build: attempt to fix mas 20

2026-01-23 02:36:05 +00:00 · 2025-11-10 13:42:03 +01:00 · 2025-11-10 13:42:03 +01:00 · 339ec1807a
commit 339ec1807a
parent 8056eaf524
1 changed files with 17 additions and 9 deletions
--- a/.github/workflows/build-publish-to-mac-store-on-release.yml
+++ b/.github/workflows/build-publish-to-mac-store-on-release.yml
@ -51,20 +51,28 @@ jobs:
          MAC_CERTS_PASSWORD: ${{ secrets.mac_certs_password }}
        run: |
          CERT_PATH="$RUNNER_TEMP/mac-certs.p12"
+          KEYCHAIN_NAME="build.keychain"
+          KEYCHAIN_PATH="$HOME/Library/Keychains/${KEYCHAIN_NAME}-db"
          echo "$MAC_CERTS" | base64 --decode > "$CERT_PATH"
          echo "=== DIAGNOSTIC: Decoded .p12 SHA256 ==="
          shasum -a 256 "$CERT_PATH"
          echo "========================================"
-          security create-keychain -p "" build.keychain
-          security set-keychain-settings -lut 21600 build.keychain
-          security unlock-keychain -p "" build.keychain
+          security create-keychain -p "" "$KEYCHAIN_NAME"
+          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
+          security unlock-keychain -p "" "$KEYCHAIN_PATH"
          curl -fsSL https://www.apple.com/certificateauthority/AppleWWDRCAG4.cer -o "$RUNNER_TEMP/AppleWWDRCAG4.cer"
-          security import "$RUNNER_TEMP/AppleWWDRCAG4.cer" -k build.keychain -T /usr/bin/codesign
-          security import "$CERT_PATH" -k build.keychain -P "$MAC_CERTS_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/pkgbuild -T /usr/bin/productbuild
-          security list-keychains -s build.keychain login.keychain
-          security set-key-partition-list -S apple-tool:,apple: -k "" build.keychain
-          security find-identity -v -p codesigning build.keychain
-          security find-identity -v -p macappstore build.keychain
+          security import "$RUNNER_TEMP/AppleWWDRCAG4.cer" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
+          security import "$CERT_PATH" -k "$KEYCHAIN_PATH" -P "$MAC_CERTS_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/pkgbuild -T /usr/bin/productbuild
+          security list-keychains -s "$KEYCHAIN_PATH" "$HOME/Library/Keychains/login.keychain-db"
+          security default-keychain -s "$KEYCHAIN_PATH"
+          security set-key-partition-list -S apple-tool:,apple: -k "" "$KEYCHAIN_PATH"
+          security find-identity -v -p codesigning "$KEYCHAIN_PATH"
+          security find-identity -v -p macappstore "$KEYCHAIN_PATH"
+          {
+            echo "CSC_KEYCHAIN=$KEYCHAIN_PATH"
+            echo "CSC_LINK=file://$CERT_PATH"
+            echo "CSC_KEY_PASSWORD=$MAC_CERTS_PASSWORD"
+          } >> "$GITHUB_ENV"

      - name: List available signing identities codesigning
        run: security find-identity -v -p codesigning