[1kaizen]

Yea. Why cant github actions build these artifacts?

[Ahrotahn]

It does! That warning is for a different repo that allows community contribution:

https://github.com/ungoogled-software/ungoogled-chromium-bin...

[winkelmann]

GitHub now offers "artifact attestation"[1], which would be ideal for this use case. It records what build process binaries originated from, so they can still be published elsewhere while remaining verifiable.

[1] https://github.blog/changelog/2024-06-25-artifact-attestatio...

[vodkapump]

It needs way too much space to build with github actions

[lifesaverluke]

It's possible! I do it here: https://github.com/chromium-for-lambda/chromium-binaries/act...

[bracketfocus]

According to the workflow file, you’re using self-hosted runners…

[keepamovin]

Because of the code signing for macOS

[winkelmann]

I haven't tried it myself, but it seems like that should be possible?

> You can sign Xcode apps within your continuous integration (CI) workflow by installing an Apple code signing certificate on GitHub Actions runners.

https://docs.github.com/en/actions/use-cases-and-examples/de...

[sdflhasjd]

This costs money, requires some agreement signing and can "dox" developers, so not everyone wants a cert.

[Brian_K_White]

That is chef's kiss right there.

Security or authenticity is prevented by a security or authenticity policy.

[thih9]

This is common. Sometimes a security policy works (e.g. a password length requirement may cause people to come up with stronger password) and sometimes people consider it excessive and prefer to work around it (e.g. a password length requirement may cause people to write the password down on a sticky note and attach it to the computer screen).