Sign and notarize macOS workflow artifact

[valentinegb]

This pull request aims to integrate signing and notarization into the macOS portion of the build workflow. It has been created before it is ready to be merged because this is something I can't test on my local machine and so heavy review is necessary.

The changes made require new GitHub secrets to be created. They are as follows:

• BUILD_CERTIFICATE_BASE64: This is the p12 certificate file. Use the following command to convert your certificate to Base64 and copy it to your clipboard:

  base64 -i BUILD_CERTIFICATE.p12 | pbcopy
  

• P12_PASSWORD: The password for the Apple signing certificate.
• BUILD_PROVISION_PROFILE_BASE64 : The Apple provisioning profile. Use the following command to convert your provisioning profile to Base64 and copy it to your clipboard:

  base64 -i PROVISIONING_PROFILE.provisionprofile | pbcopy
  

• KEYCHAIN_PASSWORD: A keychain password. A new keychain will be created on the runner, so the password for the new keychain can be any new random string.
• APPLE_ID: The Apple ID associated with the developer account.
• APPLE_TEAM_ID: The Apple Developer account team ID.
• APPLE_APP_SPECIFIC_PASSWORD: A 2FA password for this specific app. See Using app-specific passwords.

Before approving the workflow for this pull request, remember that it will certainly fail unless these GitHub secrets have been properly set.

This GitHub Docs page was used for reference.

[fire]

I'll get to this when I can. I don't think today is the day :(

[valentinegb]

I'll get to this when I can. I don't think today is the day :(

Not a problem ^^

[fire]

So to be clear I get an apple developer account, get the key in a text form, and put it into the secrets section?

[valentinegb]

I'm not familiar with the Apple Developer dashboard interface, but I think you can download a certificate. Then use the commands I provided to encode it and copy it as text to your clipboard.

[valentinegb]

This article may be helpful: https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates/

[valentinegb]

From various sources online it looks like you can import the .cert file from that article into Keychain and export a .p12 file

[fire]

The other update affected this pull request.

[fire]

@Ughuuu has been helping me get signing into Godot Engine. Can you advise?

[valentinegb]

Hey, sorry it's been a while, I had to completely wipe my computer a while ago and to be honest I totally forgot about this pull request ^^'
I'm a bit busy with some other projects now unfortunately but I'll leave all my code up in case someone else wants to pick this back up
I may work on this again in the future, but not now, sorry

[Ughuuu]

Made a godot-cpp-template fork with sign action, borrowed from mihe. You could reuse that if the artifact is a .framework.