Skip to content

Disable Macos build in publish.yml #381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Scriptbash merged 3 commits into from
Mar 30, 2026
Merged

Disable Macos build in publish.yml #381

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5d38ed6
Enable hardened runtime
Scriptbash Mar 30, 2026
c73c22e
disable auto signing
Scriptbash Mar 30, 2026
f84061b
disable macos build
Scriptbash Mar 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
131 changes: 65 additions & 66 deletions .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,65 +69,65 @@ jobs:
lane: deploy
subdirectory: android

build-macos:
name: Build for macOS
runs-on: macos-15
steps:
- uses: actions/checkout@v6
- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: latest-stable
- uses: subosito/flutter-action@v2
with:
channel: 'stable'
- run: flutter pub get
- run: flutter build macos --release
- name: Codesign executable
env:
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }}
MACOS_SIGN_IDENTITY: ${{ secrets.MACOS_SIGN_IDENTITY }}
run: |
echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
security find-identity
/usr/bin/codesign --force --deep --options runtime --entitlements macos/Runner/Release.entitlements -s "$MACOS_SIGN_IDENTITY" build/macos/Build/Products/Release/Wispar.app
/usr/bin/codesign --verify --deep --strict --verbose=2 build/macos/Build/Products/Release/Wispar.app
- name: Notarize app
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
uses: lando/notarize-action@v2
with:
product-path: "build/macos/Build/Products/Release/Wispar.app"
appstore-connect-username: ${{ secrets.APPLE_ID }}
appstore-connect-password: ${{ secrets.APPLE_PASSWORD }}
appstore-connect-team-id: ${{ secrets.APPLE_TEAM_ID }}
- name: Staple notarization
run: |
xcrun stapler staple build/macos/Build/Products/Release/Wispar.app
- name: Create dmg
env:
MACOS_SIGN_IDENTITY: ${{ secrets.MACOS_SIGN_IDENTITY }}
run: |
brew install create-dmg
create-dmg \
--volname "Wispar" \
--window-size 800 529 \
--icon-size 130 \
--app-drop-link 540 250 \
"Wispar.dmg" \
build/macos/Build/Products/Release/Wispar.app
/usr/bin/codesign --force -s "$MACOS_SIGN_IDENTITY" Wispar.dmg
- uses: actions/upload-artifact@v7
with:
name: wispar-macos-dmg
path: Wispar.dmg
# build-macos:
# name: Build for macOS
# runs-on: macos-15
# steps:
# - uses: actions/checkout@v6
# - uses: maxim-lobanov/setup-xcode@v1
# with:
# xcode-version: latest-stable
# - uses: subosito/flutter-action@v2
# with:
# channel: 'stable'
# - run: flutter pub get
# - run: flutter build macos --release
# - name: Codesign executable
# env:
# MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
# MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
# KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }}
# MACOS_SIGN_IDENTITY: ${{ secrets.MACOS_SIGN_IDENTITY }}
# run: |
# echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
# security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
# security default-keychain -s build.keychain
# security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
# security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
# security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
# security find-identity
# /usr/bin/codesign --force --deep --options runtime --entitlements macos/Runner/Release.entitlements -s "$MACOS_SIGN_IDENTITY" build/macos/Build/Products/Release/Wispar.app
# /usr/bin/codesign --verify --deep --strict --verbose=2 build/macos/Build/Products/Release/Wispar.app
# - name: Notarize app
# env:
# APPLE_ID: ${{ secrets.APPLE_ID }}
# APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
# uses: lando/notarize-action@v2
# with:
# product-path: "build/macos/Build/Products/Release/Wispar.app"
# appstore-connect-username: ${{ secrets.APPLE_ID }}
# appstore-connect-password: ${{ secrets.APPLE_PASSWORD }}
# appstore-connect-team-id: ${{ secrets.APPLE_TEAM_ID }}
# - name: Staple notarization
# run: |
# xcrun stapler staple build/macos/Build/Products/Release/Wispar.app
# - name: Create dmg
# env:
# MACOS_SIGN_IDENTITY: ${{ secrets.MACOS_SIGN_IDENTITY }}
# run: |
# brew install create-dmg
# create-dmg \
# --volname "Wispar" \
# --window-size 800 529 \
# --icon-size 130 \
# --app-drop-link 540 250 \
# "Wispar.dmg" \
# build/macos/Build/Products/Release/Wispar.app
# /usr/bin/codesign --force -s "$MACOS_SIGN_IDENTITY" Wispar.dmg
# - uses: actions/upload-artifact@v7
# with:
# name: wispar-macos-dmg
# path: Wispar.dmg

build-windows:
name: Build for Windows
Expand Down Expand Up @@ -188,19 +188,19 @@ jobs:
create-release:
name: Create GitHub Release
runs-on: ubuntu-latest
needs: [build-android, build-macos, build-windows]
needs: [build-android, build-windows] #[build-android, build-macos, build-windows]
steps:
- uses: actions/checkout@v6
- name: Download Android artifacts
uses: actions/download-artifact@v8
with:
name: android-artifacts
path: android-artifacts
- name: Download macOS artifact
uses: actions/download-artifact@v8
with:
name: wispar-macos-dmg
path: macos-artifacts
# - name: Download macOS artifact
# uses: actions/download-artifact@v8
# with:
# name: wispar-macos-dmg
# path: macos-artifacts
- name: Download Windows artifact
uses: actions/download-artifact@v8
with:
Expand All @@ -217,7 +217,6 @@ jobs:
artifacts: |
android-artifacts/app-release.apk,
android-artifacts/app-release.aab,
macos-artifacts/Wispar.dmg,
windows-artifacts/wispar_setup.exe
tag: v${{ env.VERSION }}
token: ${{ secrets.TOKEN }}
Expand Down
35 changes: 34 additions & 1 deletion macos/Runner.xcodeproj/project.pbxproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,6 @@
33CC10EC2044A3C60003C045 = {
CreatedOnToolsVersion = 9.2;
LastSwiftMigration = 1100;
ProvisioningStyle = Automatic;
SystemCapabilities = {
com.apple.Sandbox = {
enabled = 1;
Expand Down Expand Up @@ -390,10 +389,14 @@
inputFileListPaths = (
"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-frameworks-${CONFIGURATION}-input-files.xcfilelist",
);
inputPaths = (
);
name = "[CP] Embed Pods Frameworks";
outputFileListPaths = (
"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-frameworks-${CONFIGURATION}-output-files.xcfilelist",
);
outputPaths = (
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "\"${PODS_ROOT}/Target Support Files/Pods-Runner/Pods-Runner-frameworks.sh\"\n";
Expand Down Expand Up @@ -547,6 +550,7 @@
DEAD_CODE_STRIPPING = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
DEVELOPMENT_TEAM = MAX4AK5MU7;
ENABLE_HARDENED_RUNTIME = YES;
ENABLE_NS_ASSERTIONS = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_USER_SCRIPT_SANDBOXING = NO;
Expand Down Expand Up @@ -576,6 +580,19 @@
CODE_SIGN_STYLE = Automatic;
COMBINE_HIDPI_IMAGES = YES;
DEVELOPMENT_TEAM = MAX4AK5MU7;
ENABLE_APP_SANDBOX = YES;
ENABLE_HARDENED_RUNTIME = YES;
ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO;
ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
ENABLE_RESOURCE_ACCESS_CALENDARS = NO;
ENABLE_RESOURCE_ACCESS_CAMERA = NO;
ENABLE_RESOURCE_ACCESS_CONTACTS = NO;
ENABLE_RESOURCE_ACCESS_LOCATION = NO;
ENABLE_RESOURCE_ACCESS_PRINTING = NO;
ENABLE_RESOURCE_ACCESS_USB = NO;
ENABLE_USER_SELECTED_FILES = readwrite;
INFOPLIST_FILE = Runner/Info.plist;
INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.education";
LD_RUNPATH_SEARCH_PATHS = (
Expand Down Expand Up @@ -627,6 +644,7 @@
DEAD_CODE_STRIPPING = YES;
DEBUG_INFORMATION_FORMAT = dwarf;
DEVELOPMENT_TEAM = MAX4AK5MU7;
ENABLE_HARDENED_RUNTIME = YES;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_TESTABILITY = YES;
ENABLE_USER_SCRIPT_SANDBOXING = NO;
Expand Down Expand Up @@ -684,6 +702,7 @@
DEAD_CODE_STRIPPING = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
DEVELOPMENT_TEAM = MAX4AK5MU7;
ENABLE_HARDENED_RUNTIME = YES;
ENABLE_NS_ASSERTIONS = NO;
ENABLE_STRICT_OBJC_MSGSEND = YES;
ENABLE_USER_SCRIPT_SANDBOXING = NO;
Expand Down Expand Up @@ -713,6 +732,19 @@
CODE_SIGN_STYLE = Automatic;
COMBINE_HIDPI_IMAGES = YES;
DEVELOPMENT_TEAM = MAX4AK5MU7;
ENABLE_APP_SANDBOX = YES;
ENABLE_HARDENED_RUNTIME = YES;
ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO;
ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
ENABLE_RESOURCE_ACCESS_BLUETOOTH = NO;
ENABLE_RESOURCE_ACCESS_CALENDARS = NO;
ENABLE_RESOURCE_ACCESS_CAMERA = NO;
ENABLE_RESOURCE_ACCESS_CONTACTS = NO;
ENABLE_RESOURCE_ACCESS_LOCATION = NO;
ENABLE_RESOURCE_ACCESS_PRINTING = NO;
ENABLE_RESOURCE_ACCESS_USB = NO;
ENABLE_USER_SELECTED_FILES = readwrite;
INFOPLIST_FILE = Runner/Info.plist;
INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.education";
LD_RUNPATH_SEARCH_PATHS = (
Expand All @@ -737,6 +769,7 @@
COMBINE_HIDPI_IMAGES = YES;
DEVELOPMENT_TEAM = MAX4AK5MU7;
ENABLE_APP_SANDBOX = YES;
ENABLE_HARDENED_RUNTIME = YES;
ENABLE_INCOMING_NETWORK_CONNECTIONS = NO;
ENABLE_OUTGOING_NETWORK_CONNECTIONS = NO;
ENABLE_RESOURCE_ACCESS_AUDIO_INPUT = NO;
Expand Down
6 changes: 3 additions & 3 deletions macos/Runner/Release.entitlements
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>MAX4AK5MU7.app.wispar.wispar</string>
</array>
<array/>
</dict>
</plist>