fix(actions): refine macOS notarization workflow by removing build cache management and enhancing identity handling during signing process
Some checks failed
Test macOS Build Action / test-macos-build (push) Failing after 28m20s
Some checks failed
Test macOS Build Action / test-macos-build (push) Failing after 28m20s
This commit is contained in:
parent
605f31abef
commit
89ecd77133
@ -41,22 +41,6 @@ jobs:
|
||||
echo "Environment setup complete"
|
||||
shell: bash
|
||||
|
||||
# Restore cache for build dependencies
|
||||
- name: Restore Build Cache
|
||||
id: build-cache
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: |
|
||||
DerivedDataCache
|
||||
Intermediate
|
||||
Saved/Autosaves
|
||||
Saved/Config
|
||||
.unreal
|
||||
key: ${{ runner.os }}-macbuild-${{ hashFiles('**/*.uproject') }}-${{ hashFiles('Config/**') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-macbuild-${{ hashFiles('**/*.uproject') }}-
|
||||
${{ runner.os }}-macbuild-
|
||||
|
||||
# Build for macOS - use your own build script
|
||||
- name: Build for macOS
|
||||
run: |
|
||||
@ -167,19 +151,6 @@ jobs:
|
||||
echo "Found entitlements file: ${{ env.ENTITLEMENTS_FILE }}"
|
||||
fi
|
||||
shell: bash
|
||||
|
||||
# Save cache for next workflow run
|
||||
- name: Save Build Cache
|
||||
if: always()
|
||||
uses: actions/cache/save@v3
|
||||
with:
|
||||
path: |
|
||||
DerivedDataCache
|
||||
Intermediate
|
||||
Saved/Autosaves
|
||||
Saved/Config
|
||||
.unreal
|
||||
key: ${{ steps.build-cache.outputs.cache-primary-key }}
|
||||
|
||||
# Create a debug log file for notarize action
|
||||
- name: Create debug log directory
|
||||
@ -320,16 +291,25 @@ jobs:
|
||||
debug_log "Importing certificate into keychain"
|
||||
security import "$CERTIFICATE_PATH" -k "$KEYCHAIN_NAME" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign
|
||||
|
||||
# Allow codesign to access keychain items
|
||||
# Add to search list and set as default
|
||||
security list-keychains -d user -s "$KEYCHAIN_NAME" login.keychain
|
||||
security default-keychain -s "$KEYCHAIN_NAME"
|
||||
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
|
||||
|
||||
# Allow codesign to access keychain items without prompting
|
||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
|
||||
|
||||
# Verify certificate was imported
|
||||
security find-identity -v "$KEYCHAIN_NAME" | grep "Developer ID Application"
|
||||
IDENTITY_RESULT=$?
|
||||
# List all identities to find the exact name
|
||||
debug_log "Listing all identities in the keychain:"
|
||||
IDENTITY_INFO=$(security find-identity -v "$KEYCHAIN_NAME")
|
||||
debug_log "$IDENTITY_INFO"
|
||||
|
||||
if [ $IDENTITY_RESULT -eq 0 ]; then
|
||||
debug_log "Certificate imported successfully"
|
||||
SIGNING_IDENTITY="Developer ID Application: ${{ secrets.APPLE_TEAM_ID }}"
|
||||
# Parse the exact identity name from the output
|
||||
EXACT_IDENTITY=$(echo "$IDENTITY_INFO" | grep "Developer ID Application" | head -1 | sed -E 's/.*"(Developer ID Application: .*)"/\1/')
|
||||
|
||||
if [[ -n "$EXACT_IDENTITY" ]]; then
|
||||
debug_log "Found exact identity: $EXACT_IDENTITY"
|
||||
SIGNING_IDENTITY="$EXACT_IDENTITY"
|
||||
echo "SIGNING_IDENTITY=$SIGNING_IDENTITY" >> $GITHUB_ENV
|
||||
echo "CERTIFICATE_AVAILABLE=true" >> $GITHUB_ENV
|
||||
else
|
||||
@ -357,6 +337,12 @@ jobs:
|
||||
|
||||
debug_log "Starting application signing process"
|
||||
|
||||
# Make sure keychain is unlocked and available
|
||||
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
|
||||
security list-keychains
|
||||
security default-keychain
|
||||
security find-identity -v "$KEYCHAIN_NAME" | grep "Developer ID Application"
|
||||
|
||||
# Check if certificate is available
|
||||
if [[ "$CERTIFICATE_AVAILABLE" == "false" ]]; then
|
||||
debug_log "No certificate available and fallback disabled. Skipping signing."
|
||||
@ -370,6 +356,7 @@ jobs:
|
||||
# Sign the app
|
||||
if [[ "$CERTIFICATE_AVAILABLE" == "true" ]]; then
|
||||
debug_log "Signing with Developer ID certificate"
|
||||
debug_log "Using identity: $SIGNING_IDENTITY"
|
||||
|
||||
# First remove existing signatures
|
||||
debug_log "Removing existing signatures..."
|
||||
@ -399,11 +386,22 @@ jobs:
|
||||
find "$APP_PATH/Contents/MacOS" -type f -exec codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_IDENTITY" {} \; 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Sign app bundle
|
||||
debug_log "Signing main app bundle..."
|
||||
codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_IDENTITY" "$APP_PATH"
|
||||
# Try with exact hash ID if available
|
||||
if [[ "$IDENTITY_INFO" =~ ([0-9A-F]{40}) ]]; then
|
||||
HASH_ID="${BASH_REMATCH[1]}"
|
||||
debug_log "Trying to sign with hash ID: $HASH_ID"
|
||||
|
||||
# Sign app bundle with hash ID
|
||||
debug_log "Signing main app bundle with hash ID..."
|
||||
codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS_PATH" --sign "$HASH_ID" "$APP_PATH"
|
||||
SIGN_RESULT=$?
|
||||
else
|
||||
# Sign app bundle
|
||||
debug_log "Signing main app bundle..."
|
||||
codesign --force --timestamp --options runtime --entitlements "$ENTITLEMENTS_PATH" --sign "$SIGNING_IDENTITY" "$APP_PATH"
|
||||
SIGN_RESULT=$?
|
||||
fi
|
||||
|
||||
SIGN_RESULT=$?
|
||||
if [ $SIGN_RESULT -eq 0 ]; then
|
||||
debug_log "App signed successfully with Developer ID"
|
||||
echo "SIGNING_RESULT=true" >> $GITHUB_ENV
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user