YuuMJ1997/mihomo-party
1
0
Fork 0
mirror of https://gh.catmak.name/https://github.com/mihomo-party-org/mihomo-party synced 2025-12-27 13:10:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: improve Apple notarization process

Browse Source
This commit is contained in:
ezequielnick 2025-05-31 15:53:36 +08:00
parent 8d1f866df2
commit 3ff5bb3505
1 changed files with 70 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
.github/workflows/build.yml vendored
View File

@ -236,13 +236,46 @@ jobs:
p12-file-base64: ${{ secrets.CSC_INSTALLER_LINK }} p12-file-base64: ${{ secrets.CSC_INSTALLER_LINK }}
p12-password: ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }} p12-password: ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }}
- name: Sign the Apple pkg - name: Sign the Apple pkg
timeout-minutes: 30
run: | run: |
echo "设置 notarytool 凭据..."
if ! xcrun notarytool store-credentials "NOTARIZE_PROFILE" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD"; then
echo "错误: 无法设置 notarytool 凭据"
exit 1
fi
echo "验证凭据设置..."
xcrun notarytool list --keychain-profile "NOTARIZE_PROFILE" || true
echo "签名和公证 pkg 文件..."
for pkg_name in $(ls -1 dist/*.pkg); do for pkg_name in $(ls -1 dist/*.pkg); do
pkg_name=$(ls -1 dist/*.pkg) pkg_name=$(ls -1 dist/*.pkg)
echo "处理文件: $pkg_name"
if [ ! -f "$pkg_name" ]; then
echo "错误: 找不到 pkg 文件: $pkg_name"
exit 1
fi
mv $pkg_name Unsigned-Workbench.pkg mv $pkg_name Unsigned-Workbench.pkg
productsign --sign "Developer ID Installer: Prometheus Advertising Corp (489PDK5LP3)" Unsigned-Workbench.pkg $pkg_name
echo "使用 productsign 签名..."
if ! productsign --sign "Developer ID Installer: Prometheus Advertising Corp (489PDK5LP3)" Unsigned-Workbench.pkg $pkg_name; then
echo "错误: productsign 签名失败"
exit 1
fi
rm -f Unsigned-Workbench.pkg rm -f Unsigned-Workbench.pkg
xcrun notarytool submit $pkg_name --apple-id $APPLE_ID --team-id $APPLE_TEAM_ID --password $APPLE_APP_SPECIFIC_PASSWORD --wait
echo "提交公证..."
if ! xcrun notarytool submit $pkg_name --keychain-profile "NOTARIZE_PROFILE" --wait; then
echo "错误: notarytool 公证失败"
echo "检查最近的公证历史..."
xcrun notarytool history --keychain-profile "NOTARIZE_PROFILE" || true
exit 1
fi
echo "公证成功完成!"
echo "检查公证状态..."
xcrun notarytool history --keychain-profile "NOTARIZE_PROFILE" | head -10 || true
done done
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@ -317,13 +350,46 @@ jobs:
p12-file-base64: ${{ secrets.CSC_INSTALLER_LINK }} p12-file-base64: ${{ secrets.CSC_INSTALLER_LINK }}
p12-password: ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }} p12-password: ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }}
- name: Sign the Apple pkg - name: Sign the Apple pkg
timeout-minutes: 30
run: | run: |
echo "设置 notarytool 凭据..."
if ! xcrun notarytool store-credentials "NOTARIZE_PROFILE" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD"; then
echo "错误: 无法设置 notarytool 凭据"
exit 1
fi
echo "验证凭据设置..."
xcrun notarytool list --keychain-profile "NOTARIZE_PROFILE" || true
echo "签名和公证 pkg 文件..."
for pkg_name in $(ls -1 dist/*.pkg); do for pkg_name in $(ls -1 dist/*.pkg); do
pkg_name=$(ls -1 dist/*.pkg) pkg_name=$(ls -1 dist/*.pkg)
echo "处理文件: $pkg_name"
if [ ! -f "$pkg_name" ]; then
echo "错误: 找不到 pkg 文件: $pkg_name"
exit 1
fi
mv $pkg_name Unsigned-Workbench.pkg mv $pkg_name Unsigned-Workbench.pkg
productsign --sign "Developer ID Installer: Prometheus Advertising Corp (489PDK5LP3)" Unsigned-Workbench.pkg $pkg_name
echo "使用 productsign 签名..."
if ! productsign --sign "Developer ID Installer: Prometheus Advertising Corp (489PDK5LP3)" Unsigned-Workbench.pkg $pkg_name; then
echo "错误: productsign 签名失败"
exit 1
fi
rm -f Unsigned-Workbench.pkg rm -f Unsigned-Workbench.pkg
xcrun notarytool submit $pkg_name --apple-id $APPLE_ID --team-id $APPLE_TEAM_ID --password $APPLE_APP_SPECIFIC_PASSWORD --wait
echo "提交公证..."
if ! xcrun notarytool submit $pkg_name --keychain-profile "NOTARIZE_PROFILE" --wait; then
echo "错误: notarytool 公证失败"
echo "检查最近的公证历史..."
xcrun notarytool history --keychain-profile "NOTARIZE_PROFILE" || true
exit 1
fi
echo "公证成功完成!"
echo "检查公证状态..."
xcrun notarytool history --keychain-profile "NOTARIZE_PROFILE" | head -10 || true
done done
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}