From b5007ad65e26fcd530bdfec2b06b17410000d2ff Mon Sep 17 00:00:00 2001 From: Anirudh Sevugan Date: Thu, 7 Aug 2025 20:17:31 -0500 Subject: [PATCH] Improve code signing to work --- .github/workflows/build-macos.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-macos.yml b/.github/workflows/build-macos.yml index eef02ef..cc65e9f 100644 --- a/.github/workflows/build-macos.yml +++ b/.github/workflows/build-macos.yml @@ -25,9 +25,10 @@ jobs: - name: Create a temporary keychain run: | - security create-keychain -p "" build.keychain + KEYCHAIN_PASSWORD="" # Use a variable for the password + security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain security list-keychains -s build.keychain login.keychain-db - security unlock-keychain -p "" build.keychain + security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain - name: Check PEM secret presence env: @@ -46,17 +47,15 @@ jobs: run: | echo "$CERT_PEM" > cert.pem - # Import certificate (assuming private key is included in PEM) - security import cert.pem \ - -k build.keychain \ - -T /usr/bin/codesign + # Import certificate with empty password and allow it for codesigning + security import cert.pem -k build.keychain -P "" -T /usr/bin/codesign + # Trust the certificate for codesigning purposes security set-key-partition-list \ -S apple-tool:,apple: \ - -s \ - -k "" \ + -k "$KEYCHAIN_PASSWORD" \ build.keychain - + - name: Build macOS env: CSC_IDENTITY_AUTO_DISCOVERY: true