search

Apple-Actions / import-codesign-certs

GitHub Action for Importing Code-signing Certificates into a Keychain
MIT License
186 stars 79 forks source link

Error when import certificate #14

Open paulocoutinhox opened 3 years ago

paulocoutinhox commented 3 years ago

Hi,

I have an error when import certificate:

Run apple-actions/import-codesign-certs@v1
  with:
    keychain: prprojector-macos
    create-keychain: false
    p12-file-base64: ***

    p12-password: ***
  env:
    pythonLocation: /Users/runner/hostedtoolcache/Python/3.7.9/x64
/usr/bin/security unlock-keychain -p *** prprojector-macos.keychain
/usr/bin/security import /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/tmp-141161bqITyzXbWx -k prprojector-macos.keychain -f pkcs12 -A -T /usr/bin/codesign -T /usr/bin/security -P ***
1 identity imported.
/usr/bin/security set-key-partition-list -S apple-tool:,apple: -k *** prprojector-macos.keychain
security: SecKeychainItemSetAccessWithPassword: The user name or passphrase you entered is not correct.
keychain: "/Users/runner/Library/Keychains/prprojector-macos.keychain-db"
version: 512
class: 0x00000010 
attributes:
    0x00000000 <uint32>=0x00000010 
    0x00000001 <blob>="PRSolucoes - MAC"
    0x00000002 <blob>=<NULL>
    0x00000003 <uint32>=0x00000001 
    0x00000004 <uint32>=0x00000000 
    0x00000005 <uint32>=0x00000000 
    0x00000006 <blob>=0xC5E5668354F97F1DFA608DBD215C73D4A6AC4FC0  "\305\345f\203T\371\177\035\372`\215\275!\134s\324\246\254O\300"
    0x00000007 <blob>=<NULL>
    0x00000008 <blob>=0x7B38373139316361322D306663392D313164342D383439612D3030303530326235323132327D00  "{87191ca2-0fc9-11d4-849a-000502b52122}\000"
    0x00000009 <uint32>=0x0000002A  "\000\000\000*"
    0x0000000A <uint32>=0x00000800 
    0x0000000B <uint32>=0x00000800 
    0x0000000C <blob>=0x0000000000000000 
    0x0000000D <blob>=0x0000000000000000 
    0x0000000E <uint32>=0x00000001 
    0x0000000F <uint32>=0x00000001 
    0x00000010 <uint32>=0x00000001 
    0x00000011 <uint32>=0x00000000 
    0x00000012 <uint32>=0x00000001 
    0x00000013 <uint32>=0x00000001 
    0x00000014 <uint32>=0x00000001 
    0x00000015 <uint32>=0x00000001 
    0x00000016 <uint32>=0x00000001 
    0x00000017 <uint32>=0x00000001 
    0x00000018 <uint32>=0x00000001 
    0x00000019 <uint32>=0x00000001 
    0x0000001A <uint32>=0x00000001 
Error: The process '/usr/bin/security' failed with exit code 1

Log: https://github.com/paulo-coutinho/prprojector/runs/1939802758?check_suite_focus=true#step:9:15

Can you help me?

paulocoutinhox commented 3 years ago

I solved with:

- name: Install application certificate
  uses: apple-actions/import-codesign-certs@v1
  with: 
    keychain: ${{ github.run_id }}
    keychain-password: ${{ github.run_id }}
    p12-file-base64: ${{ secrets.MAC_APPLICATION_CERTIFICATE_P12 }}
    p12-password: ${{ secrets.MAC_APPLICATION_CERTIFICATE_PASSPHRASE }}

- name: Install installer certificate
  uses: apple-actions/import-codesign-certs@v1
  with: 
    keychain: ${{ github.run_id }}
    keychain-password: ${{ github.run_id }}
    create-keychain: false
    p12-file-base64: ${{ secrets.MAC_INSTALLER_CERTIFICATE_P12 }}
    p12-password: ${{ secrets.MAC_INSTALLER_CERTIFICATE_PASSPHRASE }}

You can add support for multiple certificates to help us add more than one.

A parameter called "amount" will add to environment variables suffix: "_1", "_2" ... to amount number. Or p12-file-base64 and p12-password can accept array data.

amitpdev commented 2 years ago

Thank you @paulo-coutinho! multiple certificates support is absolutely essential

benbowler commented 2 years ago

If anyone else comes across this in future, you can easily use multiple certificates, the key is to do it when exporting the certificates from keychain on the mac. You can export as many as you want into a single p12 file. I explored all of my Developer, Mac and iOS certificates and keys (around 11 certificates) into a single file and it works a treat.