From 062d46094a93318ddbe84c161b0388f4f9310e01 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 13:09:59 -0800 Subject: [PATCH 01/31] Implement macOS build signing in workflow Added steps to sign macOS build in GitHub Actions workflow. --- .github/workflows/cmake.yml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index f0725b7..f1adcbc 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -44,9 +44,19 @@ jobs: shell: pwsh run: winget install -e --id Mono.Mono --silent --accept-source-agreements if: runner.os == 'Windows' - # - uses: ilammy/msvc-dev-cmd@v1 - # if: runner.os == 'Windows' + - name: sign macOS build + if: runner.os == 'macOS' + env: + TEMP_PASSWORD: build.keychain + run: | + echo $MACOS_CERTIFICATE | base64 —decode > certificate.p12 + security create-keychain -p $TEMP_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $TEMP_PASSWORD build.keychain + security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain + - name: Download vcpkg uses: actions/checkout@v6 with: @@ -62,7 +72,7 @@ jobs: shell: pwsh run: ${{ github.workspace }}/vcpkg/bootstrap-vcpkg.bat - name: Add NuGet sources - if: ${{ ! contains(matrix.config.os, 'windows') }} + if: runner.os != 'Windows' run: | mono `${{ env.VCPKG_EXE }} fetch nuget | tail -n 1` \ sources add \ @@ -92,6 +102,12 @@ jobs: - run: vcpkg/vcpkg fetch ninja - run: cmake --preset '${{ matrix.config.preset }}' -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_LINKER=lld - run: cmake --build out/build/${{ matrix.config.preset }} + - name: sign macOS build + if: runner.os == 'macOS' + run: | + /usr/bin/codesign --force -s $MACOS_IDENTITY_ID out/build/${{ matrix.config.preset }}/manage_files -v + /usr/bin/codesign --force -s $MACOS_IDENTITY_ID out/build/${{ matrix.config.preset }}/send_file -v + - name: Archive build uses: actions/upload-artifact@v5 with: From 8d1988f912be419f455e80b78596342f8e8837be Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 16:02:23 -0800 Subject: [PATCH 02/31] Update cmake.yml --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index f1adcbc..3fbf2f4 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -50,7 +50,7 @@ jobs: env: TEMP_PASSWORD: build.keychain run: | - echo $MACOS_CERTIFICATE | base64 —decode > certificate.p12 + echo $MACOS_CERTIFICATE | base64 —-decode > certificate.p12 security create-keychain -p $TEMP_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $TEMP_PASSWORD build.keychain From 9b1871fcc41ee765a8571e427a178ef9e145236c Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 16:05:36 -0800 Subject: [PATCH 03/31] fix missing secrets. --- .github/workflows/cmake.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 3fbf2f4..59c534c 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -50,11 +50,11 @@ jobs: env: TEMP_PASSWORD: build.keychain run: | - echo $MACOS_CERTIFICATE | base64 —-decode > certificate.p12 + echo ${{secrets.MACOS_CERTIFICATE}} | base64 —-decode > certificate.p12 security create-keychain -p $TEMP_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $TEMP_PASSWORD build.keychain - security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign + security import certificate.p12 -k build.keychain -P ${{secrets.MACOS_CERTIFICATE_PWD}} -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain - name: Download vcpkg From 1f3f883cff1d592301728e288301e8b3f3120248 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 16:06:42 -0800 Subject: [PATCH 04/31] Handle whitespace in secrets --- .github/workflows/cmake.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 59c534c..4055b05 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -50,11 +50,11 @@ jobs: env: TEMP_PASSWORD: build.keychain run: | - echo ${{secrets.MACOS_CERTIFICATE}} | base64 —-decode > certificate.p12 + echo "${{secrets.MACOS_CERTIFICATE}}" | base64 —-decode > certificate.p12 security create-keychain -p $TEMP_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $TEMP_PASSWORD build.keychain - security import certificate.p12 -k build.keychain -P ${{secrets.MACOS_CERTIFICATE_PWD}} -T /usr/bin/codesign + security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain - name: Download vcpkg From 10e52d7b611f80eede3ba16f93498bd012055af2 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 16:10:24 -0800 Subject: [PATCH 05/31] Fix base64 decode command for macOS certificate --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 4055b05..83bac3f 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -50,7 +50,7 @@ jobs: env: TEMP_PASSWORD: build.keychain run: | - echo "${{secrets.MACOS_CERTIFICATE}}" | base64 —-decode > certificate.p12 + echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 security create-keychain -p $TEMP_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $TEMP_PASSWORD build.keychain From d7f13be4d4f17e42df49db960585f10b7ae66eac Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 18:52:14 -0800 Subject: [PATCH 06/31] Update macOS signing process in workflow --- .github/workflows/cmake.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 83bac3f..4009630 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -45,12 +45,12 @@ jobs: run: winget install -e --id Mono.Mono --silent --accept-source-agreements if: runner.os == 'Windows' - - name: sign macOS build + - name: unpack Apple signing credentials if: runner.os == 'macOS' env: TEMP_PASSWORD: build.keychain run: | - echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 + echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 security create-keychain -p $TEMP_PASSWORD build.keychain security default-keychain -s build.keychain security unlock-keychain -p $TEMP_PASSWORD build.keychain @@ -105,8 +105,8 @@ jobs: - name: sign macOS build if: runner.os == 'macOS' run: | - /usr/bin/codesign --force -s $MACOS_IDENTITY_ID out/build/${{ matrix.config.preset }}/manage_files -v - /usr/bin/codesign --force -s $MACOS_IDENTITY_ID out/build/${{ matrix.config.preset }}/send_file -v + /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v + /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v - name: Archive build uses: actions/upload-artifact@v5 From 4ac5129ce3e904f05a22f29470ba121e5211e4b5 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:12:15 -0800 Subject: [PATCH 07/31] Sign notarize etc Comment out macOS signing credentials and related steps. --- .github/workflows/cmake.yml | 49 +++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 15 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 4009630..0b78d97 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -45,17 +45,17 @@ jobs: run: winget install -e --id Mono.Mono --silent --accept-source-agreements if: runner.os == 'Windows' - - name: unpack Apple signing credentials - if: runner.os == 'macOS' - env: - TEMP_PASSWORD: build.keychain - run: | - echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 - security create-keychain -p $TEMP_PASSWORD build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p $TEMP_PASSWORD build.keychain - security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain + # - name: unpack Apple signing credentials + # if: runner.os == 'macOS' + # env: + # TEMP_PASSWORD: build.keychain + # run: | + # echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 + # # security create-keychain -p $TEMP_PASSWORD build.keychain + # # security default-keychain -s build.keychain + # # security unlock-keychain -p $TEMP_PASSWORD build.keychain + # # security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign + # # security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain - name: Download vcpkg uses: actions/checkout@v6 @@ -102,12 +102,31 @@ jobs: - run: vcpkg/vcpkg fetch ninja - run: cmake --preset '${{ matrix.config.preset }}' -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_LINKER=lld - run: cmake --build out/build/${{ matrix.config.preset }} - - name: sign macOS build - if: runner.os == 'macOS' + # - name: sign macOS build + # if: runner.os == 'macOS' + # run: | + # /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v + # /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v + + - name: Install App Store Connect API Key run: | - /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v - /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v + mkdir -p private_keys/ + echo '${{ secrets.app_store_connect_key }}' > private_keys/AuthKey_7574JQYYVK.p12 + echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > private_keys/certificate.p12 + - name: Sign and Notarize + if: runner.os == 'macOS' + uses: indygreg/apple-code-sign-action@v1 + with: + input_path: out/build/${{ matrix.config.preset }}/manage_files + notarize: true + staple: true + p12_file: certificate.p12 + p12_password: ${{ secrets.MACOS_CERTIFICATE_PWD }} + # Find the issuer and key ID at https://appstoreconnect.apple.com/access/api. + # The `AuthKey_XXXXXX.12` file created above must have the same `api_key` value listed here. + app_store_connect_api_issuer: ${{ secrets.APP_STORE_CONNECT_API_ISSUER }} + app_store_connect_api_key: 7574JQYYVK - name: Archive build uses: actions/upload-artifact@v5 with: From dd53cb4695409168d3f14eb44e61d6d96850dda7 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:16:17 -0800 Subject: [PATCH 08/31] Update cmake.yml --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 0b78d97..d01104a 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -121,7 +121,7 @@ jobs: input_path: out/build/${{ matrix.config.preset }}/manage_files notarize: true staple: true - p12_file: certificate.p12 + p12_file: private_keys/certificate.p12 p12_password: ${{ secrets.MACOS_CERTIFICATE_PWD }} # Find the issuer and key ID at https://appstoreconnect.apple.com/access/api. # The `AuthKey_XXXXXX.12` file created above must have the same `api_key` value listed here. From 94abc74c40a29ef20b2fc6f2e4dc5e68db5c1713 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:22:40 -0800 Subject: [PATCH 09/31] Update cmake.yml --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index d01104a..e136ae2 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -116,7 +116,7 @@ jobs: - name: Sign and Notarize if: runner.os == 'macOS' - uses: indygreg/apple-code-sign-action@v1 + uses: zig-for/apple-code-sign-action@v1 with: input_path: out/build/${{ matrix.config.preset }}/manage_files notarize: true From 1385003e956372f8417019f1bb5840c90461f648 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:24:53 -0800 Subject: [PATCH 10/31] Update apple-code-sign-action version to v1.2 --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index e136ae2..a110bda 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -116,7 +116,7 @@ jobs: - name: Sign and Notarize if: runner.os == 'macOS' - uses: zig-for/apple-code-sign-action@v1 + uses: zig-for/apple-code-sign-action@v1.2 with: input_path: out/build/${{ matrix.config.preset }}/manage_files notarize: true From 5fe9e7931e6d5322fed25cc72b90b5e020c2aba8 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:44:23 -0800 Subject: [PATCH 11/31] Enable macOS signing and notarization steps Uncomment steps for unpacking Apple signing credentials, signing macOS build, and notarizing the build. --- .github/workflows/cmake.yml | 76 ++++++++++++++++++++----------------- 1 file changed, 41 insertions(+), 35 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index a110bda..6abe399 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -45,17 +45,17 @@ jobs: run: winget install -e --id Mono.Mono --silent --accept-source-agreements if: runner.os == 'Windows' - # - name: unpack Apple signing credentials - # if: runner.os == 'macOS' - # env: - # TEMP_PASSWORD: build.keychain - # run: | - # echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 - # # security create-keychain -p $TEMP_PASSWORD build.keychain - # # security default-keychain -s build.keychain - # # security unlock-keychain -p $TEMP_PASSWORD build.keychain - # # security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign - # # security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain + - name: unpack Apple signing credentials + if: runner.os == 'macOS' + env: + TEMP_PASSWORD: build.keychain + run: | + echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 + security create-keychain -p $TEMP_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $TEMP_PASSWORD build.keychain + security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain - name: Download vcpkg uses: actions/checkout@v6 @@ -102,32 +102,38 @@ jobs: - run: vcpkg/vcpkg fetch ninja - run: cmake --preset '${{ matrix.config.preset }}' -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_LINKER=lld - run: cmake --build out/build/${{ matrix.config.preset }} - # - name: sign macOS build - # if: runner.os == 'macOS' - # run: | - # /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v - # /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v - - - name: Install App Store Connect API Key + - name: sign macOS build + if: runner.os == 'macOS' run: | - mkdir -p private_keys/ - echo '${{ secrets.app_store_connect_key }}' > private_keys/AuthKey_7574JQYYVK.p12 - echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > private_keys/certificate.p12 + /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v + /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v - - name: Sign and Notarize - if: runner.os == 'macOS' - uses: zig-for/apple-code-sign-action@v1.2 - with: - input_path: out/build/${{ matrix.config.preset }}/manage_files - notarize: true - staple: true - p12_file: private_keys/certificate.p12 - p12_password: ${{ secrets.MACOS_CERTIFICATE_PWD }} - # Find the issuer and key ID at https://appstoreconnect.apple.com/access/api. - # The `AuthKey_XXXXXX.12` file created above must have the same `api_key` value listed here. - app_store_connect_api_issuer: ${{ secrets.APP_STORE_CONNECT_API_ISSUER }} - app_store_connect_api_key: 7574JQYYVK - - name: Archive build + - name: notarize macOS build + run: notarytool submit out/build/${{ matrix.config.preset }}/manage_files \ + --apple-id ${{ secrets.APPLE_ID }} \ + --team-id ${{ secrets.MACOS_IDENTITY_ID }} \ + --password ${{ secrets.APP_SPECIFIC_PASSWORD }} \ + --wait + + # - name: Install App Store Connect API Key + # run: | + # mkdir -p private_keys/ + # echo '${{ secrets.app_store_connect_key }}' > private_keys/AuthKey_7574JQYYVK.p12 + + # - name: Sign and Notarize + # if: runner.os == 'macOS' + # uses: zig-for/apple-code-sign-action@v1.2 + # with: + # input_path: out/build/${{ matrix.config.preset }}/manage_files + # notarize: true + # staple: true + # p12_file: private_keys/certificate.p12 + # p12_password: ${{ secrets.MACOS_CERTIFICATE_PWD }} + # # Find the issuer and key ID at https://appstoreconnect.apple.com/access/api. + # # The `AuthKey_XXXXXX.12` file created above must have the same `api_key` value listed here. + # app_store_connect_api_issuer: ${{ secrets.APP_STORE_CONNECT_API_ISSUER }} + # app_store_connect_api_key: 7574JQYYVK + # - name: Archive build uses: actions/upload-artifact@v5 with: name: snfm-${{ matrix.config.preset }} From 47e523f027f318cddeb27e14fdd8a43456198909 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:45:13 -0800 Subject: [PATCH 12/31] Uncomment Archive build step in CMake workflow --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 6abe399..28ce51e 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -133,7 +133,7 @@ jobs: # # The `AuthKey_XXXXXX.12` file created above must have the same `api_key` value listed here. # app_store_connect_api_issuer: ${{ secrets.APP_STORE_CONNECT_API_ISSUER }} # app_store_connect_api_key: 7574JQYYVK - # - name: Archive build + - name: Archive build uses: actions/upload-artifact@v5 with: name: snfm-${{ matrix.config.preset }} From 4177eb0f66b8c1110ec8d696b4ec386f97705328 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:49:25 -0800 Subject: [PATCH 13/31] Fix command for notarizing macOS build --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 28ce51e..683a76d 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -109,7 +109,7 @@ jobs: /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v - name: notarize macOS build - run: notarytool submit out/build/${{ matrix.config.preset }}/manage_files \ + run: xcrun notarytool submit out/build/${{ matrix.config.preset }}/manage_files \ --apple-id ${{ secrets.APPLE_ID }} \ --team-id ${{ secrets.MACOS_IDENTITY_ID }} \ --password ${{ secrets.APP_SPECIFIC_PASSWORD }} \ From 83b82d9619a41aaf433153ba3861531726225ee8 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:55:43 -0800 Subject: [PATCH 14/31] Update cmake.yml --- .github/workflows/cmake.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 683a76d..dbcacb4 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -109,11 +109,11 @@ jobs: /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v - name: notarize macOS build - run: xcrun notarytool submit out/build/${{ matrix.config.preset }}/manage_files \ + run: xcrun notarytool submit --wait \ --apple-id ${{ secrets.APPLE_ID }} \ --team-id ${{ secrets.MACOS_IDENTITY_ID }} \ --password ${{ secrets.APP_SPECIFIC_PASSWORD }} \ - --wait + out/build/${{ matrix.config.preset }}/manage_files # - name: Install App Store Connect API Key # run: | From 069ec9291638f4464464eea2716e958f672efa66 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 19:59:03 -0800 Subject: [PATCH 15/31] Just apple things Refactor notarization command for better readability. --- .github/workflows/cmake.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index dbcacb4..c9104f3 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -109,10 +109,10 @@ jobs: /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v - name: notarize macOS build - run: xcrun notarytool submit --wait \ - --apple-id ${{ secrets.APPLE_ID }} \ - --team-id ${{ secrets.MACOS_IDENTITY_ID }} \ - --password ${{ secrets.APP_SPECIFIC_PASSWORD }} \ + run: xcrun notarytool submit --wait + --apple-id ${{ secrets.APPLE_ID }} + --team-id ${{ secrets.MACOS_IDENTITY_ID }} + --password ${{ secrets.APP_SPECIFIC_PASSWORD }} out/build/${{ matrix.config.preset }}/manage_files # - name: Install App Store Connect API Key From 1a444523656d2c9c44a27e14f425d2571243197f Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:00:29 -0800 Subject: [PATCH 16/31] Add zip step for Apple upload in CI workflow Add step to create a zip file for upload to Apple. --- .github/workflows/cmake.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index c9104f3..32c9b02 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -108,6 +108,12 @@ jobs: /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v + - name: zip for upload to Apple + run: zip + snfm.zip + out/build/${{ matrix.config.preset }}/manage_files + out/build/${{ matrix.config.preset }}/send_file + - name: notarize macOS build run: xcrun notarytool submit --wait --apple-id ${{ secrets.APPLE_ID }} From 76a8a6b59806604513ebcaecfc23688642c2b1f5 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:01:53 -0800 Subject: [PATCH 17/31] Update cmake.yml --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 32c9b02..9aa888f 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -118,7 +118,7 @@ jobs: run: xcrun notarytool submit --wait --apple-id ${{ secrets.APPLE_ID }} --team-id ${{ secrets.MACOS_IDENTITY_ID }} - --password ${{ secrets.APP_SPECIFIC_PASSWORD }} + --password ${{ secrets.APP_SPECIFIC_PASS }} out/build/${{ matrix.config.preset }}/manage_files # - name: Install App Store Connect API Key From f038e48a7cfcb46bd147a8a1d6e330961a692e10 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:04:10 -0800 Subject: [PATCH 18/31] Update submission path for notarytool in CMake workflow --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 9aa888f..76f0a32 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -119,7 +119,7 @@ jobs: --apple-id ${{ secrets.APPLE_ID }} --team-id ${{ secrets.MACOS_IDENTITY_ID }} --password ${{ secrets.APP_SPECIFIC_PASS }} - out/build/${{ matrix.config.preset }}/manage_files + snfm.zip # - name: Install App Store Connect API Key # run: | From fb85b9d12940afed14af6d752adc01855358b53a Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:17:48 -0800 Subject: [PATCH 19/31] Add runtime options to codesign for macOS builds Updated codesign commands to include runtime options for macOS builds. --- .github/workflows/cmake.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 76f0a32..ca07684 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -105,8 +105,8 @@ jobs: - name: sign macOS build if: runner.os == 'macOS' run: | - /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v - /usr/bin/codesign --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v + /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v + /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v - name: zip for upload to Apple run: zip From d4cbd29b795d9f10062990398b38cf191797f29e Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:22:57 -0800 Subject: [PATCH 20/31] Clean up cmake.yml by removing commented-out code Removed commented-out steps for App Store Connect API key installation and notarization from the workflow. --- .github/workflows/cmake.yml | 42 +++++++++++-------------------------- 1 file changed, 12 insertions(+), 30 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index ca07684..db76b27 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -108,6 +108,18 @@ jobs: /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v + - name: Archive build + uses: actions/upload-artifact@v5 + with: + name: snfm-${{ matrix.config.preset }} + path: | + out/build/${{ matrix.config.preset }}/manage_files.exe + out/build/${{ matrix.config.preset }}/send_file.exe + out/build/${{ matrix.config.preset }}/manage_files + out/build/${{ matrix.config.preset }}/send_file + out/build/${{ matrix.config.preset }}/snfm_user_manual.md + out/build/${{ matrix.config.preset }}/snfm_config_example.yaml + - name: zip for upload to Apple run: zip snfm.zip @@ -121,36 +133,6 @@ jobs: --password ${{ secrets.APP_SPECIFIC_PASS }} snfm.zip - # - name: Install App Store Connect API Key - # run: | - # mkdir -p private_keys/ - # echo '${{ secrets.app_store_connect_key }}' > private_keys/AuthKey_7574JQYYVK.p12 - - # - name: Sign and Notarize - # if: runner.os == 'macOS' - # uses: zig-for/apple-code-sign-action@v1.2 - # with: - # input_path: out/build/${{ matrix.config.preset }}/manage_files - # notarize: true - # staple: true - # p12_file: private_keys/certificate.p12 - # p12_password: ${{ secrets.MACOS_CERTIFICATE_PWD }} - # # Find the issuer and key ID at https://appstoreconnect.apple.com/access/api. - # # The `AuthKey_XXXXXX.12` file created above must have the same `api_key` value listed here. - # app_store_connect_api_issuer: ${{ secrets.APP_STORE_CONNECT_API_ISSUER }} - # app_store_connect_api_key: 7574JQYYVK - - name: Archive build - uses: actions/upload-artifact@v5 - with: - name: snfm-${{ matrix.config.preset }} - path: | - out/build/${{ matrix.config.preset }}/manage_files.exe - out/build/${{ matrix.config.preset }}/send_file.exe - out/build/${{ matrix.config.preset }}/manage_files - out/build/${{ matrix.config.preset }}/send_file - out/build/${{ matrix.config.preset }}/snfm_user_manual.md - out/build/${{ matrix.config.preset }}/snfm_config_example.yaml - release: if: github.event_name == 'release' runs-on: ubuntu-latest From 3efedb266facfe79d7e8d7d67c30d662d591836c Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:23:31 -0800 Subject: [PATCH 21/31] Add macOS condition for zip and notarization steps --- .github/workflows/cmake.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index db76b27..0758000 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -121,12 +121,14 @@ jobs: out/build/${{ matrix.config.preset }}/snfm_config_example.yaml - name: zip for upload to Apple - run: zip + if: runner.os == 'macOS' + run: zip snfm.zip out/build/${{ matrix.config.preset }}/manage_files out/build/${{ matrix.config.preset }}/send_file - name: notarize macOS build + if: runner.os == 'macOS' run: xcrun notarytool submit --wait --apple-id ${{ secrets.APPLE_ID }} --team-id ${{ secrets.MACOS_IDENTITY_ID }} From 5b5f88b3d707e99a78bc1d226fc3863b518e1811 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:35:58 -0800 Subject: [PATCH 22/31] Add upload-artifact step for macOS Add artifact upload step for macOS builds. --- .github/workflows/cmake.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 0758000..ef3177a 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -127,6 +127,13 @@ jobs: out/build/${{ matrix.config.preset }}/manage_files out/build/${{ matrix.config.preset }}/send_file + - name: Archive the thing we upload to apple + uses: actions/upload-artifact@v5 + if: runner.os == 'macOS' + with: + name: snfm.zip + path: snfm.zip + - name: notarize macOS build if: runner.os == 'macOS' run: xcrun notarytool submit --wait From f39b851e4cf08cf0a012f3d23e6e469d20018f8f Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:43:43 -0800 Subject: [PATCH 23/31] Modify zip command to include -j option for macOS --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index ef3177a..ab068de 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -122,7 +122,7 @@ jobs: - name: zip for upload to Apple if: runner.os == 'macOS' - run: zip + run: zip -j snfm.zip out/build/${{ matrix.config.preset }}/manage_files out/build/${{ matrix.config.preset }}/send_file From f29bc09e1164b68fc4033ac9aac757a50c1bbda4 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:56:11 -0800 Subject: [PATCH 24/31] Enhance CI with notarization for macOS builds Add notarization step for macOS build in CI workflow --- .github/workflows/cmake.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index ab068de..e035ccc 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -57,6 +57,13 @@ jobs: security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain + + - name: test + if: runner.os == 'macOS' + run: xcrun notarytool history + --apple-id ${{ secrets.APPLE_ID }} + --team-id ${{ secrets.MACOS_IDENTITY_ID }} + --password ${{ secrets.APP_SPECIFIC_PASS }} - name: Download vcpkg uses: actions/checkout@v6 with: @@ -133,7 +140,6 @@ jobs: with: name: snfm.zip path: snfm.zip - - name: notarize macOS build if: runner.os == 'macOS' run: xcrun notarytool submit --wait From 4647552063fb62673353624dbb485831db674131 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 20:59:06 -0800 Subject: [PATCH 25/31] Update team ID secret for notarization process --- .github/workflows/cmake.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index e035ccc..50bef13 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -62,7 +62,7 @@ jobs: if: runner.os == 'macOS' run: xcrun notarytool history --apple-id ${{ secrets.APPLE_ID }} - --team-id ${{ secrets.MACOS_IDENTITY_ID }} + --team-id ${{ secrets.APPLE_DEVELOPER_TEAM_ID }} --password ${{ secrets.APP_SPECIFIC_PASS }} - name: Download vcpkg uses: actions/checkout@v6 @@ -144,7 +144,7 @@ jobs: if: runner.os == 'macOS' run: xcrun notarytool submit --wait --apple-id ${{ secrets.APPLE_ID }} - --team-id ${{ secrets.MACOS_IDENTITY_ID }} + --team-id ${{ secrets.APPLE_DEVELOPER_TEAM_ID }} --password ${{ secrets.APP_SPECIFIC_PASS }} snfm.zip From 773de944d15e943fbe3d4cb2953a382f8b210327 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 21:16:35 -0800 Subject: [PATCH 26/31] Refactor macOS signing and notarization steps --- .github/workflows/cmake.yml | 92 +++++++++++++++++++++---------------- 1 file changed, 53 insertions(+), 39 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 50bef13..e9cba53 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -45,25 +45,6 @@ jobs: run: winget install -e --id Mono.Mono --silent --accept-source-agreements if: runner.os == 'Windows' - - name: unpack Apple signing credentials - if: runner.os == 'macOS' - env: - TEMP_PASSWORD: build.keychain - run: | - echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 - security create-keychain -p $TEMP_PASSWORD build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p $TEMP_PASSWORD build.keychain - security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain - - - - name: test - if: runner.os == 'macOS' - run: xcrun notarytool history - --apple-id ${{ secrets.APPLE_ID }} - --team-id ${{ secrets.APPLE_DEVELOPER_TEAM_ID }} - --password ${{ secrets.APP_SPECIFIC_PASS }} - name: Download vcpkg uses: actions/checkout@v6 with: @@ -109,12 +90,6 @@ jobs: - run: vcpkg/vcpkg fetch ninja - run: cmake --preset '${{ matrix.config.preset }}' -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_LINKER=lld - run: cmake --build out/build/${{ matrix.config.preset }} - - name: sign macOS build - if: runner.os == 'macOS' - run: | - /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/manage_files -v - /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/build/${{ matrix.config.preset }}/send_file -v - - name: Archive build uses: actions/upload-artifact@v5 with: @@ -127,26 +102,65 @@ jobs: out/build/${{ matrix.config.preset }}/snfm_user_manual.md out/build/${{ matrix.config.preset }}/snfm_config_example.yaml - - name: zip for upload to Apple - if: runner.os == 'macOS' + sign: + runs-on: macos-latest + needs: build + steps: + - name: unpack Apple signing credentials + env: + TEMP_PASSWORD: build.keychain + run: | + echo "${{secrets.MACOS_CERTIFICATE}}" | base64 -D > certificate.p12 + security create-keychain -p $TEMP_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $TEMP_PASSWORD build.keychain + security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain + - name: Get artifact + uses: actions/download-artifact@v6 + with: + name: snfm-macos-arm64-release + path: macos-arm64 + - name: Get artifact + uses: actions/download-artifact@v6 + with: + name: snfm-macos-x64-release + path: macos-x64 + - name: Create universal binaries + run: | + mkdir -p out + run ls -al + lipo -create -output out/send_file macos-arm64/manage_files macos-x64/manage_files + lipo -create -output out/send_file macos-arm64/send_file macos-x64/send_file + + - name: Sign macOS binaries + run: | + /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/manage_files + /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/send_file + + - name: Zip for upload to Apple run: zip -j - snfm.zip - out/build/${{ matrix.config.preset }}/manage_files - out/build/${{ matrix.config.preset }}/send_file + snfm-apple.zip + out/manage_files + out/send_file - - name: Archive the thing we upload to apple + - name: Add additional files + run: | + cp macos-arm64/snfm_user_manual.md out + cp macos-arm64/snfm_config_example.yaml out + + - name: Archive build uses: actions/upload-artifact@v5 - if: runner.os == 'macOS' with: - name: snfm.zip - path: snfm.zip + name: snfm-apple-universal + path: out/ + - name: notarize macOS build - if: runner.os == 'macOS' run: xcrun notarytool submit --wait - --apple-id ${{ secrets.APPLE_ID }} - --team-id ${{ secrets.APPLE_DEVELOPER_TEAM_ID }} - --password ${{ secrets.APP_SPECIFIC_PASS }} - snfm.zip + --apple-id ${{ secrets.APPLE_ID }} + --team-id ${{ secrets.APPLE_DEVELOPER_TEAM_ID }} + --password ${{ secrets.APP_SPECIFIC_PASS }} + snfm-apple.zip release: if: github.event_name == 'release' From 2b6a3b56fa272d165a09cf356b5e56e78dfe939b Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 21:23:38 -0800 Subject: [PATCH 27/31] temp --- .github/workflows/cmake.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index e9cba53..0812e04 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -24,9 +24,11 @@ jobs: strategy: matrix: config: - - { os: windows-latest, preset: windows-x64-release } - - { os: ubuntu-24.04, preset: linux-x64-release } - - { os: macos-15-intel, preset: macos-x64-release } + # TEMP + # - { os: windows-latest, preset: windows-x64-release } + # - { os: ubuntu-24.04, preset: linux-x64-release } + # - { os: macos-15-intel, preset: macos-x64-release } + - { os: macos-latest, preset: macos-x64-release } - { os: macos-latest, preset: macos-arm64-release } runs-on: ${{ matrix.config.os }} From 2098c8333c7f73e023f2e142b912c226d97cbd63 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 21:25:14 -0800 Subject: [PATCH 28/31] Update cmake.yml --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 0812e04..c4c33df 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -131,7 +131,7 @@ jobs: - name: Create universal binaries run: | mkdir -p out - run ls -al + ls -al lipo -create -output out/send_file macos-arm64/manage_files macos-x64/manage_files lipo -create -output out/send_file macos-arm64/send_file macos-x64/send_file From 67b55def16d157fb5ef1b4dd61037a107a75dde4 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 21:28:46 -0800 Subject: [PATCH 29/31] Reorder macOS configurations in CMake workflow --- .github/workflows/cmake.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index c4c33df..83b83bf 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -27,8 +27,7 @@ jobs: # TEMP # - { os: windows-latest, preset: windows-x64-release } # - { os: ubuntu-24.04, preset: linux-x64-release } - # - { os: macos-15-intel, preset: macos-x64-release } - - { os: macos-latest, preset: macos-x64-release } + - { os: macos-15-intel, preset: macos-x64-release } - { os: macos-latest, preset: macos-arm64-release } runs-on: ${{ matrix.config.os }} From 5ec4fed26b424e82a31fb3121ddf9a3860c48483 Mon Sep 17 00:00:00 2001 From: zig-for Date: Wed, 25 Feb 2026 21:52:15 -0800 Subject: [PATCH 30/31] Update cmake.yml --- .github/workflows/cmake.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 83b83bf..249d90e 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -130,9 +130,10 @@ jobs: - name: Create universal binaries run: | mkdir -p out - ls -al - lipo -create -output out/send_file macos-arm64/manage_files macos-x64/manage_files + ls -al macos-arm64 + lipo -create -output out/manage_files macos-arm64/manage_files macos-x64/manage_files lipo -create -output out/send_file macos-arm64/send_file macos-x64/send_file + ls -al out - name: Sign macOS binaries run: | From 5f3c3c87fa8a4647e30a8f9e2b6e31d363135745 Mon Sep 17 00:00:00 2001 From: zig-for Date: Sun, 1 Mar 2026 23:48:14 -0800 Subject: [PATCH 31/31] Update cmake.yml --- .github/workflows/cmake.yml | 45 +++++++++++-------------------------- 1 file changed, 13 insertions(+), 32 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 249d90e..b4ce182 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -24,9 +24,8 @@ jobs: strategy: matrix: config: - # TEMP - # - { os: windows-latest, preset: windows-x64-release } - # - { os: ubuntu-24.04, preset: linux-x64-release } + - { os: windows-latest, preset: windows-x64-release } + - { os: ubuntu-24.04, preset: linux-x64-release } - { os: macos-15-intel, preset: macos-x64-release } - { os: macos-latest, preset: macos-arm64-release } @@ -117,12 +116,12 @@ jobs: security unlock-keychain -p $TEMP_PASSWORD build.keychain security import certificate.p12 -k build.keychain -P "${{secrets.MACOS_CERTIFICATE_PWD}}" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $TEMP_PASSWORD build.keychain - - name: Get artifact + - name: Get artifact (arm) uses: actions/download-artifact@v6 with: name: snfm-macos-arm64-release path: macos-arm64 - - name: Get artifact + - name: Get artifact (x64) uses: actions/download-artifact@v6 with: name: snfm-macos-x64-release @@ -134,29 +133,24 @@ jobs: lipo -create -output out/manage_files macos-arm64/manage_files macos-x64/manage_files lipo -create -output out/send_file macos-arm64/send_file macos-x64/send_file ls -al out - - name: Sign macOS binaries run: | /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/manage_files /usr/bin/codesign --options runtime --force -s ${{ secrets.MACOS_IDENTITY_ID }} out/send_file - - name: Zip for upload to Apple run: zip -j snfm-apple.zip out/manage_files out/send_file - - name: Add additional files run: | cp macos-arm64/snfm_user_manual.md out cp macos-arm64/snfm_config_example.yaml out - - name: Archive build uses: actions/upload-artifact@v5 with: - name: snfm-apple-universal + name: snfm-macos-universal-release path: out/ - - name: notarize macOS build run: xcrun notarytool submit --wait --apple-id ${{ secrets.APPLE_ID }} @@ -171,31 +165,25 @@ jobs: steps: - name: Inject slug/short variables uses: rlespinasse/github-slug-action@v3.x - - name: Get artifact + - name: Get artifact (windows) uses: actions/download-artifact@v6 with: name: snfm-windows-x64-release path: windows - - name: Get artifact + - name: Get artifact (linux) uses: actions/download-artifact@v6 with: name: snfm-linux-x64-release path: linux - - name: Get artifact - uses: actions/download-artifact@v6 - with: - name: snfm-macos-arm64-release - path: macos-arm64 - - name: Get artifact + - name: Get artifact (mac) uses: actions/download-artifact@v6 with: - name: snfm-macos-x64-release - path: macos-x64 + name: snfm-macos-universal-release + path: macos - name: Fix +x run: | chmod +x */send_file chmod +x */manage_files - - name: Archive Release uses: thedoctor0/zip-release@main with: @@ -212,7 +200,7 @@ jobs: uses: thedoctor0/zip-release@main with: type: zip - filename: ../snfm-macos-x64-release.zip + filename: ../snfm-macos-universal-release.zip directory: macos - name: Upload binaries to release uses: svenstaro/upload-release-action@v2 @@ -233,12 +221,5 @@ jobs: with: tag: ${{ env.GITHUB_REF_SLUG }} overwrite: true - asset_name: snfm-$tag-macos-x64.zip - file: snfm-macos-x64-release.zip - - name: Upload binaries to release - uses: svenstaro/upload-release-action@v2 - with: - tag: ${{ env.GITHUB_REF_SLUG }} - overwrite: true - asset_name: snfm-$tag-macos-arm64.zip - file: snfm-macos-arm64-release.zip + asset_name: snfm-$tag-macos-universal.zip + file: snfm-macos-universal-release.zip