From b168bc641a5a0d057de471b4ab6dae1548d265cf Mon Sep 17 00:00:00 2001
From: Jackson Tian <shyvo1987@gmail.com>
Date: Mon, 28 Aug 2023 16:56:38 +0800
Subject: [PATCH 1/5] test sign

---
 .github/workflows/test.yml   | 36 ++++++++++++++++++++++++++++++++++++
 tools/osx-entitlements.plist | 18 ++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 .github/workflows/test.yml
 create mode 100644 tools/osx-entitlements.plist

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 000000000..f788b367f
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,36 @@
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  package:
+    runs-on: macos-12
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+      - uses: apple-actions/import-codesign-certs@v2
+        with: 
+          p12-file-base64: ${{ secrets.APPLE_CERT_DATA }}
+          p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
+      - uses: apple-actions/import-codesign-certs@v2
+        with: 
+          p12-file-base64: ${{ secrets.APPLE_DEVELPER_ID_APPLICATION_CERT_DATA }}
+          p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
+      - run: |
+          CGO_ENABLED=0 GOOS=darwin go build -ldflags "-X 'github.com/aliyun/aliyun-cli/cli.Version=3.0.0-beta'" -o out/aliyun main/main.go
+          codesign --sign "${{ secrets.APPLE_TEAM_ID }}" \
+            --entitlements tools/osx-entitlements.plist \
+            --options runtime \
+            --timestamp out/aliyun
+          codesign -d -vvvv out/aliyun
+
+          # generate out/aliyun-cli-3.0.0-beta.pkg
+          bash tools/build_pkg.sh 3.0.0-beta
+          productsign --sign "${{ secrets.APPLE_TEAM_ID }}" out/aliyun-cli-3.0.0-beta.pkg out/aliyun-cli-3.0.0-beta.pkg-SIGNED
diff --git a/tools/osx-entitlements.plist b/tools/osx-entitlements.plist
new file mode 100644
index 000000000..045df8eaf
--- /dev/null
+++ b/tools/osx-entitlements.plist
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.get-task-allow</key>
+    <true/>
+</dict>
+</plist>

From 79c4af3fe1837f8adfc296b3d1e70a57f5f6bc97 Mon Sep 17 00:00:00 2001
From: Jackson Tian <shyvo1987@gmail.com>
Date: Tue, 29 Aug 2023 10:16:46 +0800
Subject: [PATCH 2/5] fixup

---
 .github/workflows/test.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f788b367f..28329e278 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,6 +23,7 @@ jobs:
         with: 
           p12-file-base64: ${{ secrets.APPLE_DEVELPER_ID_APPLICATION_CERT_DATA }}
           p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
+          create-keychain: false
       - run: |
           CGO_ENABLED=0 GOOS=darwin go build -ldflags "-X 'github.com/aliyun/aliyun-cli/cli.Version=3.0.0-beta'" -o out/aliyun main/main.go
           codesign --sign "${{ secrets.APPLE_TEAM_ID }}" \

From 45ca1fe9aa4d84ed6e7af0fae3cfaffa4bafff76 Mon Sep 17 00:00:00 2001
From: Jackson Tian <shyvo1987@gmail.com>
Date: Tue, 29 Aug 2023 10:28:51 +0800
Subject: [PATCH 3/5] fixup

---
 .github/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 28329e278..f01efab30 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,10 +15,10 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: '1.20'
-      - uses: apple-actions/import-codesign-certs@v2
-        with: 
-          p12-file-base64: ${{ secrets.APPLE_CERT_DATA }}
-          p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
+      # - uses: apple-actions/import-codesign-certs@v2
+      #   with: 
+      #     p12-file-base64: ${{ secrets.APPLE_CERT_DATA }}
+      #     p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
       - uses: apple-actions/import-codesign-certs@v2
         with: 
           p12-file-base64: ${{ secrets.APPLE_DEVELPER_ID_APPLICATION_CERT_DATA }}

From 0fd615d7814d4129735f5001e0f30c814e4d380d Mon Sep 17 00:00:00 2001
From: Jackson Tian <shyvo1987@gmail.com>
Date: Tue, 29 Aug 2023 10:30:42 +0800
Subject: [PATCH 4/5] fixup

---
 .github/workflows/test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f01efab30..28329e278 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,10 +15,10 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: '1.20'
-      # - uses: apple-actions/import-codesign-certs@v2
-      #   with: 
-      #     p12-file-base64: ${{ secrets.APPLE_CERT_DATA }}
-      #     p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
+      - uses: apple-actions/import-codesign-certs@v2
+        with: 
+          p12-file-base64: ${{ secrets.APPLE_CERT_DATA }}
+          p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
       - uses: apple-actions/import-codesign-certs@v2
         with: 
           p12-file-base64: ${{ secrets.APPLE_DEVELPER_ID_APPLICATION_CERT_DATA }}

From 8dbf5fdfebbb8ec9abe4156798f9061ac1ef5524 Mon Sep 17 00:00:00 2001
From: Jackson Tian <shyvo1987@gmail.com>
Date: Tue, 29 Aug 2023 10:42:42 +0800
Subject: [PATCH 5/5] fixup

---
 .github/workflows/test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 28329e278..f0dc58f30 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,11 +19,13 @@ jobs:
         with: 
           p12-file-base64: ${{ secrets.APPLE_CERT_DATA }}
           p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
+          keychain-password: tmppassworkd
       - uses: apple-actions/import-codesign-certs@v2
         with: 
           p12-file-base64: ${{ secrets.APPLE_DEVELPER_ID_APPLICATION_CERT_DATA }}
           p12-password: ${{ secrets.APPLE_CERT_PASSWORD }}
           create-keychain: false
+          keychain-password: tmppassworkd
       - run: |
           CGO_ENABLED=0 GOOS=darwin go build -ldflags "-X 'github.com/aliyun/aliyun-cli/cli.Version=3.0.0-beta'" -o out/aliyun main/main.go
           codesign --sign "${{ secrets.APPLE_TEAM_ID }}" \