DEVELOPER_ID_IDENTITY_SHA" -o runtime --timestamp -v "$SPARKLE/Autoupdate" 94 + codesign -f -s "$DEVELOPER_ID_IDENTITY_SHA" -o runtime --timestamp -v "$SPARKLE/Sparkle" 95 + codesign -f -s "$DEVELOPER_ID_IDENTITY_SHA" -o runtime --timestamp -v "$APP_PATH/Contents/Frameworks/Sparkle.framework" 96 + codesign -f -s "$DEVELOPER_ID_IDENTITY_SHA" -o runtime --timestamp -v "$APP_PATH" 87 97 88 98 codesign -vvv --deep --strict "$APP_PATH" 99 + codesign -dv --verbose=4 "$APP_PATH" 2>&1 | rg "Authority=Developer ID Application|Timestamp=" 100 + codesign -dv --verbose=4 "$APP_PATH/Contents/MacOS/supacode" 2>&1 | rg "Authority=Developer ID Application|Timestamp=" 101 + codesign -dv --verbose=4 "$SPARKLE/Updater.app/Contents/MacOS/Updater" 2>&1 | rg "Authority=Developer ID Application|Timestamp=" 102 + codesign -dv --verbose=4 "$SPARKLE/XPCServices/Installer.xpc/Contents/MacOS/Installer" 2>&1 | rg "Authority=Developer ID Application|Timestamp=" 103 + codesign -dv --verbose=4 "$SPARKLE/XPCServices/Downloader.xpc/Contents/MacOS/Downloader" 2>&1 | rg "Authority=Developer ID Application|Timestamp=" 89 104 echo "Signature verified successfully" 90 105 - name: Notarize and staple 91 106 run: |