This commit is contained in:
parent
8943f65d58
commit
9a6036b46c
@ -96,29 +96,49 @@ jobs:
|
||||
KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
|
||||
KEYCHAIN_PASSWORD="$(openssl rand -base64 12)"
|
||||
|
||||
# Delete existing keychain if it exists
|
||||
security delete-keychain "$KEYCHAIN_PATH" 2>/dev/null || true
|
||||
|
||||
# Create new keychain
|
||||
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
||||
security set-keychain-settings -t 3600 -l "$KEYCHAIN_PATH"
|
||||
security set-keychain-settings -t 3600 -u -l "$KEYCHAIN_PATH"
|
||||
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
||||
|
||||
# Add to keychain list and make it default
|
||||
security list-keychains -s "$KEYCHAIN_PATH" login.keychain
|
||||
security default-keychain -s "$KEYCHAIN_PATH"
|
||||
# List the keychains before modifying
|
||||
echo "Keychains before:"
|
||||
security list-keychains
|
||||
|
||||
# Import developer certificate
|
||||
# Set the new keychain as the default and add it to the search list
|
||||
security default-keychain -s "$KEYCHAIN_PATH"
|
||||
security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | tr -d '"')
|
||||
|
||||
# List the keychains after modifying
|
||||
echo "Keychains after:"
|
||||
security list-keychains
|
||||
|
||||
# Import developer certificate with specific parameters for code signing
|
||||
echo "🔑 Importing developer certificate..."
|
||||
echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
|
||||
security import certificate.p12 -k "$KEYCHAIN_PATH" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign
|
||||
security import certificate.p12 -k "$KEYCHAIN_PATH" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -A -t cert -f pkcs12 -T /usr/bin/codesign
|
||||
|
||||
# Set partition list to allow codesign to access without password
|
||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
||||
|
||||
# Verify certificate
|
||||
echo "🔍 Verifying certificate..."
|
||||
# Check what's in the keychain
|
||||
echo "🔍 Listing all certificates in keychain..."
|
||||
security find-certificate -a "$KEYCHAIN_PATH"
|
||||
|
||||
# Verify code signing identities
|
||||
echo "🔍 Verifying code signing identities..."
|
||||
security find-identity -v -p codesigning "$KEYCHAIN_PATH"
|
||||
|
||||
# Make keychain available for 1 hour
|
||||
# Make sure keychain is unlocked, set timeout to 1 hour
|
||||
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
||||
|
||||
# Store keychain variables for later steps
|
||||
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
|
||||
echo "KEYCHAIN_PASSWORD=$KEYCHAIN_PASSWORD" >> "$GITHUB_ENV"
|
||||
|
||||
# Cleanup
|
||||
rm -f certificate.p12
|
||||
shell: bash
|
||||
@ -127,23 +147,26 @@ jobs:
|
||||
run: |
|
||||
echo "🔏 Signing app bundle..."
|
||||
|
||||
# Get the identity name (not hash)
|
||||
IDENTITY_NAME=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | sed -E 's/.*"Developer ID Application: ([^"]*).*/\1/')
|
||||
IDENTITY_FULL="Developer ID Application: $IDENTITY_NAME"
|
||||
|
||||
echo "Found identity: $IDENTITY_FULL"
|
||||
|
||||
if [ -z "$IDENTITY_NAME" ]; then
|
||||
echo "❌ Error: No valid Developer ID Application identity found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Make sure keychain is unlocked
|
||||
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
||||
|
||||
# Sign the app bundle
|
||||
echo "Signing with identity: $IDENTITY_FULL"
|
||||
codesign --force --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY_FULL" --timestamp TestApp.app
|
||||
# List all code signing identities again
|
||||
echo "Available identities for signing:"
|
||||
security find-identity -v -p codesigning "$KEYCHAIN_PATH"
|
||||
|
||||
# Get any available signing identity
|
||||
IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | head -1 | awk -F '"' '{print $2}')
|
||||
|
||||
if [ -z "$IDENTITY" ]; then
|
||||
echo "❌ Error: No valid code signing identity found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Using identity: $IDENTITY"
|
||||
|
||||
# Sign the app bundle with verbose output
|
||||
echo "Signing app bundle..."
|
||||
codesign --force --verbose --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY" --timestamp TestApp.app
|
||||
|
||||
# Verify signing
|
||||
echo "🔍 Verifying signature..."
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user