macOS Sign, Package, and Notarize
ActionsTags
(1)Sign, package, and notarize macOS binaries.
This action will...
- Sign the specified binary.
- Put the signed binary, along with any extra files, into a DMG disk image.
- Sign the DMG disk image.
- Notarize the DMG disk image.
This GitHub Action requires a macOS runner.
If you're using an app-specific password to authenticate...
- uses: halprin/macos-sign-package-notarize@v1
with:
path-to-binary: ./evn-pilot-conversion
signing-identity: ${{ secrets.SIGNING_IDENTITY }}
apple-id: ${{ secrets.APPLE_ID }}
app-specific-password: ${{ secrets.APP_SPECIFIC_PASSWORD }}
apple-developer-team-id: ${{ secrets.APPLE_DEVELOPER_TEAM_ID }}
extra-files: README.md LICENSE
archive-disk-name: My macOS Program
archive-file-path: ./my-macos-program.dmg
If you're using an App Store Connect key to authenticate...
- uses: halprin/macos-sign-package-notarize@v1
with:
path-to-binary: ./evn-pilot-conversion
signing-identity: ${{ secrets.SIGNING_IDENTITY }}
app-store-connect-key: ${{ secrets.APP_STORE_CONNECT_KEY }}
app-store-connect-key-id: ${{ secrets.APP_STORE_CONNECT_KEY_ID }}
app-store-connect-issuer-id: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
extra-files: README.md LICENSE
archive-disk-name: My macOS Program
archive-file-path: ./my-macos-program.dmg
Descriptions for these inputs are in action.yml
.
Use GitHub secrets for the app-specific-password
and app-store-connect-key
inputs! These values are sensitive and must not be revealed.
The signing-identity
references a certificate in the macOS Keychain. This certificate can be imported using the apple-actions/import-codesign-certs
GitHub Action before running this repository's GitHub Action in a GitHub Action workflow.
You may want to upload the DMG disk image to a release's assets after running this repository's GitHub Action in a GitHub Action workflow.
- name: Upload Release Asset
run: gh release upload ${{ github.event.release.tag_name }} ./my-macos-program.dmg --clobber
env:
GH_TOKEN: ${{ github.token }}
macOS Sign, Package, and Notarize is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.