feat: add codesign for macos

hiento09 · hiento09 · commit 74ea1ad22512 · 2024-12-06T14:44:39.000+07:00
diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
@@ -2,7 +2,7 @@ name: Build and Package Python Library
 
 on:
   push:
-    branches: [ feat/python-package-ci ]
+    branches: [ feat/codesign-python-package ]
   workflow_dispatch:
     inputs:
       model_dir:
@@ -25,9 +25,9 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: "linux"
-            name: "amd64"
-            runs-on: "ubuntu-20-04-cuda-12-0"
+          # - os: "linux"
+          #   name: "amd64"
+          #   runs-on: "ubuntu-20-04-cuda-12-0"
           - os: "mac"
             name: "amd64"
             runs-on: "macos-selfhosted-12"
@@ -133,4 +133,41 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
             name: ${{env.MODEL_NAME}}-${{ matrix.os }}-${{ matrix.name }}
-            path: ${{env.PYTHON_FOLDER}}
+            path: ${{env.PYTHON_FOLDER}}
+
+  codesign:
+    runs-on: macos-latest
+    needs: build-and-test
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - uses: apple-actions/import-codesign-certs@v2
+        continue-on-error: true
+        with:
+          p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }}
+          p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }}
+      - name: Download Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{env.MODEL_NAME}}-mac-amd64
+          path: ${{env.MODEL_NAME}}-mac-amd64
+      - name: Download Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{env.MODEL_NAME}}-mac-amd64
+          path: ${{env.MODEL_NAME}}-mac-arm64
+
+      - run: |
+          find "${{env.MODEL_NAME}}-mac-amd64" \( -type f -perm +111 \) -exec codesign --force --entitlements="./engine/templates/macos/entitlements.plist" -s "${{ secrets.DEVELOPER_ID }}" --options=runtime {} \;
+          find "${{env.MODEL_NAME}}-mac-arm64" \( -type f -perm +111 \) -exec codesign --force --entitlements="./engine/templates/macos/entitlements.plist" -s "${{ secrets.DEVELOPER_ID }}" --options=runtime {} \;
+      
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{env.MODEL_NAME}}-mac-amd64-signed
+          path: ${{env.MODEL_NAME}}-mac-amd64
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{env.MODEL_NAME}}-mac-arm64-signed
+          path: ${{env.MODEL_NAME}}-mac-arm64
