asd

.gitea/workflows/test-local-signing.yml

@@ -96,29 +96,49 @@ jobs:
           KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
           KEYCHAIN_PASSWORD="$(openssl rand -base64 12)"
           
+          # Delete existing keychain if it exists
+          security delete-keychain "$KEYCHAIN_PATH" 2>/dev/null || true
+          
+          # Create new keychain
           security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
-          security set-keychain-settings -t 3600 -l "$KEYCHAIN_PATH"
+          security set-keychain-settings -t 3600 -u -l "$KEYCHAIN_PATH"
           security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
           
-          # Add to keychain list and make it default
-          security list-keychains -s "$KEYCHAIN_PATH" login.keychain
-          security default-keychain -s "$KEYCHAIN_PATH"
+          # List the keychains before modifying
+          echo "Keychains before:"
+          security list-keychains
           
-          # Import developer certificate
+          # Set the new keychain as the default and add it to the search list
+          security default-keychain -s "$KEYCHAIN_PATH"
+          security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | tr -d '"')
+          
+          # List the keychains after modifying
+          echo "Keychains after:"
+          security list-keychains
+          
+          # Import developer certificate with specific parameters for code signing
           echo "🔑 Importing developer certificate..."
           echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
-          security import certificate.p12 -k "$KEYCHAIN_PATH" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign
+          security import certificate.p12 -k "$KEYCHAIN_PATH" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -A -t cert -f pkcs12 -T /usr/bin/codesign
           
           # Set partition list to allow codesign to access without password
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
           
-          # Verify certificate
-          echo "🔍 Verifying certificate..."
+          # Check what's in the keychain
+          echo "🔍 Listing all certificates in keychain..."
+          security find-certificate -a "$KEYCHAIN_PATH"
+          
+          # Verify code signing identities
+          echo "🔍 Verifying code signing identities..."
           security find-identity -v -p codesigning "$KEYCHAIN_PATH"
           
-          # Make keychain available for 1 hour
+          # Make sure keychain is unlocked, set timeout to 1 hour
           security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
           
+          # Store keychain variables for later steps
+          echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
+          echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> "$GITHUB_ENV"
+          
           # Cleanup
           rm -f certificate.p12
         shell: bash
@@ -127,23 +147,26 @@ jobs:
         run: |
           echo "🔏 Signing app bundle..."
           
-          # Get the identity name (not hash)
-          IDENTITY_NAME=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | sed -E 's/.*"Developer ID Application: ([^"]*).*/\1/')
-          IDENTITY_FULL="Developer ID Application: $IDENTITY_NAME"
-          
-          echo "Found identity: $IDENTITY_FULL"
-          
-          if [ -z "$IDENTITY_NAME" ]; then
-            echo "❌ Error: No valid Developer ID Application identity found"
-            exit 1
-          fi
-          
           # Make sure keychain is unlocked
           security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
           
-          # Sign the app bundle
-          echo "Signing with identity: $IDENTITY_FULL"
-          codesign --force --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY_FULL" --timestamp TestApp.app
+          # List all code signing identities again
+          echo "Available identities for signing:"
+          security find-identity -v -p codesigning "$KEYCHAIN_PATH"
+          
+          # Get any available signing identity
+          IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | head -1 | awk -F '"' '{print $2}')
+          
+          if [ -z "$IDENTITY" ]; then
+            echo "❌ Error: No valid code signing identity found"
+            exit 1
+          fi
+          
+          echo "Using identity: $IDENTITY"
+          
+          # Sign the app bundle with verbose output
+          echo "Signing app bundle..."
+          codesign --force --verbose --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY" --timestamp TestApp.app
           
           # Verify signing
           echo "🔍 Verifying signature..."