From c12c28be6786d47090b5f1d7a62de96a9d3170fb Mon Sep 17 00:00:00 2001
From: pczaj <91881359+pczaj@users.noreply.github.com>
Date: Mon, 17 Apr 2023 15:26:23 +0200
Subject: [PATCH] notarise zip file in package.yml workflow

---
 .github/workflows/package.yml | 44 ++++++++++++++++++++++++++++++++---
 1 file changed, 41 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
index eeca68c..e7575a8 100644
--- a/.github/workflows/package.yml
+++ b/.github/workflows/package.yml
@@ -1,12 +1,50 @@
 name: Package Unity Plugin
-on: workflow_dispatch
+on: 
+   push:
+    branches:
+      - notarisation
 
 jobs:
   package:
     runs-on: macos-latest
     steps:
+
+
       - uses: actions/checkout@v2
+      - name: Zip of assets of DolbyIO comms-sdk-unity
+        run: |
+          zip -rq comms-sdk-unity.zip ./*
+
+      - name: Install the Apple certificate and notarization profile
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          IAPI_UNITY_APP_SPECYFIC_PASSWORD: ${{ secrets.IAPI_UNITY_APP_SPECYFIC_PASSWORD }}
+          NOTARIZATION_LOG: "${RUNNER_TEMP}/notarization.log"
+
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          # import certificate and provisioning profile from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+          xcrun notarytool store-credentials "unity-notarization-profile" --apple-id "iapi@dolby.com" --team-id B55NRA8BRW --password "${IAPI_UNITY_APP_SPECYFIC_PASSWORD}"
+          xcrun notarytool submit ${{github.workspace}}/comms-sdk-unity.zip --keychain-profile "unity-notarization-profile" --wait > notarization.log
+          cat notarization.log
+          export NOTARIZATION_ID=$(awk '$1=="id:"{print $2}' notarization.log | head -n 1)
+          xcrun notarytool log ${NOTARIZATION_ID} --keychain-profile "unity-notarization-profile"  notrary_log.json
+          cat notrary_log.json
+
+
       - uses: actions/upload-artifact@v3
         with:
-          name: dolbyio-comms-unity-plugin
-          path: ${{github.workspace}}/
+          name: comms-sdk-unity.zip
+          path: ${{github.workspace}}/comms-sdk-unity.zip