Skip to content
This repository was archived by the owner on Nov 26, 2025. It is now read-only.

Commit 65ba85a

Browse files
committed
fix: use absolute paths for binary and zip file in notarization process in GitHub Actions workflow
1 parent f187095 commit 65ba85a

1 file changed

Lines changed: 9 additions & 10 deletions

File tree

.github/workflows/release.yml

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ jobs:
105105
if: runner.os == 'macOS'
106106
shell: bash
107107
run: |
108-
BINARY="target/${{ matrix.target }}/release/rohas"
108+
BINARY="$GITHUB_WORKSPACE/target/${{ matrix.target }}/release/rohas"
109109
if [ -f "$BINARY" ]; then
110110
APPLE_ID="${{ secrets.APPLE_ID }}"
111111
APPLE_TEAM_ID="${{ secrets.APPLE_TEAM_ID }}"
@@ -115,10 +115,10 @@ jobs:
115115
echo "Warning: Notarization credentials not set, skipping notarization"
116116
else
117117
# Create a zip file for notarization (required format)
118-
NOTARIZE_ZIP="target/${{ matrix.target }}/release/rohas-notarize.zip"
119-
cd "target/${{ matrix.target }}/release"
120-
zip "rohas-notarize.zip" rohas
121-
cd - > /dev/null
118+
# Use absolute path to avoid any path resolution issues
119+
NOTARIZE_ZIP="$GITHUB_WORKSPACE/target/${{ matrix.target }}/release/rohas-notarize.zip"
120+
cd "$GITHUB_WORKSPACE/target/${{ matrix.target }}/release"
121+
zip -j "rohas-notarize.zip" rohas
122122
123123
# Submit for notarization
124124
xcrun notarytool submit "$NOTARIZE_ZIP" \
@@ -127,13 +127,12 @@ jobs:
127127
--password "$APPLE_APP_PASSWORD" \
128128
--wait
129129
130-
# Extract the binary from the notarized zip (it will still be signed)
131-
cd "target/${{ matrix.target }}/release"
132-
unzip -o "rohas-notarize.zip" rohas
133-
cd - > /dev/null
130+
# Staple the notarization ticket to the binary
131+
xcrun stapler staple "$BINARY"
134132
135-
# Verify the binary is still signed
133+
# Verify the binary is signed and stapled
136134
codesign --verify --verbose "$BINARY"
135+
xcrun stapler validate "$BINARY"
137136
138137
# Clean up the temporary zip file
139138
rm -f "$NOTARIZE_ZIP"

0 commit comments

Comments
 (0)