From af479408a42691ccf58ca3332860b19cf3a3c6b3 Mon Sep 17 00:00:00 2001
From: Max Goedjen <max.goedjen@gmail.com>
Date: Thu, 25 Feb 2021 22:28:02 -0800
Subject: [PATCH] Switch GitHub Actions releaser to use API key instead of app
 specific password (#212)

* Update release.yml

* Update signing.sh

* Update release.yml

* Fix weird spacing

* Update signing.sh

* Update release.yml

* Update signing.sh
---
 .github/scripts/signing.sh    |  7 +++++--
 .github/workflows/release.yml | 10 +++++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/.github/scripts/signing.sh b/.github/scripts/signing.sh
index 9bb8042..b4799e5 100755
--- a/.github/scripts/signing.sh
+++ b/.github/scripts/signing.sh
@@ -10,10 +10,13 @@ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ci ci.keyc
 
 # Import Profiles
 mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
-
 echo $HOST_PROFILE_DATA | base64 -d -o Host.provisionprofile
 HOST_UUID=`grep UUID -A1 -a Host.provisionprofile | grep -io "[-A-F0-9]\{36\}"`
 cp Host.provisionprofile ~/Library/MobileDevice/Provisioning\ Profiles/$HOST_UUID.provisionprofile
 echo $AGENT_PROFILE_DATA | base64 -d -o Agent.provisionprofile
 AGENT_UUID=`grep UUID -A1 -a Agent.provisionprofile | grep -io "[-A-F0-9]\{36\}"`
-cp Agent.provisionprofile ~/Library/MobileDevice/Provisioning\ Profiles/$AGENT_UUID.provisionprofile
\ No newline at end of file
+cp Agent.provisionprofile ~/Library/MobileDevice/Provisioning\ Profiles/$AGENT_UUID.provisionprofile
+
+# Create directories for ASC key
+mkdir ~/.private_keys
+echo -n "$APPLE_API_KEY_DATA" > ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1893019..bdb6009 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,6 +16,8 @@ jobs:
         SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
         HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
         AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
+        APPLE_API_KEY_DATA: ${{ secrets.APPLE_API_KEY_DATA }}
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
       run: sudo xcrun xcode-select -s /Applications/Xcode_12.3.app
@@ -32,6 +34,8 @@ jobs:
         SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
         HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
         AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
+        APPLE_API_KEY_DATA: ${{ secrets.APPLE_API_KEY_DATA }}
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
       run: ./.github/scripts/signing.sh
     - name: Set Environment
       run: sudo xcrun xcode-select -s /Applications/Xcode_12.2.app
@@ -52,9 +56,9 @@ jobs:
             ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Archive.zip
     - name: Notarize
       env: 
-        APPLE_USERNAME: ${{ secrets.APPLE_USERNAME }}
-        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
-      run: xcrun altool --notarize-app --primary-bundle-id "com.maxgoedjen.secretive.host" --username $APPLE_USERNAME --password $APPLE_PASSWORD --file Secretive.zip
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+      run: xcrun altool --notarize-app --primary-bundle-id "com.maxgoedjen.secretive.host" --apiKey $APPLE_API_KEY_ID --apiIssuer $APPLE_API_ISSUER --file Secretive.zip
     - name: Document SHAs
       run: |
             shasum -a 512 Secretive.zip