add apple cert install

Author: zaneschepke

.github/workflows/nymvpn-desktop.yml

@@ -76,29 +76,43 @@ jobs:
         if: matrix.platform == 'ubuntu-latest'
         run: cargo make deb
         working-directory: .${{ env.working-directory }}
-      - name: import apple certs
+      - name: Install the Apple certificate and provisioning profile
         if: matrix.platform == 'macos-latest'
-        uses: apple-actions/import-codesign-certs@v2
-        continue-on-error: true
-        with:
-          p12-file-base64: ${{ secrets.APPLE_SIGNING_CERT_BASE64 }}
-          p12-password: ${{ secrets.APPLE_SIGNING_CERT_PASSWORD }}
-      - uses: Apple-Actions/download-provisioning-profiles@v1
-        continue-on-error: true
-        if: matrix.platform == 'macos-latest'
-        with:
-          bundle-id: net.nymtech.vpn
-          issuer-id: ${{ secrets.APPLE_APPSTORE_ISSUER_ID }}
-          api-key-id: ${{ secrets.APPLE_APPSTORE_KEY_ID }}
-          api-private-key: ${{ secrets.APPLE_APPSTORE_PRIVATE_KEY }}
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_SIGNING_CERT_BASE64 }}
+          P12_PASSWORD: ${{ secrets.APPLE_SIGNING_CERT_PASSWORD }}
+          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.APPLE_PROVISIONING_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASS }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate and provisioning profile from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # apply provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
       - name: build macos pkg 
         if: matrix.platform == 'macos-latest'
         run: cargo make pkg
         working-directory: .${{ env.working-directory }}
         env:
           APPLE_TEAM_ID: VW5DZLFHM5
-          APPLICATION_SIGNING_IDENTITY: 'Developer ID Application: Nym Technologies SA (VW5DZLFHM5)'
-          INSTALLER_SIGNING_IDENTITY: 'Developer ID Application: Nym Technologies SA (VW5DZLFHM5)'
+          APPLICATION_SIGNING_IDENTITY: 'Apple Distribution: Nym Technologies SA (VW5DZLFHM5)'
+          INSTALLER_SIGNING_IDENTITY: 'Apple Distribution: Nym Technologies SA (VW5DZLFHM5)'
       - name: install arc windows
         if: matrix.platform == 'windows-latest'
         uses: crazy-max/ghaction-chocolatey@v3