feat: add Apple code signing and notarization support #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | ||
|
Check failure on line 1 in .github/workflows/release.yml
|
||
| on: | ||
| push: | ||
| tags: | ||
| - 'v[0-9]+.[0-9]+.[0-9]+' | ||
| - 'v[0-9]+.[0-9]+.[0-9]+-*' | ||
| permissions: | ||
| contents: write | ||
| jobs: | ||
| build-release: | ||
| name: Build Release | ||
| runs-on: macos-14 | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Show Swift Version | ||
| run: swift --version | ||
| - name: Get Version | ||
| id: version | ||
| run: | | ||
| VERSION=${GITHUB_REF#refs/tags/v} | ||
| echo "version=$VERSION" >> $GITHUB_OUTPUT | ||
| echo "Building version: $VERSION" | ||
| - name: Update Version in Files | ||
| run: | | ||
| VERSION=${{ steps.version.outputs.version }} | ||
| # Update version in Makefile | ||
| sed -i '' "s/VERSION = .*/VERSION = $VERSION/" Makefile | ||
| # Update version in build script | ||
| sed -i '' "s/VERSION=\".*\"/VERSION=\"$VERSION\"/" Installer/build-pkg.sh | ||
| - name: Build ARM64 Binary | ||
| run: swift build -c release | ||
| - name: Run Tests | ||
| run: swift test | ||
| - name: Verify Binary | ||
| run: | | ||
| file .build/release/rastertoepiloz | ||
| - name: Prepare Release Binary | ||
| run: | | ||
| mkdir -p .build/apple/Products/Release | ||
| cp .build/release/rastertoepiloz .build/apple/Products/Release/ | ||
| # Apple Code Signing (only if secrets are configured) | ||
| - name: Import Apple Certificates | ||
| if: ${{ secrets.APPLE_CERTIFICATE_P12 != '' }} | ||
| env: | ||
| CERTIFICATE_P12: ${{ secrets.APPLE_CERTIFICATE_P12 }} | ||
| CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | ||
| run: | | ||
| # Create temporary keychain | ||
| KEYCHAIN_PATH=$RUNNER_TEMP/build.keychain | ||
| KEYCHAIN_PASSWORD=$(openssl rand -base64 32) | ||
| # Decode certificate | ||
| echo "$CERTIFICATE_P12" | base64 --decode > $RUNNER_TEMP/certificate.p12 | ||
| # Create and configure keychain | ||
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | ||
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | ||
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | ||
| # Import certificate | ||
| security import $RUNNER_TEMP/certificate.p12 -k $KEYCHAIN_PATH \ | ||
| -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign | ||
| # Set key partition list | ||
| security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | ||
| # Add to search list | ||
| security list-keychains -d user -s $KEYCHAIN_PATH login.keychain | ||
| echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> $GITHUB_ENV | ||
| echo "Apple certificates imported successfully" | ||
| - name: Build Installer Package | ||
| env: | ||
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | ||
| run: | | ||
| VERSION=${{ steps.version.outputs.version }} | ||
| # Build with signing if certificates are available | ||
| if [ -n "${{ secrets.APPLE_CERTIFICATE_P12 }}" ]; then | ||
| echo "Building SIGNED package..." | ||
| ./Installer/build-pkg.sh --sign | ||
| else | ||
| echo "Building unsigned package (no Apple certificates configured)" | ||
| ./Installer/build-pkg.sh | ||
| fi | ||
| # Rename to match version if needed | ||
| if [ -f ".build/pkg/EpilogDriver-1.0.0.pkg" ]; then | ||
| mv .build/pkg/EpilogDriver-1.0.0.pkg .build/pkg/EpilogDriver-${VERSION}.pkg | ||
| fi | ||
| - name: Notarize Package | ||
| if: ${{ secrets.APPLE_CERTIFICATE_P12 != '' }} | ||
| env: | ||
| APPLE_ID: ${{ secrets.APPLE_ID }} | ||
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | ||
| APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }} | ||
| run: | | ||
| VERSION=${{ steps.version.outputs.version }} | ||
| PKG_PATH=".build/pkg/EpilogDriver-${VERSION}.pkg" | ||
| echo "Submitting package for notarization..." | ||
| xcrun notarytool submit "$PKG_PATH" \ | ||
| --apple-id "$APPLE_ID" \ | ||
| --team-id "$APPLE_TEAM_ID" \ | ||
| --password "$APPLE_APP_PASSWORD" \ | ||
| --wait | ||
| echo "Stapling notarization ticket..." | ||
| xcrun stapler staple "$PKG_PATH" | ||
| echo "Package notarized and stapled successfully" | ||
| - name: Cleanup Keychain | ||
| if: always() | ||
| run: | | ||
| if [ -n "$KEYCHAIN_PATH" ]; then | ||
| security delete-keychain $KEYCHAIN_PATH 2>/dev/null || true | ||
| fi | ||
| - name: Create Release Notes | ||
| id: release_notes | ||
| run: | | ||
| VERSION=${{ steps.version.outputs.version }} | ||
| cat << 'EOF' > release_notes.md | ||
| ## Epilog Zing Driver v${{ steps.version.outputs.version }} | ||
| > **DISCLAIMER:** This is an unofficial, community-developed driver not affiliated with Epilog Laser. Use at your own risk. | ||
| ### Installation | ||
| 1. Download `EpilogDriver-${{ steps.version.outputs.version }}.pkg` | ||
| 2. Double-click to run the installer | ||
| 3. Follow the on-screen instructions | ||
| ### Adding the Printer | ||
| After installation, add your Epilog Zing printer: | ||
| 1. Open **System Settings** → **Printers & Scanners** | ||
| 2. Click **+** to add a printer | ||
| 3. Select the **IP** tab | ||
| 4. Enter your laser's IP address (default: `192.168.3.4`) | ||
| 5. Protocol: **Line Printer Daemon - LPD** | ||
| 6. Use: Select **Epilog Zing 16** or **Epilog Zing 24** | ||
| Or via command line: | ||
| ```bash | ||
| lpadmin -p "Epilog-Zing" -E \ | ||
| -v lpd://192.168.3.4 \ | ||
| -P /Library/Printers/PPDs/Contents/Resources/EpilogZing16.ppd | ||
| ``` | ||
| ### Features | ||
| - Raster engraving with adjustable power and speed | ||
| - Vector cutting support | ||
| - 3D greyscale engraving (variable depth) | ||
| - Resolutions: 100, 200, 250, 400, 500, 1000 DPI | ||
| ### Uninstalling | ||
| To uninstall, double-click the uninstaller at: | ||
| ``` | ||
| /Library/Printers/Epilog/Uninstall Epilog Driver.command | ||
| ``` | ||
| Or in Finder, press Cmd+Shift+G and paste the path above. | ||
| ### System Requirements | ||
| - macOS 10.15 (Catalina) or later | ||
| - Apple Silicon (M1/M2/M3) or Intel Mac | ||
| EOF | ||
| - name: Create GitHub Release | ||
| uses: softprops/action-gh-release@v2 | ||
| with: | ||
| name: Epilog Zing Driver v${{ steps.version.outputs.version }} | ||
| body_path: release_notes.md | ||
| draft: false | ||
| prerelease: ${{ contains(github.ref, '-') }} | ||
| files: | | ||
| .build/pkg/EpilogDriver-${{ steps.version.outputs.version }}.pkg | ||
| generate_release_notes: true | ||
| - name: Upload Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: EpilogDriver-${{ steps.version.outputs.version }} | ||
| path: .build/pkg/EpilogDriver-${{ steps.version.outputs.version }}.pkg | ||
| retention-days: 90 | ||
