@@ -38,28 +38,28 @@ jobs:
3838 MACOS_CERTIFICATE : ${{ secrets.MACOS_CERTIFICATE }}
3939 MACOS_CERTIFICATE_PASSWORD : ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
4040 run : |
41- # Create a temporary keychain
42- KEYCHAIN_NAME="build.keychain"
41+ # Create variables
42+ CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
43+ KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
4344 KEYCHAIN_PASSWORD="$(openssl rand -base64 32)"
4445
45- # Create the keychain
46- security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
46+ # Import certificate from secrets
47+ echo -n "$MACOS_CERTIFICATE" | base64 --decode -o $CERTIFICATE_PATH
4748
48- # Set the keychain as default
49- security default-keychain -s "$KEYCHAIN_NAME"
49+ # Create temporary keychain
50+ security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
51+ security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
52+ security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
5053
51- # Unlock the keychain
52- security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
54+ # Import certificate to keychain
55+ security import $CERTIFICATE_PATH -P "$MACOS_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
56+ security list-keychain -d user -s $KEYCHAIN_PATH
5357
54- # Import certificate
55- echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
56- security import certificate.p12 -k "$KEYCHAIN_NAME" -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
57-
58- # Allow codesign to access the certificate without prompting
59- security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
58+ # Allow codesign to access the certificate
59+ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
6060
6161 # Clean up
62- rm certificate.p12
62+ rm -f $CERTIFICATE_PATH
6363
6464name : Sign binaries
6565 env :
0 commit comments