diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0d337a4..375e338 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -236,13 +236,46 @@ jobs: p12-file-base64: ${{ secrets.CSC_INSTALLER_LINK }} p12-password: ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }} - name: Sign the Apple pkg + timeout-minutes: 30 run: | + echo "设置 notarytool 凭据..." + if ! xcrun notarytool store-credentials "NOTARIZE_PROFILE" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD"; then + echo "错误: 无法设置 notarytool 凭据" + exit 1 + fi + + echo "验证凭据设置..." + xcrun notarytool list --keychain-profile "NOTARIZE_PROFILE" || true + + echo "签名和公证 pkg 文件..." for pkg_name in $(ls -1 dist/*.pkg); do pkg_name=$(ls -1 dist/*.pkg) + echo "处理文件: $pkg_name" + if [ ! -f "$pkg_name" ]; then + echo "错误: 找不到 pkg 文件: $pkg_name" + exit 1 + fi + mv $pkg_name Unsigned-Workbench.pkg - productsign --sign "Developer ID Installer: Prometheus Advertising Corp (489PDK5LP3)" Unsigned-Workbench.pkg $pkg_name + + echo "使用 productsign 签名..." + if ! productsign --sign "Developer ID Installer: Prometheus Advertising Corp (489PDK5LP3)" Unsigned-Workbench.pkg $pkg_name; then + echo "错误: productsign 签名失败" + exit 1 + fi rm -f Unsigned-Workbench.pkg - xcrun notarytool submit $pkg_name --apple-id $APPLE_ID --team-id $APPLE_TEAM_ID --password $APPLE_APP_SPECIFIC_PASSWORD --wait + + echo "提交公证..." + if ! xcrun notarytool submit $pkg_name --keychain-profile "NOTARIZE_PROFILE" --wait; then + echo "错误: notarytool 公证失败" + echo "检查最近的公证历史..." + xcrun notarytool history --keychain-profile "NOTARIZE_PROFILE" || true + exit 1 + fi + + echo "公证成功完成!" + echo "检查公证状态..." + xcrun notarytool history --keychain-profile "NOTARIZE_PROFILE" | head -10 || true done env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -317,13 +350,46 @@ jobs: p12-file-base64: ${{ secrets.CSC_INSTALLER_LINK }} p12-password: ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }} - name: Sign the Apple pkg + timeout-minutes: 30 run: | + echo "设置 notarytool 凭据..." + if ! xcrun notarytool store-credentials "NOTARIZE_PROFILE" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD"; then + echo "错误: 无法设置 notarytool 凭据" + exit 1 + fi + + echo "验证凭据设置..." + xcrun notarytool list --keychain-profile "NOTARIZE_PROFILE" || true + + echo "签名和公证 pkg 文件..." for pkg_name in $(ls -1 dist/*.pkg); do pkg_name=$(ls -1 dist/*.pkg) + echo "处理文件: $pkg_name" + if [ ! -f "$pkg_name" ]; then + echo "错误: 找不到 pkg 文件: $pkg_name" + exit 1 + fi + mv $pkg_name Unsigned-Workbench.pkg - productsign --sign "Developer ID Installer: Prometheus Advertising Corp (489PDK5LP3)" Unsigned-Workbench.pkg $pkg_name + + echo "使用 productsign 签名..." + if ! productsign --sign "Developer ID Installer: Prometheus Advertising Corp (489PDK5LP3)" Unsigned-Workbench.pkg $pkg_name; then + echo "错误: productsign 签名失败" + exit 1 + fi rm -f Unsigned-Workbench.pkg - xcrun notarytool submit $pkg_name --apple-id $APPLE_ID --team-id $APPLE_TEAM_ID --password $APPLE_APP_SPECIFIC_PASSWORD --wait + + echo "提交公证..." + if ! xcrun notarytool submit $pkg_name --keychain-profile "NOTARIZE_PROFILE" --wait; then + echo "错误: notarytool 公证失败" + echo "检查最近的公证历史..." + xcrun notarytool history --keychain-profile "NOTARIZE_PROFILE" || true + exit 1 + fi + + echo "公证成功完成!" + echo "检查公证状态..." + xcrun notarytool history --keychain-profile "NOTARIZE_PROFILE" | head -10 || true done env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}