diff --git a/.gitea/workflows/test-local-signing.yml b/.gitea/workflows/test-local-signing.yml index 020d5686..3012f2bb 100644 --- a/.gitea/workflows/test-local-signing.yml +++ b/.gitea/workflows/test-local-signing.yml @@ -101,7 +101,16 @@ jobs: security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" security list-keychains -s "$KEYCHAIN_PATH" $(security list-keychains | xargs) - # Import certificate + # Download and import Apple root certificates + echo "📥 Downloading Apple root certificates..." + curl -O https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer + curl -O https://www.apple.com/certificateauthority/DeveloperIDG2.cer + + # Import Apple root certificates + security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign + security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign + + # Import developer certificate echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12 security import certificate.p12 -k "$KEYCHAIN_PATH" -P "${{ secrets.MACOS_CERTIFICATE_PWD }}" -T /usr/bin/codesign @@ -113,15 +122,22 @@ jobs: security find-identity -v -p codesigning "$KEYCHAIN_PATH" # Cleanup - rm -f certificate.p12 + rm -f certificate.p12 AppleWWDRCAG3.cer DeveloperIDG2.cer shell: bash - name: Sign App Bundle run: | echo "🔏 Signing app bundle..." + # Get the identity hash + IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | awk '{print $2}') + if [ -z "$IDENTITY" ]; then + echo "❌ Error: No valid Developer ID Application identity found" + exit 1 + fi + # Sign the app bundle - codesign --force --options runtime --entitlements LuckyWorld.entitlements --sign "Developer ID Application" --timestamp TestApp.app + codesign --force --options runtime --entitlements LuckyWorld.entitlements --sign "$IDENTITY" --timestamp TestApp.app # Verify signing echo "🔍 Verifying signature..."