LuckyRobots/LuckyWorld
14
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects 1 Releases 13 Wiki Activity

feat(workflows): add test local signing workflow for macOS
Some checks failed
Test Local Signing / test-local-signing (push) Failing after 8s
Details

Browse Source
This commit is contained in:
Ozgur 2025-04-14 14:10:12 +02:00
parent 8c02d550fb
commit 70e17b52ec
No known key found for this signature in database
GPG Key ID: 66CDF27505A35546
2 changed files with 197 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
.gitea/workflows/test-local-signing-2.yml Normal file
View File

@ -0,0 +1,195 @@
name: Test Local Signing
on:
workflow_dispatch: # Manuel tetikleme
push:
branches: [ozgur/build]
jobs:
test-local-signing:
runs-on: macos
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Create Test Certificate
run: |
echo "🔑 Creating test certificate and keychain..."
# Test için gerekli dizinleri oluştur
CERT_DIR="$HOME/certificates"
mkdir -p "$CERT_DIR"
# Test keychain oluştur
KEYCHAIN_PATH="$CERT_DIR/test.keychain"
KEYCHAIN_PASSWORD="test123"
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security default-keychain -s "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Test sertifikası oluştur
cd "$CERT_DIR"
echo "📜 Creating self-signed certificate..."
CERT_NAME="Test LuckyWorld Developer"
openssl req -x509 -newkey rsa:2048 \
-keyout test_key.pem \
-out test_cert.pem \
-days 365 \
-nodes \
-subj "/CN=$CERT_NAME"
echo "🔐 Converting to P12 format..."
CERT_PASSWORD="test123"
openssl pkcs12 -export \
-out test_cert.p12 \
-inkey test_key.pem \
-in test_cert.pem \
-password pass:$CERT_PASSWORD
echo "📋 Creating base64 version for reference..."
cat test_cert.p12 | base64 > test_cert_base64.txt
echo "🔄 Importing certificate to keychain..."
security import test_cert.p12 \
-k "$KEYCHAIN_PATH" \
-P "$CERT_PASSWORD" \
-T /usr/bin/codesign
# Keychain'i codesign için hazırla
security set-key-partition-list \
-S apple-tool:,apple: \
-s \
-k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Environment variables kaydet
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
echo "CERT_NAME=$CERT_NAME" >> "$GITHUB_ENV"
echo "WORKSPACE_DIR=$(pwd)" >> "$GITHUB_ENV"
echo "✅ Certificate setup complete"
# Debug: Sertifika bilgilerini göster
echo "🔍 Checking codesigning identities..."
security find-identity -v -p codesigning "$KEYCHAIN_PATH"
shell: bash
- name: Verify Certificate
run: |
echo "🔍 Verifying certificate in keychain..."
security find-identity -v -p codesigning "$KEYCHAIN_PATH"
# Detaylı sertifika bilgilerini göster
echo "📋 Certificate details:"
security find-certificate -a -c "$CERT_NAME" -p "$KEYCHAIN_PATH" | \
openssl x509 -text | \
grep -E "Subject:|Issuer:|Not Before:|Not After:|Serial Number:"
shell: bash
- name: Create Test Entitlements
run: |
echo "📝 Creating test entitlements file..."
cat > LuckyWorld.entitlements << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
</dict>
</plist>
EOF
echo "✅ Created entitlements file"
cat LuckyWorld.entitlements
shell: bash
- name: Create Test App Bundle
run: |
echo "📦 Creating test app bundle..."
# Test app bundle oluştur
TEST_APP_DIR="TestApp.app"
mkdir -p "$TEST_APP_DIR/Contents/MacOS"
# Basit bir test executable oluştur
echo '#!/bin/bash
echo "Hello from TestApp!"' > "$TEST_APP_DIR/Contents/MacOS/TestApp"
chmod +x "$TEST_APP_DIR/Contents/MacOS/TestApp"
# Info.plist oluştur
cat > "$TEST_APP_DIR/Contents/Info.plist" << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleExecutable</key>
<string>TestApp</string>
<key>CFBundleIdentifier</key>
<string>com.luckyworld.testapp</string>
<key>CFBundleName</key>
<string>TestApp</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>LSMinimumSystemVersion</key>
<string>10.10</string>
</dict>
</plist>
EOF
echo "✅ Created test app bundle"
echo "APP_PATH=$TEST_APP_DIR" >> "$GITHUB_ENV"
shell: bash
- name: Test Signing
run: |
echo "🔏 Testing code signing..."
# Keychain'i hazırla
security unlock-keychain -p "test123" "$KEYCHAIN_PATH"
echo "📝 Signing app bundle with test certificate..."
/usr/bin/codesign --force --deep --verbose \
--sign "$CERT_NAME" \
--entitlements "LuckyWorld.entitlements" \
"$APP_PATH"
echo "✅ Signing complete"
echo "🔍 Verifying signature..."
codesign -vv -d "$APP_PATH"
echo "📋 Checking entitlements..."
codesign -d --entitlements :- "$APP_PATH"
echo "🔒 Testing Gatekeeper assessment (will fail, this is expected)..."
spctl --assess --type exec "$APP_PATH" || true
shell: bash
- name: Cleanup
if: always()
run: |
echo "🧹 Cleaning up..."
# Keychain temizle
security delete-keychain "$KEYCHAIN_PATH" || true
# Test dosyalarını temizle
rm -rf "$HOME/certificates" || true
rm -rf TestApp.app || true
echo "✅ Cleanup complete"
shell: bash

4
.gitea/workflows/test-macos-build.yml
View File

@ -2,8 +2,8 @@ name: Test macOS Build Action
on:
workflow_dispatch: # Manual trigger only for testing
push:
branches: [ozgur/build]
# push:
# branches: [ozgur/build]
jobs:
test-macos-build: