Skip to content

Setup signing for macOS app #1368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 29, 2025
Merged

Setup signing for macOS app #1368

merged 4 commits into from
Jul 29, 2025

Conversation

naps62
Copy link
Member

@naps62 naps62 commented Jul 29, 2025

No description provided.

@Copilot Copilot AI review requested due to automatic review settings July 29, 2025 14:18
@naps62 naps62 added the A-feature A new finished feature label Jul 29, 2025
Copilot
Copilot AI reviewed Jul 29, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds code signing support for macOS builds in the GitHub Actions release workflow. The changes enable automatic signing of the macOS application using Apple developer certificates stored as GitHub secrets.

  • Imports Apple developer certificate and configures macOS keychain for code signing
  • Extracts certificate identity and sets it as environment variable for Tauri build
  • Passes required signing credentials to the Tauri action for automated app signing

.github/workflows/release.yml
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
run: |
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
Copy link
Preview

Copilot AI Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The certificate file is created in the current directory and not cleaned up after use. Consider creating it in a temporary location and ensuring it's removed after import to avoid potential exposure of sensitive certificate data.

Suggested change
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
CERTIFICATE_FILE=$(mktemp)
echo $APPLE_CERTIFICATE | base64 --decode > "$CERTIFICATE_FILE"

Copilot uses AI. Check for mistakes.

naps62 and others added 3 commits July 29, 2025 15:23
@naps62 @Copilot
Update .github/workflows/release.yml
d1559f6 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@naps62 @Copilot
Update .github/workflows/release.yml
2347922 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@naps62
wip
abb2d3a
@naps62 naps62 merged commit 02c9f51 into main Jul 29, 2025
7 checks passed
@naps62 naps62 deleted the macos-signing branch July 29, 2025 14:58
@naps62 naps62 mentioned this pull request Jul 30, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
A-feature A new finished feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@naps62