admin/brew
1
0
Fork 0
Code Issues Packages Projects Releases 6 Wiki Activity

workflows/build-pkg: tweak some variables.

Browse Source 
- instead of setting a static `PKG_KEYCHAIN_PASSWORD` secret, generate
  a random password from `openssl rand` instead.
- use `PKG_APPLE_ID_EMAIL` which makes the fact it's an email a bit
  more obvious. I've created this new secret already and will delete the
  old one after this is merged.
- bump the latest supported version of macOS
This commit is contained in:
Mike McQuaid 2023-10-02 16:37:58 +01:00
parent affc4c01aa
commit a94ff572f7
No known key found for this signature in database
GPG Key ID: 3338A31AFDB1D829
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/workflows/build-pkg.yml vendored
View File

@ -18,7 +18,8 @@ jobs:
env: env:
TEMPORARY_CERTIFICATE_FILE: 'homebrew_developer_id_installer_certificate.p12' TEMPORARY_CERTIFICATE_FILE: 'homebrew_developer_id_installer_certificate.p12'
TEMPORARY_KEYCHAIN_FILE: 'homebrew_installer_signing.keychain-db' TEMPORARY_KEYCHAIN_FILE: 'homebrew_installer_signing.keychain-db'
MIN_MACOS_VERSION: '11.0' # Set to the latest supported version of macOS
MIN_MACOS_VERSION: '12.0'
PKG_APPLE_DEVELOPER_TEAM_ID: ${{ secrets.PKG_APPLE_DEVELOPER_TEAM_ID }} PKG_APPLE_DEVELOPER_TEAM_ID: ${{ secrets.PKG_APPLE_DEVELOPER_TEAM_ID }}
HOMEBREW_NO_ANALYTICS_THIS_RUN: 1 HOMEBREW_NO_ANALYTICS_THIS_RUN: 1
HOMEBREW_NO_ANALYTICS_MESSAGE_OUTPUT: 1 HOMEBREW_NO_ANALYTICS_MESSAGE_OUTPUT: 1
@ -38,13 +39,12 @@ jobs:
run: brew install pandoc run: brew install pandoc
- name: Create and unlock temporary macOS keychain - name: Create and unlock temporary macOS keychain
env:
PKG_KEYCHAIN_PASSWORD: ${{ secrets.PKG_KEYCHAIN_PASSWORD }}
run: | run: |
TEMPORARY_KEYCHAIN_PASSWORD="$(openssl rand -base64 20)"
TEMPORARY_KEYCHAIN_PATH="${RUNNER_TEMP}/${TEMPORARY_KEYCHAIN_FILE}" TEMPORARY_KEYCHAIN_PATH="${RUNNER_TEMP}/${TEMPORARY_KEYCHAIN_FILE}"
security create-keychain -p "${PKG_KEYCHAIN_PASSWORD}" "${TEMPORARY_KEYCHAIN_PATH}" security create-keychain -p "${TEMPORARY_KEYCHAIN_PASSWORD}" "${TEMPORARY_KEYCHAIN_PATH}"
security set-keychain-settings -l -u -t 21600 "${TEMPORARY_KEYCHAIN_PATH}" security set-keychain-settings -l -u -t 21600 "${TEMPORARY_KEYCHAIN_PATH}"
security unlock-keychain -p "${PKG_KEYCHAIN_PASSWORD}" "${TEMPORARY_KEYCHAIN_PATH}" security unlock-keychain -p "${TEMPORARY_KEYCHAIN_PASSWORD}" "${TEMPORARY_KEYCHAIN_PATH}"
- name: Create temporary certificate file - name: Create temporary certificate file
env: env:
@ -140,11 +140,11 @@ jobs:
- name: Notarize Homebrew installer package - name: Notarize Homebrew installer package
env: env:
PKG_APPLE_ID_USERNAME: ${{ secrets.PKG_APPLE_ID_USERNAME }} PKG_APPLE_ID_EMAIL: ${{ secrets.PKG_APPLE_ID_EMAIL }}
PKG_APPLE_ID_APP_SPECIFIC_PASSWORD: ${{ secrets.PKG_APPLE_ID_APP_SPECIFIC_PASSWORD }} PKG_APPLE_ID_APP_SPECIFIC_PASSWORD: ${{ secrets.PKG_APPLE_ID_APP_SPECIFIC_PASSWORD }}
run: xcrun notarytool submit Homebrew-${{ steps.print-version.outputs.version }}.pkg run: xcrun notarytool submit Homebrew-${{ steps.print-version.outputs.version }}.pkg
--team-id "${PKG_APPLE_DEVELOPER_TEAM_ID}" --team-id "${PKG_APPLE_DEVELOPER_TEAM_ID}"
--apple-id "${PKG_APPLE_ID_USERNAME}" --apple-id "${PKG_APPLE_ID_EMAIL}"
--password "${PKG_APPLE_ID_APP_SPECIFIC_PASSWORD}" --password "${PKG_APPLE_ID_APP_SPECIFIC_PASSWORD}"
--wait --wait