From 429f86ee14ca057066947a28de811140cd4a5d49 Mon Sep 17 00:00:00 2001 From: Till Toenshoff Date: Sun, 1 Mar 2026 17:24:37 +0100 Subject: [PATCH 1/2] reuse tested artifacts in macos notarize job --- .github/workflows/macos.yml | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index 964723b..1b14c28 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -56,19 +56,15 @@ jobs: environment: Release needs: build if: github.ref_type == 'tag' - env: - BEATIT_TEST_CPU_ONLY: "1" steps: - name: Checkout uses: actions/checkout@v4 - - name: Install build dependencies - run: | - brew list --versions ninja >/dev/null 2>&1 || brew install ninja - brew list --versions pytorch >/dev/null 2>&1 || brew install pytorch - - - name: Resolve Torch prefix - run: echo "BEATIT_TORCH_ROOT=$(brew --prefix pytorch)" >> "$GITHUB_ENV" + - name: Download tested build artifacts + uses: actions/download-artifact@v4 + with: + name: beatit-macos-build + path: . - name: Import signing certificate env: @@ -91,12 +87,6 @@ jobs: security import signing.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain - - name: Configure - run: cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release -DBEATIT_TORCH_ROOT="${BEATIT_TORCH_ROOT}" - - - name: Build - run: cmake --build build - - name: Verify plugins are staged run: | test -f build/plugins/libbeatit_backend_coreml.dylib From e8c7a57545c333447210794136bb2ca2db80cb69 Mon Sep 17 00:00:00 2001 From: Till Toenshoff Date: Sun, 1 Mar 2026 17:27:11 +0100 Subject: [PATCH 2/2] split product build and installer signing --- scripts/package_macos_pkg.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/scripts/package_macos_pkg.sh b/scripts/package_macos_pkg.sh index e460072..c524fa9 100755 --- a/scripts/package_macos_pkg.sh +++ b/scripts/package_macos_pkg.sh @@ -108,13 +108,15 @@ PRODUCTBUILD_ARGS=( --resources "$RESOURCE_DIR" ) -if [[ -n "$INSTALLER_SIGN_IDENTITY" ]]; then - PRODUCTBUILD_ARGS+=(--sign "$INSTALLER_SIGN_IDENTITY") -fi - echo "Building final installer package: $UNSIGNED_PKG_PATH" productbuild "${PRODUCTBUILD_ARGS[@]}" "$UNSIGNED_PKG_PATH" -mv "$UNSIGNED_PKG_PATH" "$PKG_PATH" +if [[ -n "$INSTALLER_SIGN_IDENTITY" ]]; then + echo "Signing final installer package: $PKG_PATH" + productsign --sign "$INSTALLER_SIGN_IDENTITY" "$UNSIGNED_PKG_PATH" "$PKG_PATH" + rm -f "$UNSIGNED_PKG_PATH" +else + mv "$UNSIGNED_PKG_PATH" "$PKG_PATH" +fi echo "Created package: $PKG_PATH"