chore: Add code signing (with some dev cert). #24

	name: release

	on:
	push:
	branches: [master]
	pull_request_target:
	branches: [master]
	types: [opened, reopened, synchronize]

	jobs:
	release:
	uses: TokTok/ci-tools/.github/workflows/release-drafter.yml@master

	codesign:
	runs-on: macos-14
	if: github.event_name == 'push'
	steps:
	- uses: actions/checkout@v4
	- name: Install the Apple certificate
	env:
	BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}
	P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate and provisioning profile from secrets
	echo -n "$BUILD_CERTIFICATE_BASE64" \| base64 --decode -o $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

Provide feedback