@@ -407,6 +407,108 @@ jobs:
407407 path : ArduinoCreateAgent*
408408 if-no-files-found : error
409409
410+ # This job will generate a dmg mac installer, sign/notarize it.
411+ generate-sign-dmg :
412+ needs : notarize-macos
413+ strategy :
414+ matrix :
415+ arch : [amd64]
416+
417+ runs-on : macos-12
418+ steps :
419+ - name : Checkout repo with icons/background
420+ uses : actions/checkout@v3
421+ with :
422+ repository : ' bcmi-labs/arduino-create-agent-installer' # the repo which contains the icons/background
423+ token : ${{ secrets.ARDUINO_CREATE_AGENT_CI_PAT }}
424+
425+ - name : Download artifact
426+ uses : actions/download-artifact@v3
427+ with :
428+ name : ArduinoCreateAgent.app_${{ matrix.arch }}_notarized
429+ path : ArduinoCreateAgent.app
430+
431+ - name : unzip artifact
432+ working-directory : ArduinoCreateAgent.app
433+ run : |
434+ unzip ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip
435+ rm ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip
436+
437+ name : Install create-dmg
438+ run : brew install create-dmg
439+
440+ - name : Genarate DMG
441+ run : |
442+ create-dmg \
443+ --volname "ArduinoCreateAgent" \
444+ --background "installer_icons/background.tiff" \
445+ --window-pos 200 120 \
446+ --window-size 500 320 \
447+ --icon-size 80 \
448+ --icon "ArduinoCreateAgent.app" 125 150 \
449+ --app-drop-link 375 150 \
450+ "ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg" \
451+ "ArduinoCreateAgent.app"
452+
453+ name : Import Code-Signing Certificates
454+ run : |
455+ echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
456+ security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
457+ security default-keychain -s "${{ env.KEYCHAIN }}"
458+ security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
459+ security import \
460+ "${{ env.INSTALLER_CERT_MAC_PATH }}" \
461+ -k "${{ env.KEYCHAIN }}" \
462+ -f pkcs12 \
463+ -A \
464+ -T "/usr/bin/codesign" \
465+ -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
466+ security set-key-partition-list \
467+ -S apple-tool:,apple: \
468+ -s \
469+ -k "${{ env.KEYCHAIN_PASSWORD }}" \
470+ "${{ env.KEYCHAIN }}"
471+
472+ name : Install gon for code signing and app notarization
473+ run : |
474+ wget -q https://github.com/mitchellh/gon/releases/download/v0.2.5/gon_macos.zip
475+ unzip gon_macos.zip -d /usr/local/bin
476+
477+ name : Write gon config to file
478+ # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
479+ run : |
480+ cat > gon.config_installer.hcl <<EOF
481+ source = ["ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg"]
482+ bundle_id = "cc.arduino.${{ env.PROJECT_NAME }}-installer"
483+
484+ sign {
485+ application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
486+ }
487+
488+ # Ask Gon for zip output to force notarization process to take place.
489+ # The CI will not upload the zip output
490+ zip {
491+ output_path = "ArduinoCreateAgent.app_${{ matrix.arch }}_notarized.zip"
492+ }
493+ EOF
494+
495+ name : Code sign and notarize app
496+ run : |
497+ echo "gon will notarize executable in ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg"
498+ gon -log-level=debug -log-json gon.config_installer.hcl
499+ timeout-minutes : 30
500+
501+ # tar dmg file to keep executable permission
502+ - name : Tar files to keep permissions
503+ run : tar -cvf ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.tar ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg
504+
505+ - name : Upload artifacts
506+ uses : actions/upload-artifact@v3
507+ with :
508+ name : ArduinoCreateAgent-osx-${{ matrix.arch }}
509+ path : ArduinoCreateAgent*.tar
510+ if-no-files-found : error
511+
410512 create-release :
411513 runs-on : ubuntu-20.04
412514 needs : [build, package]
0 commit comments