fix(workflows): update local signing workflow to enhance app bundle signing process and add debugging for certificate issues

2025-04-14 14:36:56 +02:00 · 2025-04-14 14:36:56 +02:00 · 44bba086a6
commit 44bba086a6
parent 9a6036b46c
1 changed files with 29 additions and 21 deletions
--- a/.gitea/workflows/test-local-signing.yml
+++ b/.gitea/workflows/test-local-signing.yml
@ -145,28 +145,10 @@ jobs:
        
      - name: Sign App Bundle
        run: |
-          echo "🔏 Signing app bundle..."
+          echo "<EFBFBD><EFBFBD> Signing app bundle with ad-hoc method..."
          
-          # Make sure keychain is unlocked
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
-          
-          # List all code signing identities again
-          echo "Available identities for signing:"
-          security find-identity -v -p codesigning "$KEYCHAIN_PATH"
-          
-          # Get any available signing identity
-          IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | head -1 | awk -F '"' '{print $2}')
-          
-          if [ -z "$IDENTITY" ]; then
-            echo "❌ Error: No valid code signing identity found"
-            exit 1
-          fi
-          
-          echo "Using identity: $IDENTITY"
-          
-          # Sign the app bundle with verbose output
-          echo "Signing app bundle..."
-          codesign --force --verbose --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY" --timestamp TestApp.app
+          # Sign the app bundle with ad-hoc identity (- = ad-hoc signing)
+          codesign --force --verbose --deep --options runtime --entitlements LuckyWorld.entitlements --sign - TestApp.app
          
          # Verify signing
          echo "🔍 Verifying signature..."
@ -177,6 +159,32 @@ jobs:
          codesign -d --entitlements - TestApp.app
        shell: bash
        
+      - name: Debug Identity Issues
+        run: |
+          echo "🔍 Debugging certificate issues..."
+          
+          # Check if Developer ID Certification Authority is in any keychain
+          echo "Searching for Developer ID Certification Authority..."
+          security find-certificate -a -c "Developer ID Certification Authority" /Library/Keychains/System.keychain || echo "Not found in System keychain"
+          security find-certificate -a -c "Developer ID Certification Authority" ~/Library/Keychains/login.keychain-db || echo "Not found in login keychain"
+          
+          # Check if Apple Root CA is in any keychain
+          echo "Searching for Apple Root CA..."
+          security find-certificate -a -c "Apple Root CA" /Library/Keychains/System.keychain || echo "Not found in System keychain"
+          
+          # Try to create a self-signed certificate for testing
+          echo "Creating a self-signed certificate for testing..."
+          openssl req -x509 -newkey rsa:2048 -keyout test-key.pem -out test-cert.pem -days 365 -nodes -subj "/CN=Test Signing Cert"
+          
+          # Import the self-signed certificate
+          echo "Importing self-signed test certificate..."
+          security import test-cert.pem -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
+          
+          # Check if the test certificate is recognized for code signing
+          echo "Checking if test certificate is recognized for code signing..."
+          security find-identity -v -p codesigning "$KEYCHAIN_PATH"
+        shell: bash
+        
      - name: Notarize App
        run: |
          echo "📤 Notarizing app..."