From 8efc702077910c2798ffefa5e04333ab70fcbc27 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sun, 14 Nov 2021 20:14:25 -0700 Subject: [PATCH 1/3] Limit GUI signing to releases --- .github/workflows/build-gui.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-gui.yml b/.github/workflows/build-gui.yml index 815db9c7f..d76c11efe 100644 --- a/.github/workflows/build-gui.yml +++ b/.github/workflows/build-gui.yml @@ -22,11 +22,13 @@ jobs: - name: Merge new GUI run: cp OCLP-CLI OpenCore\ Patcher.app/Contents/Resources/ - run: python3 merge_gui.py - - run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/OCLP-CLI"' - - run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/oclpd"' - - run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app"' - - run: ditto -c -k --sequesterRsrc --keepParent OpenCore\ Patcher.app OpenCore-Patcher-GUI.app.zip - - run: ./../sign-gui.sh + - name: Sign Binaries for release + if: github.event_name == 'release' + run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/OCLP-CLI"' + run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/oclpd"' + run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app"' + run: ditto -c -k --sequesterRsrc --keepParent OpenCore\ Patcher.app OpenCore-Patcher-GUI.app.zip + run: ./../sign-gui.sh - name: Upload GUI to Artifacts uses: actions/upload-artifact@v2 with: From 4c043ab6dc7f23bb8edfd764ca4858a29ca59744 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk <48863253+khronokernel@users.noreply.github.com> Date: Sun, 14 Nov 2021 20:21:58 -0700 Subject: [PATCH 2/3] Update build-gui.yml --- .github/workflows/build-gui.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-gui.yml b/.github/workflows/build-gui.yml index d76c11efe..1f178a576 100644 --- a/.github/workflows/build-gui.yml +++ b/.github/workflows/build-gui.yml @@ -24,11 +24,12 @@ jobs: - run: python3 merge_gui.py - name: Sign Binaries for release if: github.event_name == 'release' - run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/OCLP-CLI"' - run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/oclpd"' - run: 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app"' - run: ditto -c -k --sequesterRsrc --keepParent OpenCore\ Patcher.app OpenCore-Patcher-GUI.app.zip - run: ./../sign-gui.sh + run: | + 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/OCLP-CLI"' + 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/oclpd"' + 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app"' + ditto -c -k --sequesterRsrc --keepParent OpenCore\ Patcher.app OpenCore-Patcher-GUI.app.zip + ./../sign-gui.sh - name: Upload GUI to Artifacts uses: actions/upload-artifact@v2 with: From 89765a6c5fe2c08dcee03c200a31ebddc9bb0e04 Mon Sep 17 00:00:00 2001 From: Mykola Grymalyuk Date: Sun, 14 Nov 2021 20:25:49 -0700 Subject: [PATCH 3/3] Fix GUI upload --- .github/workflows/build-gui.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-gui.yml b/.github/workflows/build-gui.yml index 1f178a576..41d1a19ad 100644 --- a/.github/workflows/build-gui.yml +++ b/.github/workflows/build-gui.yml @@ -22,14 +22,16 @@ jobs: - name: Merge new GUI run: cp OCLP-CLI OpenCore\ Patcher.app/Contents/Resources/ - run: python3 merge_gui.py - - name: Sign Binaries for release + - name: Code Sign Binaries for release if: github.event_name == 'release' run: | 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/OCLP-CLI"' 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app/Contents/Resources/oclpd"' 'codesign -s "Developer ID Application: Mykola Grymalyuk (S74BDJXQMD)" -v --force --deep --timestamp --entitlements ./payloads/entitlements.plist -o runtime "OpenCore Patcher.app"' - ditto -c -k --sequesterRsrc --keepParent OpenCore\ Patcher.app OpenCore-Patcher-GUI.app.zip - ./../sign-gui.sh + - run: ditto -c -k --sequesterRsrc --keepParent OpenCore\ Patcher.app OpenCore-Patcher-GUI.app.zip + - name: Notarize Binaries for release + if: github.event_name == 'release' + run: ./../sign-gui.sh - name: Upload GUI to Artifacts uses: actions/upload-artifact@v2 with: