update notarization method and keys

2025-04-14 07:48:20 +03:00 · 2024-03-12 06:51:19 -04:00
parent 16e3e8baa7
commit f00889d13a
2 changed files with 14 additions and 11 deletions
--- a/.erb/scripts/notarize.js
+++ b/.erb/scripts/notarize.js
@@ -12,9 +12,9 @@ exports.default = async function notarizeMacos(context) {
    return;
  }

-  if (!('APPLE_ID' in process.env && 'APPLE_ID_PASS' in process.env)) {
+  if (!('APPLE_API_KEY' in process.env && 'APPLE_API_KEY_ID' in process.env)) {
    console.warn(
-      'Skipping notarizing step. APPLE_ID and APPLE_ID_PASS env variables must be set'
+      'Skipping notarizing step. APPLE_API_KEY and APPLE_API_KEY_ID env variables must be set'
    );
    return;
  }
@@ -22,11 +22,10 @@ exports.default = async function notarizeMacos(context) {
  const appName = context.packager.appInfo.productFilename;

  await notarize({
-    appBundleId: build.appId,
    appPath: `${appOutDir}/${appName}.app`,
-    appleId: process.env.APPLE_ID,
-    appleIdPassword: process.env.APPLE_ID_PASS,
-    teamId: process.env.APPLE_TEAM_ID,
-    tool: 'legacy',
+    appleApiKey: process.env.APPLE_API_KEY,
+    appleApiKeyId: process.env.APPLE_API_KEY_ID,
+    appleApiIssuer: process.env.APPLE_API_ISSUER,
+    tool: 'notarytool',
  });
 };
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -8,7 +8,6 @@ on:

 jobs:
  publish:
-
    runs-on: ${{ matrix.os }}

    strategy:
@@ -31,14 +30,19 @@ jobs:
          npm run postinstall
          npm run build

+      - name: copy p8 key to file
+        run: |
+          echo "${{ secrets.APPLE_API_KEY_P8_FILE }}" > api_key.p8
+
      - name: Publish releases
        env:
          # These values are used for auto updates signing
-          APPLE_ID: ${{ secrets.APPLE_ID }}
-          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASS }}
-          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
          CSC_LINK: ${{ secrets.CSC_LINK }}
          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+          # Used for apple notarization
+          APPLE_API_KEY: 'api_key.p8'
+          APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
          # This is used for uploading release assets to github
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |