From e874f313a1961eb33d280b23abcc7da23eb3b80e Mon Sep 17 00:00:00 2001
From: Vladimir Prus <vladimir.prus@gmail.com>
Date: Mon, 29 Jan 2024 18:50:17 +0000
Subject: [PATCH] Step 15

---
 .../workflows/storage-advisor-release.yaml    | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/.github/workflows/storage-advisor-release.yaml b/.github/workflows/storage-advisor-release.yaml
index 025c558..7c0f49d 100644
--- a/.github/workflows/storage-advisor-release.yaml
+++ b/.github/workflows/storage-advisor-release.yaml
@@ -58,3 +58,38 @@ jobs:
       with:
         version: tags/${{ steps.release-id.outputs.RELEASE_TAG }}
         file: storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz
+    - name: Sign
+      env: # Or as an environment variable
+        DEVELOPER_ID_APPLICATION_P12: ${{ secrets.DEVELOPER_ID_APPLICATION_P12 }}
+        DEVELOPER_ID_APPLICATION_P12_PWD: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_PWD }}
+      run: |
+        tar -xzf storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz
+
+        KEYCHAIN_NAME=\$(cat /dev/random | LC_CTYPE=C tr -dc "[:alpha:]" | head -c 16)
+        KEYCHAIN_PASSWORD=\$(cat /dev/random | LC_CTYPE=C tr -dc "[:alpha:]" | head -c 16)
+
+        security create-keychain -p "\${KEYCHAIN_PASSWORD}" "\${KEYCHAIN_NAME}"
+        security unlock-keychain -p "\${KEYCHAIN_PASSWORD}" "\${KEYCHAIN_NAME}"
+
+        curl -O https://www.apple.com/appleca/AppleIncRootCertificate.cer
+        security import AppleIncRootCertificate.cer -t cert -k "\${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
+        curl -O https://www.apple.com/certificateauthority/DeveloperIDCA.cer
+        security import DeveloperIDCA.cer -t cert -k "\${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
+        rm AppleIncRootCertificate.cer DeveloperIDC
+        echo "$DEVELOPER_ID_APPLICATION_P12" | base64 -d > signing_cert.p12
+        security import signing_cert.p12 -P "$DEVELOPER_ID_APPLICATION_P12_PWD" -k "\${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
+        rm signing_cer
+        security set-keychain-settings \$KEYCHAIN_NAME
+        security set-key-partition-list -S apple-tool:,apple: -s -k "\${KEYCHAIN_PASSWORD}" "\${KEYCHAIN_N
+        # we need to add our new keychain to user search list to use the certificate
+        keychainNames=();
+        for keychain in \$(security list-keychains -d user)
+        do
+            basename=\$(basename "\$keychain")
+            keychainName=\${basename::\${#basename}-4}
+            keychainNames+=("\$keychainName")
+        done
+        security -v list-keychains -s "\${keychainNames[@]}" \$KEYCHAIN_NAME
+        codesign -s 98A9FF12B0FCCCEEDE752C824A2A7E189B5AEEAE -o runtime -v storage-advisor
+        security -v delete-keychain \$KEYCHAIN_NAME
+                   
\ No newline at end of file