This action Apple-notarizes macOS applications or plug-ins. It does this by submitting your built .app (or non-app bundle) to Apple's notarization service.
It uses notarytool by default but can be configured to use altool. In the case of the latter it will poll the notarization service until it times out or receives a success response.
NOTE: Originally forked from https://github.com/devbotsxyz/xcode-notarize
These keys must be set correctly for the action to work.
| Name | Description | Example Value |
|---|---|---|
product-path |
The path to the product to notarize. | /dist/MyApp.app |
appstore-connect-username |
The AppStore Connect username. | ${{ secrets.NOTARIZATION_USERNAME }} |
appstore-connect-password |
The AppStore Connect password. | ${{ secrets.NOTARIZATION_PASSWORD }} |
appstore-connect-team-id |
The AppStore Connect team id. Only required when using notarytool. |
FY8GAUX283 |
These keys are set to sane defaults but can be modified as needed.
| Name | Description | Default | Example |
|---|---|---|---|
appstore-connect-api-key |
The AppStore Connect API Key. | null |
${{ secrets.NOTARIZATION_API_KEY }} |
appstore-connect-api-issuer |
The AppStore Connect API Issuer. | null |
${{ secrets.NOTARIZATION_API_ISSUER }} |
primary-bundle-id |
A unique identifier that identifies this product notarization. | bundle identifier of the app you are uploading. | dev.lando.my-app |
tool |
The xcrun notarization tool to use. |
notarytool |
altool |
verbose |
Verbose mode will print Notarization API responses. | false |
true |
- name: Notarize Release Build
uses: lando/notarize-action@v2
with:
product-path: "/dist/MyApp.app"
appstore-connect-username: ${{ secrets.NOTARIZATION_USERNAME }}
appstore-connect-password: ${{ secrets.NOTARIZATION_PASSWORD }}
appstore-connect-team-id: FY8GAUX283Note that notarization is not the final step. After Apple has notarized your application, you also want to staple a notarization ticket to your product.
This can be done with the Xcode Staple action.
We try to log all changes big and small in both THE CHANGELOG and the release notes.
Create a release and publish to GitHub Actions Marketplace. Note that the release tag must be a semantic version.
Made with contrib.rocks.