4343 security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
4444
4545 security import "$CERTIFICATE_PATH" -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
46- # CRITICAL: Without this, codesign cannot access the certificate
4746 security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
48- security list-keychain -d user -s "$KEYCHAIN_PATH"
47+
48+ # Make keychain visible to xcodebuild for both archive and export
49+ security default-keychain -s "$KEYCHAIN_PATH"
50+ security list-keychain -d user -s "$KEYCHAIN_PATH" /Library/Keychains/System.keychain
51+
52+ # Verify the correct certificate type is present
53+ echo "Checking for Developer ID Application certificate..."
54+ if ! security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep -q "Developer ID Application"; then
55+ echo "::error::BUILD_CERTIFICATE_BASE64 does not contain a Developer ID Application certificate."
56+ echo "Found identities:"
57+ security find-identity -v -p codesigning "$KEYCHAIN_PATH"
58+ exit 1
59+ fi
60+ security find-identity -v -p codesigning "$KEYCHAIN_PATH"
4961
5062name : Install provisioning profiles
5163 env :
@@ -68,53 +80,25 @@ jobs:
6880 /usr/libexec/PlistBuddy -c "Set :CFBundleVersion ${{ github.run_number }}" CloudMount/Info.plist
6981 /usr/libexec/PlistBuddy -c "Set :CFBundleVersion ${{ github.run_number }}" CloudMountExtension/Info.plist
7082
71- name : Decode API key for Xcode
72- env :
73- APP_STORE_CONNECT_KEY_BASE64 : ${{ secrets.APP_STORE_CONNECT_KEY_BASE64 }}
74- run : |
75- echo -n "$APP_STORE_CONNECT_KEY_BASE64" | base64 --decode -o "$RUNNER_TEMP/AuthKey.p8"
76-
7783name : Archive
7884 env :
7985 TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
80- API_KEY_ID : ${{ secrets.API_KEY_ID }}
81- API_ISSUER_ID : ${{ secrets.API_ISSUER_ID }}
86+ SIGNING_IDENTITY : ${{ secrets.APPLE_SIGNING_IDENTITY }}
8287 run : |
8388 xcodebuild archive \
8489 -project CloudMount.xcodeproj \
8590 -scheme CloudMount \
8691 -archivePath "$RUNNER_TEMP/CloudMount.xcarchive" \
8792 -configuration Release \
88- -allowProvisioningUpdates \
89- -authenticationKeyPath "$RUNNER_TEMP/AuthKey.p8" \
90- -authenticationKeyID "$API_KEY_ID" \
91- -authenticationKeyIssuerID "$API_ISSUER_ID" \
92- DEVELOPMENT_TEAM="$TEAM_ID"
93+ CODE_SIGN_STYLE=Manual \
94+ CODE_SIGN_IDENTITY="$SIGNING_IDENTITY" \
95+ DEVELOPMENT_TEAM="$TEAM_ID" \
96+ PROVISIONING_PROFILE_SPECIFIER=""
9397
9498name : Export archive
9599 env :
96100 TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
97- SIGNING_IDENTITY : ${{ secrets.APPLE_SIGNING_IDENTITY }}
98- KEYCHAIN_PASSWORD : ${{ secrets.KEYCHAIN_PASSWORD }}
99101 run : |
100- KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
101- security default-keychain -s "$KEYCHAIN_PATH"
102- security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
103- security list-keychain -d user -s "$KEYCHAIN_PATH" /Library/Keychains/System.keychain
104-
105- # Verify the correct certificate type is present
106- echo "Checking for Developer ID Application certificate..."
107- if ! security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep -q "Developer ID Application"; then
108- echo "::error::BUILD_CERTIFICATE_BASE64 does not contain a Developer ID Application certificate."
109- echo "Found identities:"
110- security find-identity -v -p codesigning "$KEYCHAIN_PATH"
111- echo ""
112- echo "Export your 'Developer ID Application' cert from Keychain Access as .p12,"
113- echo "base64-encode it, and update the BUILD_CERTIFICATE_BASE64 secret."
114- exit 1
115- fi
116- security find-identity -v -p codesigning "$KEYCHAIN_PATH"
117-
118102 EXPORT_PLIST="$RUNNER_TEMP/export-options.plist"
119103 cat > "$EXPORT_PLIST" <<EOF
120104 <?xml version="1.0" encoding="UTF-8"?>
0 commit comments