|  | @@ -21,6 +21,7 @@ env:
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  jobs:
 | 
	
		
			
				|  |  |    build:
 | 
	
		
			
				|  |  | +    environment: Mac-code-sign
 | 
	
		
			
				|  |  |      name: Build On MacOS
 | 
	
		
			
				|  |  |      timeout-minutes: 120
 | 
	
		
			
				|  |  |  
 | 
	
	
		
			
				|  | @@ -107,10 +108,69 @@ jobs:
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |        - name: Build Project
 | 
	
		
			
				|  |  |          run: |
 | 
	
		
			
				|  |  | +          # Remove the libqsqlmimer.so as libmimerapi.so is not deployed with Qt6
 | 
	
		
			
				|  |  | +          rm ${{env.Qt6_DIR}}/plugins/sqldrivers/libqsqlmimer.dylib
 | 
	
		
			
				|  |  |            cmake --build . --target pack
 | 
	
		
			
				|  |  | -          ls -ls .
 | 
	
		
			
				|  |  | -          ls -ls src
 | 
	
		
			
				|  |  | -          mv src/VNote.dmg VNote-${{env.VNOTE_VER}}-mac-${{matrix.config.arch}}.dmg
 | 
	
		
			
				|  |  | +          python3 ${{runner.workspace}}/macdeployqtfix/macdeployqtfix.py ./src/VNote.app/Contents/MacOS/VNote ${{env.Qt6_DIR}}/../..
 | 
	
		
			
				|  |  | +        working-directory: ${{runner.workspace}}/build
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +      - name: Codesign Bundle
 | 
	
		
			
				|  |  | +        # Extract the secrets we defined earlier as environment variables
 | 
	
		
			
				|  |  | +        env:
 | 
	
		
			
				|  |  | +          MACOS_CERTIFICATE: ${{ secrets.CLI_MACOS_CERTIFICATE }}
 | 
	
		
			
				|  |  | +          MACOS_CERTIFICATE_PWD: ${{ secrets.CLI_MACOS_CERTIFICATE_PWD }}
 | 
	
		
			
				|  |  | +          MACOS_CERTIFICATE_NAME: ${{ secrets.CLI_MACOS_CERTIFICATE_NAME }}
 | 
	
		
			
				|  |  | +          MACOS_CI_KEYCHAIN_PWD: ${{ secrets.CLI_MACOS_CERTIFICATE }}
 | 
	
		
			
				|  |  | +        run: |
 | 
	
		
			
				|  |  | +          # Turn our base64-encoded certificate back to a regular .p12 file
 | 
	
		
			
				|  |  | +          echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +          # We need to create a new keychain, otherwise using the certificate will prompt
 | 
	
		
			
				|  |  | +          # with a UI dialog asking for the certificate password, which we can't
 | 
	
		
			
				|  |  | +          # use in a headless CI environment
 | 
	
		
			
				|  |  | +          security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
 | 
	
		
			
				|  |  | +          security default-keychain -s build.keychain
 | 
	
		
			
				|  |  | +          security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
 | 
	
		
			
				|  |  | +          security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
 | 
	
		
			
				|  |  | +          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +          # We finally codesign our app bundle, specifying the Hardened runtime option
 | 
	
		
			
				|  |  | +          /usr/bin/codesign --force --deep -s "$MACOS_CERTIFICATE_NAME" --entitlements ${{github.workspace}}/package/entitlements.xml --options runtime ${{runner.workspace}}/build/src/VNote.app -vvv
 | 
	
		
			
				|  |  | +          /usr/bin/codesign -v -vvv ${{runner.workspace}}/build/src/VNote.app
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +      - name: "Notarize Bundle"
 | 
	
		
			
				|  |  | +        # Extract the secrets we defined earlier as environment variables
 | 
	
		
			
				|  |  | +        env:
 | 
	
		
			
				|  |  | +          PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.CLI_MACOS_NOTARY_USER }}
 | 
	
		
			
				|  |  | +          PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.CLI_MACOS_TEAM_ID }}
 | 
	
		
			
				|  |  | +          PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.CLI_MACOS_NOTARY_PWD }}
 | 
	
		
			
				|  |  | +        run: |
 | 
	
		
			
				|  |  | +          # Store the notarization credentials so that we can prevent a UI password dialog
 | 
	
		
			
				|  |  | +          # from blocking the CI
 | 
	
		
			
				|  |  | +          echo "Create keychain profile"
 | 
	
		
			
				|  |  | +          xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +          # We can't notarize an app bundle directly, but we need to compress it as an archive.
 | 
	
		
			
				|  |  | +          # Therefore, we create a zip file containing our app bundle, so that we can send it to the
 | 
	
		
			
				|  |  | +          # notarization service
 | 
	
		
			
				|  |  | +          echo "Creating temp notarization archive"
 | 
	
		
			
				|  |  | +          ditto -c -k --keepParent "${{runner.workspace}}/build/src/VNote.app" "notarization.zip"
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +          # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
 | 
	
		
			
				|  |  | +          # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
 | 
	
		
			
				|  |  | +          # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
 | 
	
		
			
				|  |  | +          # you're curious
 | 
	
		
			
				|  |  | +          echo "Notarize app"
 | 
	
		
			
				|  |  | +          xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +          # Finally, we need to "attach the staple" to our executable, which will allow our app to be
 | 
	
		
			
				|  |  | +          # validated by macOS even when an internet connection is not available.
 | 
	
		
			
				|  |  | +          echo "Attach staple"
 | 
	
		
			
				|  |  | +          xcrun stapler staple "${{runner.workspace}}/build/src/VNote.app"
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +      - name: Create DMG
 | 
	
		
			
				|  |  | +        run: |
 | 
	
		
			
				|  |  | +          hdiutil create -volname "VNote" -srcfolder ./src/VNote.app -ov -format UDZO VNote-${{env.VNOTE_VER}}-mac-${{matrix.config.arch}}.dmg
 | 
	
		
			
				|  |  |          working-directory: ${{runner.workspace}}/build
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |        # Enable tmate debugging of manually-triggered workflows if the input option was provided
 |