remove code-sign-mac-installers job: we already have a notarized dmg

arduino · umbynos · May 19, 2023 · May 5, 2023 · May 5, 2023 · May 5, 2023
commit bfcfbd615f5d1773b315b7d2ef18c6adfcfb100c
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -412,83 +412,6 @@ jobs:
           path: ArduinoCreateAgent*
           if-no-files-found: error
 
-  # This job will sign and notarize mac installers
-  code-sign-mac-installers:
-    needs: package
-    strategy:
-      matrix:
-        arch: [amd64]
-
-    runs-on: macos-12
-    steps:
-      - name: Download artifact
-        uses: actions/download-artifact@v3
-        with:
-          name: ArduinoCreateAgent-osx-${{ matrix.arch }}
-          path: ArduinoCreateAgent-osx
-
-        # zip artifacts do not mantain executable permission
-      - name: Make executable
-        run: chmod -v +x ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.app/Contents/MacOS/*
-
-      - name: Import Code-Signing Certificates
-        run: |
-          echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
-          security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
-          security default-keychain -s "${{ env.KEYCHAIN }}"
-          security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
-          security import \
-            "${{ env.INSTALLER_CERT_MAC_PATH }}" \
-            -k "${{ env.KEYCHAIN }}" \
-            -f pkcs12 \
-            -A \
-            -T "/usr/bin/codesign" \
-            -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
-          security set-key-partition-list \
-            -S apple-tool:,apple: \
-            -s \
-            -k "${{ env.KEYCHAIN_PASSWORD }}" \
-            "${{ env.KEYCHAIN }}"
-
-      - name: Install gon for code signing and app notarization
-        run: |
-          wget -q https://github.com/mitchellh/gon/releases/download/v0.2.5/gon_macos.zip
-          unzip gon_macos.zip -d /usr/local/bin
-
-      - name: Write gon config to file
-        # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
-        run: |
-          cat > gon.config_installer.hcl <<EOF
-          source = ["ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.app"]
-          bundle_id = "cc.arduino.${{ env.PROJECT_NAME }}-installer"
-
-          sign {
-            application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
-          }
-
-          dmg {
-            output_path = "ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg"
-            volume_name = "ArduinoCreateAgent"
-          }
-          EOF
-
-      - name: Code sign and notarize app
-        run: |
-          echo "gon will notarize executable in ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.app"
-          gon -log-level=debug -log-json gon.config_installer.hcl
-        timeout-minutes: 30
-
-      #  tar dmg file to keep executable permission
-      - name: Tar files to keep permissions
-        run: tar -cvf ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.tar ArduinoCreateAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg
-
-      - name: Upload artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: ArduinoCreateAgent-osx-${{ matrix.arch }}
-          path: ArduinoCreateAgent*.tar
-          if-no-files-found: error
-
   create-release:
     runs-on: ubuntu-20.04
     needs: [build, code-sign-mac-installers]