Apple binaries trusted signature

[pomadchin]

We have ARM builds via #61

However, it's not enough (see #89 (comment)); we need to make the published dylib trusted so it seamlessly works.

We need to figure out how to sign binaries;

• gha docs: https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
• git searched repo that may help investigating what to do about it: Add OS X 11 (Big Sur) ARM support keepassxreboot/keepassxc#4934

@metasim thanks for the help 🥇

Most likely we need https://github.com/Apple-Actions/import-codesign-certs

I found https://github.com/strawberrymusicplayer/strawberry/blob/master/.github/workflows/build.yml#L806-L809 and https://github.com/orgs/community/discussions/70145

More: #89 (comment)

[metasim]

I wonder if self-signing (aka "adhoc") is better than nothing:

codesign --force -s - libpdaljni.2.6.dylib

From the manpage:

If identity is the single letter "-" (dash), ad-hoc signing is performed. Ad-hoc signing does not use an identity at all, and identifies exactly one instance of code. Significant restrictions apply to the use of ad-hoc signed code; consult documentation before using this.

[pomadchin]

@metasim lets try it!

[pomadchin]

Also https://localazy.com/blog/how-to-automatically-sign-macos-apps-using-github-actions

[pomadchin]

We don't need it, tested #95 and #96

All thx to @metasim 🔥