From 8973ea7f3ae60d275b42d15b7d7cbfb1ce268cd9 Mon Sep 17 00:00:00 2001
From: Omer Shatzberg <omershatzberg@gmail.com>
Date: Sun, 28 Dec 2025 16:38:53 +0200
Subject: [PATCH] Add macOS build workflow for Tauri app

---
 .github/workflows/build.yml | 72 +++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9c03c5d..9da14ce 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -177,3 +177,75 @@ jobs:
           target_commitish: ${{ github.sha }}
           generate_release_notes: true
           files: src-tauri/target/release/Benchmaker-Portable.exe
+
+  build-macos:
+    needs: build-windows
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Import Apple certificate
+        if: ${{ secrets.APPLE_CERTIFICATE != '' }}
+        env:
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+        run: |
+          echo "$APPLE_CERTIFICATE" | base64 -d > /tmp/apple_cert.p12
+          security create-keychain -p "" build.keychain
+          security import /tmp/apple_cert.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productbuild -T /usr/bin/security
+          security set-keychain-settings -t 3600 -u build.keychain
+          security list-keychains -d user -s build.keychain
+          security unlock-keychain -p "" build.keychain
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "" build.keychain
+
+      - name: Build Tauri app (dmg)
+        env:
+          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+        run: npm run tauri:build -- --bundles dmg
+
+      - name: Upload dmg
+        uses: actions/upload-artifact@v4
+        with:
+          name: Benchmaker-macOS-dmg
+          path: src-tauri/target/release/bundle/dmg/*.dmg
+
+      - name: Determine release tag
+        id: release_tag
+        if: github.ref == 'refs/heads/main'
+        run: |
+          version=$(node -p "require('./package.json').version")
+          if [ -z "$version" ]; then
+            echo "package.json version not found"
+            exit 1
+          fi
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+          echo "tag=v$version" >> "$GITHUB_OUTPUT"
+
+      - name: Upload dmg to GitHub release
+        if: github.ref == 'refs/heads/main'
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.release_tag.outputs.tag }}
+          files: src-tauri/target/release/bundle/dmg/*.dmg