LuckyWorld/.gitea/workflows/test-local-signing-2.yml

name: Test Local Signing

on:
  workflow_dispatch:  # Manuel tetikleme
  push:
    branches: [ozgur/build]

jobs:
  test-local-signing:
    runs-on: macos
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        
      - name: Create Test Certificate
        run: |
          echo "🔑 Creating test certificate and keychain..."
          
          # Test için gerekli dizinleri oluştur
          CERT_DIR="$HOME/certificates"
          mkdir -p "$CERT_DIR"
          
          # Test keychain oluştur
          KEYCHAIN_PATH="$CERT_DIR/test.keychain"
          KEYCHAIN_PASSWORD="test123"
          
          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
          security default-keychain -s "$KEYCHAIN_PATH"
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
          
          # Test sertifikası oluştur
          cd "$CERT_DIR"
          
          echo "📜 Creating self-signed certificate..."
          CERT_NAME="Test LuckyWorld Developer"
          openssl req -x509 -newkey rsa:2048 \
            -keyout test_key.pem \
            -out test_cert.pem \
            -days 365 \
            -nodes \
            -subj "/CN=$CERT_NAME"
          
          echo "🔐 Converting to P12 format..."
          CERT_PASSWORD="test123"
          openssl pkcs12 -export \
            -out test_cert.p12 \
            -inkey test_key.pem \
            -in test_cert.pem \
            -password pass:$CERT_PASSWORD
          
          echo "📋 Creating base64 version for reference..."
          cat test_cert.p12 | base64 > test_cert_base64.txt
          
          echo "🔄 Importing certificate to keychain..."
          security import test_cert.p12 \
            -k "$KEYCHAIN_PATH" \
            -P "$CERT_PASSWORD" \
            -T /usr/bin/codesign
          
          # Keychain'i codesign için hazırla
          security set-key-partition-list \
            -S apple-tool:,apple: \
            -s \
            -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
          
          # Environment variables kaydet
          echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
          echo "CERT_NAME=$CERT_NAME" >> "$GITHUB_ENV"
          echo "WORKSPACE_DIR=$(pwd)" >> "$GITHUB_ENV"
          
          echo "✅ Certificate setup complete"
          
          # Debug: Sertifika bilgilerini göster
          echo "🔍 Checking codesigning identities..."
          security find-identity -v -p codesigning "$KEYCHAIN_PATH"
        shell: bash
        
      - name: Verify Certificate
        run: |
          echo "🔍 Verifying certificate in keychain..."
          security find-identity -v -p codesigning "$KEYCHAIN_PATH"
          
          # Detaylı sertifika bilgilerini göster
          echo "📋 Certificate details:"
          security find-certificate -a -c "$CERT_NAME" -p "$KEYCHAIN_PATH" | \
            openssl x509 -text | \
            grep -E "Subject:|Issuer:|Not Before:|Not After:|Serial Number:"
        shell: bash
        
      - name: Create Test Entitlements
        run: |
          echo "📝 Creating test entitlements file..."
          cat > LuckyWorld.entitlements << EOF
          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
          <plist version="1.0">
          <dict>
              <key>com.apple.security.cs.allow-jit</key>
              <true/>
              <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
              <true/>
              <key>com.apple.security.cs.disable-library-validation</key>
              <true/>
              <key>com.apple.security.cs.allow-dyld-environment-variables</key>
              <true/>
              <key>com.apple.security.device.audio-input</key>
              <true/>
              <key>com.apple.security.device.camera</key>
              <true/>
          </dict>
          </plist>
          EOF
          
          echo "✅ Created entitlements file"
          cat LuckyWorld.entitlements
        shell: bash
        
      - name: Create Test App Bundle
        run: |
          echo "📦 Creating test app bundle..."
          
          # Test app bundle oluştur
          TEST_APP_DIR="TestApp.app"
          mkdir -p "$TEST_APP_DIR/Contents/MacOS"
          
          # Basit bir test executable oluştur
          echo '#!/bin/bash
          echo "Hello from TestApp!"' > "$TEST_APP_DIR/Contents/MacOS/TestApp"
          chmod +x "$TEST_APP_DIR/Contents/MacOS/TestApp"
          
          # Info.plist oluştur
          cat > "$TEST_APP_DIR/Contents/Info.plist" << EOF
          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
          <plist version="1.0">
          <dict>
              <key>CFBundleExecutable</key>
              <string>TestApp</string>
              <key>CFBundleIdentifier</key>
              <string>com.luckyworld.testapp</string>
              <key>CFBundleName</key>
              <string>TestApp</string>
              <key>CFBundlePackageType</key>
              <string>APPL</string>
              <key>CFBundleShortVersionString</key>
              <string>1.0</string>
              <key>LSMinimumSystemVersion</key>
              <string>10.10</string>
          </dict>
          </plist>
          EOF
          
          echo "✅ Created test app bundle"
          echo "APP_PATH=$TEST_APP_DIR" >> "$GITHUB_ENV"
        shell: bash
        
      - name: Test Signing
        run: |
          echo "🔏 Testing code signing..."
          
          # Keychain'i hazırla
          security unlock-keychain -p "test123" "$KEYCHAIN_PATH"
          
          echo "📝 Signing app bundle with test certificate..."
          /usr/bin/codesign --force --deep --verbose \
            --sign "$CERT_NAME" \
            --entitlements "LuckyWorld.entitlements" \
            "$APP_PATH"
          
          echo "✅ Signing complete"
          
          echo "🔍 Verifying signature..."
          codesign -vv -d "$APP_PATH"
          
          echo "📋 Checking entitlements..."
          codesign -d --entitlements :- "$APP_PATH"
          
          echo "🔒 Testing Gatekeeper assessment (will fail, this is expected)..."
          spctl --assess --type exec "$APP_PATH" || true
        shell: bash
        
      - name: Cleanup
        if: always()
        run: |
          echo "🧹 Cleaning up..."
          
          # Keychain temizle
          security delete-keychain "$KEYCHAIN_PATH" || true
          
          # Test dosyalarını temizle
          rm -rf "$HOME/certificates" || true
          rm -rf TestApp.app || true
          
          echo "✅ Cleanup complete"
        shell: bash