Skip to content

feat(CLI): Add macOS binary signing using Apple Distribution certificate [STRINGS-1575] #829

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat(CLI): Add macOS binary signing using Apple Distribution certificate [STRINGS-1575] #829

wants to merge 3 commits into from

Conversation

@bikmazefe
Copy link
Member

@bikmazefe bikmazefe commented May 6, 2025
edited
Loading

Add macOS binary signing using Apple Distribution certificate.

@bikmazefe bikmazefe marked this pull request as ready for review May 6, 2025 13:46
@bikmazefe bikmazefe requested review from jablan and theSoenke May 6, 2025 13:46
theSoenke
theSoenke reviewed May 6, 2025
View reviewed changes
clients/cli/build/sign.sh
echo "$CERTIFICATE_BASE64" | base64 --decode -o "$CERTIFICATE_PATH"

# Create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
Copy link
Collaborator

@theSoenke theSoenke May 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you need to run this inside a MacOS container to have the commands available?

Copy link
Member Author

@bikmazefe bikmazefe May 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good and important point 😬 I assumed we were already doing it but confused it with the IOS SDK workflow.

Copy link
Member Author

@bikmazefe bikmazefe May 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll also need to fix the dist directory though, as we're signing them in a separate action now.

@bikmazefe bikmazefe requested a review from theSoenke May 6, 2025 14:52
@jablan
Copy link
Collaborator

jablan commented May 7, 2025

@bikmazefe is there a way to try this out before merging?

@bikmazefe
Copy link
Member Author

bikmazefe commented May 7, 2025

@bikmazefe is there a way to try this out before merging?

@jablan Yeah that's what I'm trying to find out currently. It seems like we can use the act library locally to simulate the GH workflow but we'd need to skip the actual signing part 🙁

jablan
jablan approved these changes May 8, 2025
View reviewed changes
Copy link
Collaborator

@jablan jablan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm up for trying it out in the repo, I guess the worst case it will fail so you'd have another fix(CLI) PR, or two.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jablan jablan jablan approved these changes

@theSoenke theSoenke Awaiting requested review from theSoenke

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bikmazefe @jablan @theSoenke