@@ -112,12 +112,6 @@ jobs:
112112 RUNS_ON : macos-10.15 # used to parametrize filenames
113113
114114 steps :
115- - name : Checkout
116- uses : actions/checkout@v2
117- with :
118- repository : ' bcmi-labs/arduino-create-agent-installer' # the repo which contains gon.config.hcl
119- token : ${{ secrets.ARDUINO_CREATE_AGENT_CI_PAT }}
120-
121115 - name : Download artifact
122116 uses : actions/download-artifact@v2
123117 with :
@@ -141,14 +135,29 @@ jobs:
141135 wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip
142136 unzip gon_macos.zip -d /usr/local/bin
143137
138+ name : Write gon config to file
139+ # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
140+ run : |
141+ cat > gon.config.hcl <<EOF
142+ source = ["arduino-create-agent-${{ env.RUNS_ON }}/arduino-create-agent"]
143+ bundle_id = "cc.arduino.arduino-agent"
144+ sign {
145+ application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
146+ }
147+ # Ask Gon for zip output to force notarization process to take place.
148+ # The CI will ignore the zip output, using the signed binary only.
149+ zip {
150+ output_path = "arduino-create-agent.zip"
151+ }
152+ EOF
153+
144154name : Code sign and notarize app
145155 env :
146156 AC_USERNAME : ${{ secrets.AC_USERNAME }}
147157 AC_PASSWORD : ${{ secrets.AC_PASSWORD }}
148158 run : |
159+ echo "gon will notarize executable in "arduino-create-agent-${{ env.RUNS_ON }}/arduino-create-agent"
149160 gon -log-level=debug -log-json gon.config.hcl
150- # gon will notarize executable in "arduino-create-agent-${{ env.RUNS_ON }}/arduino-create-agent
151- # The CI will ignore the zip output, using the signed binary only.
152161timeout-minutes : 30
153162
154163 # This step will overwrite the non signed mac artifact (arduino-create-agent-${{ env.RUNS_ON }})
0 commit comments