WIP: add codesigning

.github/actions/codesign/action.yaml

@@ -0,0 +1,30 @@
+# Copyright © SixtyFPS GmbH <[email protected]>
+# SPDX-License-Identifier: GPL-3.0-only OR LicenseRef-Slint-Royalty-free-1.1 OR LicenseRef-Slint-commercial
+
+---
+name: Apple Codesign Binary
+description: Sign the given binary with the developer certificate
+
+inputs:
+  binary:
+    description: 'Path to binary'
+    required: true
+    default: ""
+
+runs:
+  using: composite
+  steps:
+    - name: Codesign binary
+      env:
+          CERT: ${{ secrets.APPLE_CERTIFICATE_P12 }}
+          CERT_PW: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
+          KEYCHAIN_PW: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
+          DEV_ID: ${{ secrets.APPLE_DEV_ID }}
+      run: |
+        echo $CERT | base64 —-decode > certificate.p12
+        security create-keychain -p $KEYCHAIN_PW build.keychain
+        security default-keychain -s build.keychain
+        security unlock-keychain -p $KEYCHAIN_PW build.keychain
+        security import certificate.p12 -k build.keychain -P $CERT_PW -T /usr/bin/codesign
+        security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PW build.keychain
+        /usr/bin/codesign --force -s $DEV_ID ${{ inputs.binary }} -v  

.github/workflows/slint_tool_binary.yaml

@@ -126,6 +126,9 @@ jobs:
             cd ..
             cd tools/${{ github.event.inputs.program || inputs.program }}
             ../../scripts/prepare_binary_package.sh ../../slint-${{ github.event.inputs.program || inputs.program }}
+      - uses: ./.github/actions/codesign
+        with:
+          binary: slint-${{ github.event.inputs.program || inputs.program }}/slint-${{ github.event.inputs.program || inputs.program }}
       - name: Tar artifacts to preserve permissions
         run: tar czvf slint-${{ github.event.inputs.program || inputs.program }}-macos.tar.gz slint-${{ github.event.inputs.program || inputs.program }}
       - name: Upload artifact