wip sign app #45

Summary
Jobs
- deploy
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Desktop MacOS Release

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	jobs:
	deploy:
	runs-on: macos-14
	timeout-minutes: 40

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: set up JDK
	uses: actions/setup-java@v4
	with:
	distribution: 'zulu'
	java-version: 17

	- uses: gradle/actions/setup-gradle@v3
	with:
	gradle-home-cache-cleanup: true
	cache-encryption-key: ${{ secrets.GRADLE_CACHE_ENCRYPTION_KEY }}

	- name: Cache KMP tooling
	uses: actions/cache@v4
	with:
	path: \|
	~/.konan
	key: ${{ runner.os }}-v1-${{ hashFiles('*.versions.toml') }}

	- name: Import Mac App Distribution and Installer certificate
	uses: apple-actions/import-codesign-certs@v2
	with:
	p12-file-base64: ${{ secrets.MAC_APP_DISTRIBUTION_INSTALLER_CERTIFICATE }}
	p12-password: ${{ secrets.MAC_APP_DISTRIBUTION_INSTALLER_CERTIFICATE_PWD }}

	- name: List keychains
	run: security list-keychains

	- name: List certificates
	run: security find-identity -v

	- name: Create DMG
	run: ./gradlew packageReleaseDmg

	- name: Set keychain and unlock
	run: \|
	security list-keychains -s "/Users/runner/Library/Keychains/signing_temp.keychain-db"
	security default-keychain -s "/Users/runner/Library/Keychains/signing_temp.keychain-db"
	security unlock-keychain -p "${{ secrets.MAC_APP_DISTRIBUTION_INSTALLER_CERTIFICATE_PWD }}" "/Users/runner/Library/Keychains/signing_temp.keychain-db"
	security set-key-partition-list -S apple-tool:,apple: -s -k "${{ secrets.MAC_APP_DISTRIBUTION_INSTALLER_CERTIFICATE_PWD }}" "/Users/runner/Library/Keychains/signing_temp.keychain-db"

	- name: Sign DMG
	run: \|
	codesign --deep --force --verify --verbose --sign "3rd Party Mac Developer Installer: Marcel Widmer (E9YX4X8TYH)" composeApp/build/compose/binaries/main-release/dmg/*.dmg

	- name: Verify Signature
	run: spctl -a -t open --context context:primary-signature -v composeApp/build/compose/binaries/main-release/dmg/*.dmg

	- name: Upload reports
	if: failure()
	uses: actions/upload-artifact@v4
	with:
	name: reports
	path: \|
	*/build/compose/logs/

	- name: Upload DMG
	uses: actions/upload-artifact@v3
	with:
	name: kmp-ci
	path: composeApp/build/compose/binaries/main-release/dmg/*.dmg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

wip sign app #45

Workflow file

wip sign app #45

Jobs

Run details

Workflow file for this run