Skip to content
This repository was archived by the owner on Jul 4, 2025. It is now read-only.

Commit ae5c924

Browse files
hiento09hiento09
committed
feat: add codesign for macos
1 parent 75cafe6 commit ae5c924

File tree

1 file changed

+56
-19
lines changed

1 file changed

+56
-19
lines changed

.github/workflows/python-package.yml

Lines changed: 56 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ name: Build and Package Python Library
22

33
on:
44
push:
5-
branches: [ feat/python-package-ci ]
5+
branches: [ feat/codesign-python-package ]
66
workflow_dispatch:
77
inputs:
88
model_dir:
@@ -25,9 +25,9 @@ jobs:
2525
fail-fast: false
2626
matrix:
2727
include:
28-
- os: "linux"
29-
name: "amd64"
30-
runs-on: "ubuntu-20-04-cuda-12-0"
28+
# - os: "linux"
29+
# name: "amd64"
30+
# runs-on: "ubuntu-20-04-cuda-12-0"
3131
- os: "mac"
3232
name: "amd64"
3333
runs-on: "macos-selfhosted-12"
@@ -53,20 +53,20 @@ jobs:
5353
# bash miniconda.sh -b -p $HOME/miniconda
5454
# echo "$HOME/miniconda/bin" >> $GITHUB_PATH
5555

56-
# - name: Install Miniconda on macOS
57-
# if: runner.os == 'macOS'
58-
# run: |
59-
# if [ "$(uname -m)" = "arm64" ]; then
60-
# echo "Running on macOS ARM"
61-
# MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-arm64.sh"
62-
# else
63-
# echo "Running on macOS Intel"
64-
# MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-x86_64.sh"
65-
# fi
66-
# echo "Downloading Miniconda from $MINICONDA_URL"
67-
# curl -L $MINICONDA_URL -o miniconda.sh
68-
# bash miniconda.sh -b -p $HOME/miniconda
69-
# echo "$HOME/miniconda/bin" >> $GITHUB_PATH
56+
- name: Install Miniconda on macOS
57+
if: runner.os == 'macOS'
58+
run: |
59+
if [ "$(uname -m)" = "arm64" ]; then
60+
echo "Running on macOS ARM"
61+
MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-arm64.sh"
62+
else
63+
echo "Running on macOS Intel"
64+
MINICONDA_URL="https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-x86_64.sh"
65+
fi
66+
echo "Downloading Miniconda from $MINICONDA_URL"
67+
curl -L $MINICONDA_URL -o miniconda.sh
68+
bash miniconda.sh -b -p $HOME/miniconda
69+
echo "$HOME/miniconda/bin" >> $GITHUB_PATH
7070
7171
# - name: Install Miniconda on Windows
7272
# if: runner.os == 'Windows'
@@ -133,4 +133,41 @@ jobs:
133133
uses: actions/upload-artifact@v4
134134
with:
135135
name: ${{env.MODEL_NAME}}-${{ matrix.os }}-${{ matrix.name }}
136-
path: ${{env.PYTHON_FOLDER}}
136+
path: ${{env.PYTHON_FOLDER}}
137+
138+
codesign:
139+
runs-on: macos-latest
140+
needs: build-and-test
141+
steps:
142+
- name: checkout
143+
uses: actions/checkout@v3
144+
- uses: apple-actions/import-codesign-certs@v2
145+
continue-on-error: true
146+
with:
147+
p12-file-base64: ${{ secrets.CODE_SIGN_P12_BASE64 }}
148+
p12-password: ${{ secrets.CODE_SIGN_P12_PASSWORD }}
149+
- name: Download Artifact
150+
uses: actions/download-artifact@v4
151+
with:
152+
name: ${{env.MODEL_NAME}}-mac-amd64
153+
path: ${{env.MODEL_NAME}}-mac-amd64
154+
- name: Download Artifact
155+
uses: actions/download-artifact@v4
156+
with:
157+
name: ${{env.MODEL_NAME}}-mac-arm64
158+
path: ${{env.MODEL_NAME}}-mac-arm64
159+
160+
- run: |
161+
find "${{env.MODEL_NAME}}-mac-amd64" \( -type f \) -exec codesign --force --entitlements="./engine/templates/macos/entitlements.plist" -s "${{ secrets.DEVELOPER_ID }}" --options=runtime {} \;
162+
find "${{env.MODEL_NAME}}-mac-arm64" \( -type f \) -exec codesign --force --entitlements="./engine/templates/macos/entitlements.plist" -s "${{ secrets.DEVELOPER_ID }}" --options=runtime {} \;
163+
164+
- name: Upload Artifact
165+
uses: actions/upload-artifact@v4
166+
with:
167+
name: ${{env.MODEL_NAME}}-mac-amd64-signed
168+
path: ${{env.MODEL_NAME}}-mac-amd64
169+
- name: Upload Artifact
170+
uses: actions/upload-artifact@v4
171+
with:
172+
name: ${{env.MODEL_NAME}}-mac-arm64-signed
173+
path: ${{env.MODEL_NAME}}-mac-arm64

0 commit comments

Comments
 (0)