fix(workflows): add detailed debugging for certificate import in macOS build workflow
Some checks failed
Test macOS Build Action / test-macos-build (push) Has been cancelled

This commit is contained in:
Ozgur 2025-04-14 13:50:05 +02:00
parent 4088c8d37a
commit 8c02d550fb
No known key found for this signature in database
GPG Key ID: 66CDF27505A35546

View File

@ -73,6 +73,55 @@ jobs:
WORKSPACE_DIR="$(pwd)"
echo "WORKSPACE_DIR=$WORKSPACE_DIR" >> "$GITHUB_ENV"
shell: bash
- name: Debug Certificate Import (Test)
env:
CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }}
CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
set -e # Fail on any error
echo "Current working directory: $(pwd)"
echo "Checking for .app bundles in Saved directory..."
find ./Saved -type d -name "*.app" || echo "No app bundles found."
echo "Decoding certificate..."
CERT_DIR="$HOME/certificates"
mkdir -p "$CERT_DIR"
CERT_PATH="$CERT_DIR/developer_certificate.p12"
echo "$CERTIFICATE_BASE64" | base64 --decode > "$CERT_PATH"
echo "Decoded certificate size: $(wc -c < "$CERT_PATH") bytes"
echo "Type: $(file "$CERT_PATH")"
echo "Creating and configuring custom keychain..."
CUSTOM_KEYCHAIN="$CERT_DIR/build.keychain"
CUSTOM_PASSWORD="temppassword123"
security create-keychain -p "$CUSTOM_PASSWORD" "$CUSTOM_KEYCHAIN"
security set-keychain-settings "$CUSTOM_KEYCHAIN"
security unlock-keychain -p "$CUSTOM_PASSWORD" "$CUSTOM_KEYCHAIN"
echo "Setting only this keychain as active..."
security list-keychains -s "$CUSTOM_KEYCHAIN"
security default-keychain -s "$CUSTOM_KEYCHAIN"
echo "Importing certificate..."
security import "$CERT_PATH" -P "$CERTIFICATE_PASSWORD" -k "$CUSTOM_KEYCHAIN" -T /usr/bin/codesign
echo "Granting access to codesign..."
security set-key-partition-list -S apple-tool:,apple: -s -k "$CUSTOM_PASSWORD" "$CUSTOM_KEYCHAIN"
echo "Verifying imported identities..."
security find-identity -v -p codesigning "$CUSTOM_KEYCHAIN"
echo "Setting environment variables for future steps..."
echo "KEYCHAIN_PATH=$CUSTOM_KEYCHAIN" >> "$GITHUB_ENV"
echo "KEYCHAIN_PASSWORD=$CUSTOM_PASSWORD" >> "$GITHUB_ENV"
echo "DIRECT_SIGNING_AVAILABLE=true" >> "$GITHUB_ENV"
echo "APPLE_TEAM=$APPLE_TEAM_ID" >> "$GITHUB_ENV"
shell: bash
# Step 2: Build for macOS
- name: Build for macOS
@ -84,55 +133,7 @@ jobs:
echo "Build script not found, skipping this step"
fi
shell: bash
- name: Debug Certificate Import2
env:
CERTIFICATE_BASE64: ${{ secrets.MACOS_CERTIFICATE }}
CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: |
set -e # Fail on any error
echo "Current working directory: $(pwd)"
echo "Checking for .app bundles in Saved directory..."
find ./Saved -type d -name "*.app" || echo "No app bundles found."
echo "Decoding certificate..."
CERT_DIR="$HOME/certificates"
mkdir -p "$CERT_DIR"
CERT_PATH="$CERT_DIR/developer_certificate.p12"
echo "$CERTIFICATE_BASE64" | base64 --decode > "$CERT_PATH"
echo "Decoded certificate size: $(wc -c < "$CERT_PATH") bytes"
echo "Type: $(file "$CERT_PATH")"
echo "Creating and configuring custom keychain..."
CUSTOM_KEYCHAIN="$CERT_DIR/build.keychain"
CUSTOM_PASSWORD="temppassword123"
security create-keychain -p "$CUSTOM_PASSWORD" "$CUSTOM_KEYCHAIN"
security set-keychain-settings "$CUSTOM_KEYCHAIN"
security unlock-keychain -p "$CUSTOM_PASSWORD" "$CUSTOM_KEYCHAIN"
echo "Setting only this keychain as active..."
security list-keychains -s "$CUSTOM_KEYCHAIN"
security default-keychain -s "$CUSTOM_KEYCHAIN"
echo "Importing certificate..."
security import "$CERT_PATH" -P "$CERTIFICATE_PASSWORD" -k "$CUSTOM_KEYCHAIN" -T /usr/bin/codesign
echo "Granting access to codesign..."
security set-key-partition-list -S apple-tool:,apple: -s -k "$CUSTOM_PASSWORD" "$CUSTOM_KEYCHAIN"
echo "Verifying imported identities..."
security find-identity -v -p codesigning "$CUSTOM_KEYCHAIN"
echo "Setting environment variables for future steps..."
echo "KEYCHAIN_PATH=$CUSTOM_KEYCHAIN" >> "$GITHUB_ENV"
echo "KEYCHAIN_PASSWORD=$CUSTOM_PASSWORD" >> "$GITHUB_ENV"
echo "DIRECT_SIGNING_AVAILABLE=true" >> "$GITHUB_ENV"
echo "APPLE_TEAM=$APPLE_TEAM_ID" >> "$GITHUB_ENV"
shell: bash
# Step 3: Enhanced Debug for Certificate Import
- name: Debug Certificate Import