fix(actions): refine macOS notarization workflow by removing build cache management and enhancing identity handling during signing process

.gitea/workflows/test-macos-build.yml

@@ -41,22 +41,6 @@ jobs:
           echo "Environment setup complete"
         shell: bash
         
-      # Restore cache for build dependencies
-      - name: Restore Build Cache
-        id: build-cache
-        uses: actions/cache@v3
-        with:
-          path: |
-            DerivedDataCache
-            Intermediate
-            Saved/Autosaves
-            Saved/Config
-            .unreal
-          key: ${{ runner.os }}-macbuild-${{ hashFiles('**/*.uproject') }}-${{ hashFiles('Config/**') }}
-          restore-keys: |
-            ${{ runner.os }}-macbuild-${{ hashFiles('**/*.uproject') }}-
-            ${{ runner.os }}-macbuild-
-        
       # Build for macOS - use your own build script 
       - name: Build for macOS
         run: |
@@ -168,19 +152,6 @@ jobs:
           fi
         shell: bash
                 
-      # Save cache for next workflow run
-      - name: Save Build Cache
-        if: always()
-        uses: actions/cache/save@v3
-        with:
-          path: |
-            DerivedDataCache
-            Intermediate
-            Saved/Autosaves
-            Saved/Config
-            .unreal
-          key: ${{ steps.build-cache.outputs.cache-primary-key }}
-                
       # Create a debug log file for notarize action
       - name: Create debug log directory
         run: |
@@ -320,16 +291,25 @@ jobs:
           debug_log "Importing certificate into keychain"
           security import "$CERTIFICATE_PATH" -k "$KEYCHAIN_NAME" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign
           
-          # Allow codesign to access keychain items
+          # Add to search list and set as default
+          security list-keychains -d user -s "$KEYCHAIN_NAME" login.keychain
+          security default-keychain -s "$KEYCHAIN_NAME"
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
+          
+          # Allow codesign to access keychain items without prompting
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
           
-          # Verify certificate was imported
+          # List all identities to find the exact name
-          security find-identity -v "$KEYCHAIN_NAME" | grep "Developer ID Application"
+          debug_log "Listing all identities in the keychain:"
-          IDENTITY_RESULT=$?
+          IDENTITY_INFO=$(security find-identity -v "$KEYCHAIN_NAME")
+          debug_log "$IDENTITY_INFO"
           
-          if [ $IDENTITY_RESULT -eq 0 ]; then
+          # Parse the exact identity name from the output
-            debug_log "Certificate imported successfully"
+          EXACT_IDENTITY=$(echo "$IDENTITY_INFO" | grep "Developer ID Application" | head -1 | sed -E 's/.*"(Developer ID Application: .*)"/\1/')
-            SIGNING_IDENTITY="Developer ID Application: ${{ secrets.APPLE_TEAM_ID }}"
+          
+          if [[ -n "$EXACT_IDENTITY" ]]; then
+            debug_log "Found exact identity: $EXACT_IDENTITY"
+            SIGNING_IDENTITY="$EXACT_IDENTITY"
             echo "SIGNING_IDENTITY=$SIGNING_IDENTITY" >> $GITHUB_ENV
             echo "CERTIFICATE_AVAILABLE=true" >> $GITHUB_ENV
           else
@@ -357,6 +337,12 @@ jobs:
           
           debug_log "Starting application signing process"
           
+          # Make sure keychain is unlocked and available
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
+          security list-keychains
+          security default-keychain
+          security find-identity -v "$KEYCHAIN_NAME" | grep "Developer ID Application"
+          
           # Check if certificate is available
           if [[ "$CERTIFICATE_AVAILABLE" == "false" ]]; then
             debug_log "No certificate available and fallback disabled. Skipping signing."
@@ -370,6 +356,7 @@ jobs:
           # Sign the app
           if [[ "$CERTIFICATE_AVAILABLE" == "true" ]]; then
             debug_log "Signing with Developer ID certificate"
+            debug_log "Using identity: $SIGNING_IDENTITY"
             
             # First remove existing signatures
             debug_log "Removing existing signatures..."
@@ -399,11 +386,22 @@ jobs:
               find "$APP_PATH/Contents/MacOS" -type f -exec codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_IDENTITY" {} \; 2>/dev/null || true
             fi
             
+            # Try with exact hash ID if available
+            if [[ "$IDENTITY_INFO" =~ ([0-9A-F]{40}) ]]; then
+              HASH_ID="${BASH_REMATCH[1]}"
+              debug_log "Trying to sign with hash ID: $HASH_ID"
+              
+              # Sign app bundle with hash ID
+              debug_log "Signing main app bundle with hash ID..."
+              codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS_PATH" --sign "$HASH_ID" "$APP_PATH"
+              SIGN_RESULT=$?
+            else
               # Sign app bundle
               debug_log "Signing main app bundle..."
               codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_IDENTITY" "$APP_PATH"
-            
               SIGN_RESULT=$?
+            fi
+            
             if [ $SIGN_RESULT -eq 0 ]; then
               debug_log "App signed successfully with Developer ID"
               echo "SIGNING_RESULT=true" >> $GITHUB_ENV