Conveyor works well with CI platforms like TeamCity, GitHub Actions etc. When building in CI you should supply your signing credentials in a different way than using the
defaults.conf file. A simple approach is to create a separate file next to your main
conveyor.conf file that looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Call it something like
ci.conveyor.conf. Copy your
.pem files to be next to this file (or adjust the paths). Now place your root key and Apple notarization app-specific password into secret environment variables in your CI configuration called
APPLE_ASP respectively. Finally, invoke conveyor like this:
conveyor -f ci.conveyor.conf make site. Your main
conveyor.conf file can set
app.sign = false so signing doesn't get in the way during development.
An alternative approach is to set a passphrase, then put the encrypted
app.signing-key value into your main app config that gets checked into version control. You can then put the passphrase into an environment variable and specify it on the command line with
Caching Conveyor downloads
Please be careful that your CI/build system doesn't download Conveyor over and over again. If you can't pre-install it on your workers for some reason, make sure the download is cached locally. IP addresses that seem to be re-downloading Conveyor on every build may be throttled or blocked.