From 2cc6cc73f2b4dd9a71bdacf60c52680f692a3956 Mon Sep 17 00:00:00 2001
From: "j.spijker@ultimaker.com" <jelle spijker>
Date: Sat, 2 Jul 2022 00:35:14 +0200
Subject: [PATCH] Use macos-keychain GH action

Contributes to CURA-9365
---
 .github/workflows/cura-installer.yml | 30 +++++++++++++++++-----------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/cura-installer.yml b/.github/workflows/cura-installer.yml
index 2963f733fe..67c2a1502c 100644
--- a/.github/workflows/cura-installer.yml
+++ b/.github/workflows/cura-installer.yml
@@ -118,12 +118,18 @@ jobs:
                 run: echo -n "$GPG_PRIVATE_KEY" | base64 --decode | gpg --import
 
             -   name: Configure Macos keychain (Bash)
+                id: macos-keychain
                 if: ${{ runner.os == 'Macos' }}
-                run: |
-                    CERTIFICATE_PATH=$RUNNER_TEMP/um_keychain.p12
-                    echo -n "$MACOS_CERT_P12" | base64 --decode --output $CERTIFICATE_PATH
-                    security import $CERTIFICATE_PATH -P $MACOS_CERT_PASSPHRASE -A
-#                    security unlock -p $MACOS_CERT_PASSPHRASE $CERTIFICATE_PATH
+                uses: apple-actions/import-codesign-certs@v1
+                with:
+                    p12-file-base64: ${{ secrets.MACOS_CERT_P12 }}
+                    p12-password: ${{ secrets.MACOS_CERT_PASSPHRASE }}
+
+            -   name: Unlock Macos keychain (Bash)
+                if: ${{ runner.os == 'Macos' }}
+                run: security unlock -p $TEMP_KEYCHAIN_PASSWORD signing_temp
+                env:
+                    TEMP_KEYCHAIN_PASSWORD: ${{  steps.macos-keychain.outputs.keychain-password }}
 
             -   name: Clean Conan local cache
                 if: ${{ inputs.conan_clean_local_cache }}
@@ -192,13 +198,13 @@ jobs:
                 run: xcrun altool --notarize-app --primary-bundle-id "nl.ultimaker.cura" --username "$MAC_NOTARIZE_USER" --password "$MAC_NOTARIZE_PASS" --file "./Ultimaker-Cura.dmg"
                 working-directory: dist
 
-            -   name: Create the MacOS dmg (Bash)
-                if: ${{ github.event.inputs.installer == 'true' && runner.os == 'Macos' }}
-                run: python ../cura_inst/packaging/dmg/dmg_sign_notarize.py
-                working-directory: dist
-                env:
-                    SOURCE_DIR: ${{ env.GITHUB_WORKSPACE }}/cura_inst
-                    DIST_DIR: ${{ env.GITHUB_WORKSPACE }}/dist
+#            -   name: Create the MacOS dmg (Bash)
+#                if: ${{ github.event.inputs.installer == 'true' && runner.os == 'Macos' }}
+#                run: python ../cura_inst/packaging/dmg/dmg_sign_notarize.py
+#                working-directory: dist
+#                env:
+#                    SOURCE_DIR: ${{ env.GITHUB_WORKSPACE }}/cura_inst
+#                    DIST_DIR: ${{ env.GITHUB_WORKSPACE }}/dist
 
             -   name: Upload the artifacts
                 uses: actions/upload-artifact@v3