LuckyRobots/LuckyWorld
14
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects 1 Releases 13 Wiki Activity

asd
Some checks failed
Test Local Signing / test-local-signing (push) Failing after 8s
Details

Browse Source
This commit is contained in:
Ozgur 2025-04-14 14:34:33 +02:00
parent 61d4d283c4
commit 8943f65d58
No known key found for this signature in database
GPG Key ID: 66CDF27505A35546
1 changed files with 21 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
.gitea/workflows/test-local-signing.yml
View File

@ -99,60 +99,51 @@ jobs:
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -t 3600 -l "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security list-keychains -s "$KEYCHAIN_PATH" $(security list-keychains | xargs)
# Download and import Apple root certificates
echo "📥 Downloading Apple root certificates..."
curl -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
curl -o DeveloperIDG2.cer https://www.apple.com/certificateauthority/DeveloperIDG2.cer
# Check certificate formats
echo "🔍 Checking certificate formats..."
file AppleWWDRCAG3.cer
file DeveloperIDG2.cer
# Import Apple WWDRCA certificate
echo "🔑 Importing Apple WWDRCA certificate..."
security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
# Import Developer ID certificate - try with explicit format
echo "🔑 Importing Developer ID certificate..."
security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f pkcs7 || \
security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f openssl || \
security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
# Add to keychain list and make it default
security list-keychains -s "$KEYCHAIN_PATH" login.keychain
security default-keychain -s "$KEYCHAIN_PATH"
# Import developer certificate
echo "🔑 Importing developer p12 certificate..."
echo "🔑 Importing developer certificate..."
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
security import certificate.p12 -k "$KEYCHAIN_PATH" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign
# Set partition list to allow codesign to access keychain without password
# Set partition list to allow codesign to access without password
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Set keychain as default
security default-keychain -s "$KEYCHAIN_PATH"
# Verify certificate
echo "🔍 Verifying certificate..."
security find-identity -v -p codesigning "$KEYCHAIN_PATH"
# Make keychain available for 1 hour
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Cleanup
rm -f certificate.p12 AppleWWDRCAG3.cer DeveloperIDG2.cer
rm -f certificate.p12
shell: bash
- name: Sign App Bundle
run: |
echo "🔏 Signing app bundle..."
# Get the identity hash
IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | awk '{print $2}')
if [ -z "$IDENTITY" ]; then
# Get the identity name (not hash)
IDENTITY_NAME=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | sed -E 's/.*"Developer ID Application: ([^"]*).*/\1/')
IDENTITY_FULL="Developer ID Application: $IDENTITY_NAME"
echo "Found identity: $IDENTITY_FULL"
if [ -z "$IDENTITY_NAME" ]; then
echo "❌ Error: No valid Developer ID Application identity found"
exit 1
fi
# Make sure keychain is unlocked
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
# Sign the app bundle
codesign --force --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY" --timestamp TestApp.app
echo "Signing with identity: $IDENTITY_FULL"
codesign --force --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY_FULL" --timestamp TestApp.app
# Verify signing
echo "🔍 Verifying signature..."