Closed bwoodsend closed 4 years ago
Update: I've got it working now. There was a second export to p12 option which gave a longer .p12
file. Updating the CERTIFICATES_P12
secret to contain the base64 encoded contents of this longer file. security find-identity
now says:
Policy: X.509 Basic
Matching identities
1) 7EF52D5FFCBEDB449C7F66F70094D81518261FD2 "Brenainn Woodsend" (CSSMERR_TP_NOT_TRUSTED)
1 identities found
Valid identities only
0 valid identities found
And using:
codesign --force --timestamp --sign 7EF52D5FFCBEDB449C7F66F70094D81518261FD2 ./my_executable_to_sign
got the thing signed. It also looks like my certificate is invalid for some reason [groan] but that's my problem...
Warning in advance - I'm not a native macOS user. The only experience I have of macOS is through Github Actions.
My problem
I have a p12 certificate and I'm able to run the
block in my build to import it but I still can't actually sign anything. I try to run any of:
and but I'm always stuck with the same error of:
Some debug outputs which I don't know how to interpret
Looking at the build logs from the
uses: apple-actions/import-codesign-certs@v1
part I see the command:is called but nothing is printed below - does that mean that no keychain has been added? In which case
import-codesign-certs
has not worked?I've also tried adding some debug commands:
gives me
Which looks hopeful - something has been added.
But:
gives me
which I don't know what to make of but it doesn't look good.
Minimal example
I've reduced my problem down to a minimal example repository which I was hoping you could help me with. Maybe once it's working we could turn this repo into demo/tutorial for future users?
The important lines of the example yaml are here and the resultant build log is here.