Test Building for Apple (option 2) #3

Workflow file for this run

	name: Test Building for Apple (option 2)

	on: workflow_dispatch

	defaults:
	run:
	# necessary for windows
	shell: bash

	jobs:
	build-artifacts:
	runs-on: macos-latest
	permissions:
	contents: read
	id-token: write
	steps:
	- uses: actions/checkout@v4

	# Authenticate to GCP using Workload Identity Federation.
	# We set up the WI provider in the `github_actions_federation` resource in the
	# `platform-infrastructure` repository.
	- id: google-auth
	uses: 'google-github-actions/auth@v2'
	with:
	workload_identity_provider: 'projects/865738624352/locations/global/workloadIdentityPools/github-d8bck/providers/github-d8bck'
	service_account: apollosolutions-rhai-test@platform-mgmt-service-e0izz.iam.gserviceaccount.com
	project_id: platform-cross-environment

	# Gets some secrets from Google Secret Manager.
	- id: gsm-secrets
	uses: 'google-github-actions/get-secretmanager-secrets@v2'
	with:
	# The format of each line here is OUTPUTNAME:PROJECT/SECRET; you can
	# read the secrets later in this file with
	# `steps.gsm-secrets.outputs.OUTPUTNAME`. These secrets are created in
	# the `argo` resource in the `domain-deployment` repository.
	secrets: \|-
	MACOS_CERT_BUNDLE_PASSWORD:platform-mgmt-secrets-3xnc4/apollosolutions-rhai-test-MACOS_CERT_BUNDLE_PASSWORD
	MACOS_CERT_BUNDLE_BASE64:platform-mgmt-secrets-3xnc4/apollosolutions-rhai-test-MACOS_CERT_BUNDLE_BASE64
	MACOS_NOTARIZATION_PASSWORD:platform-mgmt-secrets-3xnc4/apollosolutions-rhai-test-MACOS_NOTARIZATION_PASSWORD
	MACOS_KEYCHAIN_PASSWORD:platform-mgmt-secrets-3xnc4/apollosolutions-rhai-test-MACOS_KEYCHAIN_PASSWORD

	- name: Set up Apple certificate
	uses: apple-actions/import-codesign-certs@v3
	with:
	p12-file-base64: ${{steps.gsm-secrets.outputs.MACOS_CERT_BUNDLE_BASE64}}
	p12-password: ${{steps.gsm-secrets.outputs.MACOS_CERT_BUNDLE_PASSWORD}}
	keychain-password: ${{steps.gsm-secrets.outputs.MACOS_KEYCHAIN_PASSWORD}}
	keychain: rhaitest-keychain

	- name: "verify keys"
	run: \|
	KEYCHAIN_NAME="rhaitest-keychain"

	echo "Setting default keychain..."
	security default-keychain -d user -s $KEYCHAIN_NAME

	echo "Unlocking keychain..."
	security unlock-keychain -p "${MACOS_KEYCHAIN_PASSWORD}" $KEYCHAIN_NAME

	echo "Verifying keychain is set up correctly..."
	security find-identity -v -p codesigning

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Test Building for Apple (option 2) #3

Workflow file

Test Building for Apple (option 2) #3

Jobs

Run details

Workflow file for this run