Small fix on signing procedure (#153)

4thlabs · web-flow · commit 92be6923f3e4 · 2023-04-19T15:51:44.000+02:00
diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -28,6 +28,7 @@ jobs:
       - name: Build
         working-directory: ${{github.workspace}}/build
         run: cmake --build . -t DolbyIO.Comms.Native
+
       - if: ${{matrix.os == 'macos-latest'}}
         env:
           BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
@@ -52,11 +53,6 @@ jobs:
           xcrun notarytool store-credentials "dotnet-sdk-notarization-profile" --apple-id "iapi@dolby.com" --team-id B55NRA8BRW --password "${IAPI_DOTNET_APP_SPECYFIC_PASSWORD}"
           codesign --force --strict --timestamp --sign 'Developer ID Application: VOXEET INC. (B55NRA8BRW)' *.dylib      
 
-
-      - name: Pack
-        working-directory: ${{github.workspace}}/build
-        run: dotnet pack dotnet/${{ matrix.runtime }}/${{ matrix.runtime }}.csproj
-
       - if: ${{matrix.os == 'windows-latest'}}
         working-directory: ${{github.workspace}}/build/bin
         run: |
@@ -67,6 +63,11 @@ jobs:
           & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /f ./certificate.pfx /p ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD}} /t http://timestamp.digicert.com/ dolbyio_comms_sdk.dll
           & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /f ./certificate.pfx /p ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD}} /t http://timestamp.digicert.com/ dolbyio_comms_media.dll
           Remove-Item -Recurse -Force certificate.pfx
+      
+      - name: Pack
+        working-directory: ${{github.workspace}}/build
+        run: dotnet pack dotnet/${{ matrix.runtime }}/${{ matrix.runtime }}.csproj
+
       - uses: actions/upload-artifact@v3
         with:
           name: nugets
@@ -80,27 +81,6 @@ jobs:
         with: 
           submodules: true
           lfs: true
-      - name: Install the Apple certificate and notarization profile
-        env:
-          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
-          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
-          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-          IAPI_DOTNET_APP_SPECYFIC_PASSWORD: ${{ secrets.IAPI_DOTNET_APP_SPECYFIC_PASSWORD }}
-        run: |
-          # create variables
-          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
-          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-          # import certificate and provisioning profile from secrets
-          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
-          # create temporary keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          # import certificate to keychain
-          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-          security list-keychain -d user -s $KEYCHAIN_PATH
-          xcrun notarytool store-credentials "dotnet-sdk-notarization-profile" --apple-id "iapi@dolby.com" --team-id B55NRA8BRW --password "${IAPI_DOTNET_APP_SPECYFIC_PASSWORD}"
       - uses: ./.github/actions/configure
       - uses: actions/download-artifact@v3
         with:
@@ -135,9 +115,6 @@ jobs:
       - run: 7z x "${{github.workspace}}/build/bin/DolbyIO.Comms.Sdk.Runtime.*.nupkg" -o${{github.workspace}}/build "runtimes/*"
         working-directory: ${{github.workspace}}/build
 
-      - name: Sign osx libs
-        run: |
-         codesign --force --strict --timestamp --sign 'Developer ID Application: VOXEET INC. (B55NRA8BRW)'   ${{github.workspace}}/build/runtimes/osx-universal/native/*.dylib      
       - uses: actions/upload-artifact@v3
         with:
           name: dolbyio-dotnet-binaries
