experimental arm build

.github/workflows/build_packages.yml

@@ -135,7 +135,78 @@ jobs:
         with:
           upload_url: ${{ needs.create_release_deb.outputs.upload_url }}
           asset_path: installer/macos/target/pkg-signed/oco-agent.pkg
-          asset_name: oco-agent.pkg
+          asset_name: oco-agent-x86.pkg
+          asset_content_type: application/octet-stream
+
+  create_pkg_arm:
+    name: Create macOS ARM package
+    runs-on: macos-14-xlarge
+    needs: create_release_deb
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Create venv
+        run: python -m venv venv
+
+      - name: Install Python packages
+        run: venv/bin/pip3 install pyinstaller .
+
+      - name: Importing signing certificates
+        run: |
+          # create and unlock temporary keychain
+          KEYCHAIN_NAME=$RUNNER_TEMP/build.keychain
+          KEYCHAIN_PASS=$(head -c 8 /dev/urandom | od -An -tu8 | awk '{$1=$1};1')
+          security create-keychain -p $KEYCHAIN_PASS $KEYCHAIN_NAME
+          security default-keychain -s $KEYCHAIN_NAME
+          security set-keychain-settings -lut 21600 $KEYCHAIN_NAME
+          security unlock-keychain -p $KEYCHAIN_PASS $KEYCHAIN_NAME
+
+          # add certificate to keychain
+          CERT_FILE=build.p12
+          echo "${{ secrets.DEVELOPER_ID_APPLICATION_CERT_BASE64 }}" | base64 --decode > $CERT_FILE
+          security import $CERT_FILE -k $KEYCHAIN_NAME -P "${{ secrets.DEVELOPER_ID_APPLICATION_CERT_PASSWORD }}" -T /usr/bin/codesign >/dev/null 2>&1
+          echo "${{ secrets.DEVELOPER_ID_INSTALLER_CERT_BASE64 }}" | base64 --decode > $CERT_FILE
+          security import $CERT_FILE -k $KEYCHAIN_NAME -P "${{ secrets.DEVELOPER_ID_INSTALLER_CERT_PASSWORD }}" -T /usr/bin/pkgbuild -T /usr/bin/productsign >/dev/null 2>&1
+          rm -fr $CERT_FILE
+          #security find-identity -v  #-p codesigning
+
+          # enable codesigning from a non user interactive shell
+          security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASS $KEYCHAIN_NAME >/dev/null 2>&1
+
+      - name: Compile binaries
+        run: venv/bin/pyinstaller oco-agent.macos.spec
+
+      - name: Execute package build
+        run: cd installer/macos/ && ./build.sh
+        env:
+          DEVELOPER_ID_INSTALLER_CERT_BASE64: ${{ secrets.DEVELOPER_ID_INSTALLER_CERT_BASE64 }}
+          DEVELOPER_ID_INSTALLER_CERT_PASSWORD: ${{ secrets.DEVELOPER_ID_INSTALLER_CERT_PASSWORD }}
+          DEVELOPER_ACCOUNT_USERNAME: ${{ secrets.DEVELOPER_ACCOUNT_USERNAME }}
+          DEVELOPER_ACCOUNT_PASSWORD: ${{ secrets.DEVELOPER_ACCOUNT_PASSWORD }}
+          DEVELOPER_ACCOUNT_TEAM: ${{ secrets.DEVELOPER_ACCOUNT_TEAM }}
+
+      - name: Purging signing keychain
+        run: |
+          security delete-keychain $RUNNER_TEMP/build.keychain
+
+      - name: Upload artifact
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          upload_url: ${{ needs.create_release_deb.outputs.upload_url }}
+          asset_path: installer/macos/target/pkg-signed/oco-agent.pkg
+          asset_name: oco-agent-arm.pkg
           asset_content_type: application/octet-stream
 
   create_exe: