fix: proper code signing for macOS — stop SIGKILL on launch #28
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Native Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| jobs: | |
| package-native: | |
| name: Package Native (${{ matrix.label }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| label: linux-x86_64 | |
| rust_target: x86_64-unknown-linux-gnu | |
| archive: prism-linux-x86_64.tar.gz | |
| - os: macos-14 | |
| label: macos-aarch64 | |
| rust_target: aarch64-apple-darwin | |
| archive: prism-macos-aarch64.tar.gz | |
| - os: windows-latest | |
| label: windows-x86_64 | |
| rust_target: x86_64-pc-windows-msvc | |
| archive: prism-windows-x86_64.zip | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install system deps (Linux — rdkafka needs libcurl) | |
| if: runner.os == 'Linux' | |
| run: sudo apt-get update && sudo apt-get install -y cmake libcurl4-openssl-dev | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| target: ${{ matrix.rust_target }} | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - name: Install dashboard deps | |
| run: cd dashboard && npm ci | |
| - name: Build dashboard bundle | |
| run: cd dashboard && npm run build | |
| - name: Build Rust binaries | |
| run: cargo build --release --bin prism --bin prism-node --target ${{ matrix.rust_target }} | |
| - name: Assemble package | |
| shell: bash | |
| run: | | |
| mkdir -p package | |
| if [[ "${{ matrix.label }}" == *"windows"* ]]; then | |
| cp target/${{ matrix.rust_target }}/release/prism.exe package/ | |
| cp target/${{ matrix.rust_target }}/release/prism-node.exe package/ | |
| cd package && 7z a -tzip ../${{ matrix.archive }} . && cd .. | |
| else | |
| cp target/${{ matrix.rust_target }}/release/prism package/ | |
| cp target/${{ matrix.rust_target }}/release/prism-node package/ | |
| # macOS: ad-hoc sign binaries so users only need to clear quarantine | |
| if [[ "${{ matrix.label }}" == *"macos"* ]]; then | |
| codesign -s - -f package/prism | |
| codesign -s - -f package/prism-node | |
| fi | |
| tar -C package -czf ${{ matrix.archive }} . | |
| fi | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.archive }} | |
| path: ${{ matrix.archive }} | |
| overwrite: true | |
| - name: Publish release assets | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| ${{ matrix.archive }} |