gcp-pkgbuild
gcp-pkgbuild copied to clipboard
sign packages
Reference: https://mackyle.github.io/xar/howtosign.html#howto Example: https://hub.docker.com/r/bruienne/pkgsign/
Using an encrypted key: https://cloud.google.com/container-builder/docs/securing-builds/use-encrypted-secrets-credentials
For this step I would encrypt the Apple Developer Certificate and place it in a storage bucket, and the use the gsutil
builder to pull it into repo and decrypt with kms before signing.