From 446b5af7f3cc14a0fe8959e51e30ad06bfd6a9d9 Mon Sep 17 00:00:00 2001
From: Ozgur Ersoy <git@moersoy.com>
Date: Mon, 14 Apr 2025 15:54:44 +0200
Subject: [PATCH] fix(workflows): update local signing workflow to improve API
 key handling and enhance error messaging for notarization credentials

---
 .gitea/workflows/test-local-signing.yml | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/.gitea/workflows/test-local-signing.yml b/.gitea/workflows/test-local-signing.yml
index 4fd92d79..4cf4cfbd 100644
--- a/.gitea/workflows/test-local-signing.yml
+++ b/.gitea/workflows/test-local-signing.yml
@@ -265,18 +265,28 @@ jobs:
           APPLE_ID: ${{ secrets.NOTARY_USER }}
           APP_PASSWORD: ${{ secrets.NOTARY_PASSWORD }}
           API_KEY_ID: ${{ secrets.NOTARY_API_KEY_ID }}
-          API_ISSUER_ID: ${{ secrets.NOTARY_API_ISSUER_ID }}
-          API_KEY: ${{ secrets.NOTARY_API_KEY }}
+          API_ISSUER_ID: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }}
+          API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }}
         run: |
           echo "📤 Notarizing app..."
           
           # Check if we have API key credentials
-          if [ -n "$API_KEY_ID" ] && [ -n "$API_ISSUER_ID" ] && [ -n "$API_KEY" ]; then
+          if [ -n "$API_KEY_ID" ] && [ -n "$API_ISSUER_ID" ] && [ -n "$API_KEY_PATH" ]; then
             echo "Using App Store Connect API key for notarization..."
             
-            # Create directory for API key
+            # Create directory for API key if API_KEY_PATH contains content
             mkdir -p ~/private_keys
-            echo "$API_KEY" > ~/private_keys/AuthKey_${API_KEY_ID}.p8
+            
+            # Check if API_KEY_PATH is a path or content
+            if [[ "$API_KEY_PATH" == /* ]] && [ -f "$API_KEY_PATH" ]; then
+              # It's a path to a file
+              echo "Using API key from path: $API_KEY_PATH"
+              cp "$API_KEY_PATH" ~/private_keys/AuthKey_${API_KEY_ID}.p8
+            else
+              # It contains the key content
+              echo "Using API key from content"
+              echo "$API_KEY_PATH" > ~/private_keys/AuthKey_${API_KEY_ID}.p8
+            fi
             
             # Create zip for notarization
             ZIP_PATH="TestApp-notarize.zip"
@@ -330,8 +340,8 @@ jobs:
             echo "⚠️ Missing notarization credentials. Skipping notarization."
             echo "For App Store Connect API key method, set these secrets:"
             echo "  - NOTARY_API_KEY_ID: Your API key ID"
-            echo "  - NOTARY_API_ISSUER_ID: Your API issuer ID"
-            echo "  - NOTARY_API_KEY: Your API key content (p8 file)"
+            echo "  - NOTARY_API_KEY_ISSUER_ID: Your API issuer ID"
+            echo "  - NOTARY_API_KEY_PATH: Path to or content of your p8 file"
             echo ""
             echo "For App-specific password method, set these secrets:"
             echo "  - NOTARY_USER: Your Apple ID (email)"