WIP NWEndpoint changes #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pia_desktop/mac | |
| on: | |
| push: | |
| jobs: | |
| macos: | |
| name: macos_universal_build | |
| env: | |
| APP_BUILD_TARGET: PIA Split Tunnel | |
| EXTENSION_BUILD_TARGET: SplitTunnelProxyExtension | |
| APP_PROVISION_PROFILE: ${{ github.workspace }}/app.provisionprofile | |
| SEXT_PROVISION_PROFILE: ${{ github.workspace }}/sext.provisionprofile | |
| EXTENSION_ID: com.privateinternetaccess.vpn.splittunnel | |
| PROJECT: SplitTunnelProxy | |
| PACKAGE_FOR_RELEASE: 1 | |
| CODESIGN_IDENTITY: ${{ vars.PIA_CODESIGN_IDENTITY }} | |
| TEAM_ID: ${{ vars.PIA_APPLE_TEAM_ID }} | |
| runs-on: macos-14 | |
| steps: | |
| - uses: maxim-lobanov/setup-xcode@v1 | |
| with: | |
| xcode-version: '16.0' | |
| - uses: actions/checkout@v3 | |
| - name: Install PIA's signing certificate | |
| run: | | |
| CERTIFICATE_PATH=${{ github.workspace }}/build_certificate.p12 | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| echo "importing certificate from secrets" | |
| echo -n "${{ secrets.PIA_APPLE_DEVELOPER_ID_CERT_BASE64 }}" | base64 -d -o "$CERTIFICATE_PATH" | |
| echo "write app profile from secrets" | |
| echo -n "${{ secrets.PIA_APPLE_CLI_PROVISIONING_PROFILE_BASE64 }}" | base64 --decode -o "${APP_PROVISION_PROFILE}" | |
| echo "write extension profile from secrets" | |
| echo -n "${{ secrets.PIA_APPLE_SYSTEM_EXTENSION_PROVISIONING_PROFILE_BASE64 }}" | base64 --decode -o "${SEXT_PROVISION_PROFILE}" | |
| echo "creating temporary keychain" | |
| security create-keychain -p "" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "" $KEYCHAIN_PATH | |
| echo "importing certificate to keychain" | |
| security import $CERTIFICATE_PATH -P "${{ secrets.PIA_APPLE_DEVELOPER_ID_PASSWORD }}" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| echo "Done importing certificates" | |
| - name: Run tests | |
| env: | |
| TEST_TARGET: SplitTunnelProxyExtensionFrameworkTests | |
| run: ./build_scripts/test.sh | |
| - name: Build, sign, package | |
| env: | |
| NOTARIZATION_EMAIL: ${{ secrets.PIA_APPLE_NOTARIZATION_EMAIL }} | |
| NOTARIZATION_PASSWORD: ${{ secrets.PIA_APPLE_NOTARIZATION_PASSWORD }} | |
| run: ./build_scripts/build.sh | |
| - name: Zip app bundle | |
| run: | | |
| # We zip it manually using ditto. Github Actions may break things in the bundle if we let it zip on upload. | |
| ditto -ck --rsrc --keepParent --sequesterRsrc "out/PIA Split Tunnel.app" out/stmanager.zip | |
| - uses: actions/upload-artifact@v3 | |
| if: success() | |
| with: | |
| name: "splitTunnel" | |
| retention-days: 10 | |
| path: out/stmanager.zip |