fix(workflows): update macOS build workflow to import certificates into custom keychain and ensure trust settings

.gitea/actions/macos-build/action.yml

@@ -66,10 +66,6 @@ runs:
         curl -s -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
         curl -s -o DeveloperIDG2.cer https://www.apple.com/certificateauthority/DeveloperIDG2.cer
         
-        # Import Apple root certificates
-        security import AppleWWDRCAG3.cer -k /Library/Keychains/System.keychain
-        security import DeveloperIDG2.cer -k /Library/Keychains/System.keychain
-        
         # Decode the base64 certificate
         echo "Setting up certificate..."
         echo $APPLE_CERTIFICATE_BASE64 | base64 --decode > certificate.p12
@@ -81,8 +77,18 @@ runs:
         security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
         security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
         security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+        
+        # Import all certificates to our custom keychain
+        security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
+        security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
         security import certificate.p12 -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
-        security list-keychain -d user -s "$KEYCHAIN_PATH" /Library/Keychains/System.keychain
+        
+        # Set keychain for signing
+        security list-keychain -d user -s "$KEYCHAIN_PATH"
+        security default-keychain -s "$KEYCHAIN_PATH"
+        
+        # Always trust our certificates
+        security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
         
         # Find app bundle
         APP_PATH=$(find Builds -type d -name "*.app" | head -1)