rolfb
commented
1 year ago @FinsaasGH was closing this an unintended side effect?
Closed FinsaasGH closed 1 year ago
rolfb
commented
1 year ago @FinsaasGH was closing this an unintended side effect?
FinsaasGH
commented
1 year ago I forked and deleted which closed this PR for some reason.
Safihre
commented
1 year ago We might just need to fork this project to solve this and the set-output deprecations.
Unfortunately seems @orj might have abandoned it.
FinsaasGH
commented
1 year ago I tried forking it but there is too much out of date. I ended up just building a keychain manually. I'll post the steps in a follwlowup comment.
FinsaasGH
commented
1 year ago rolfb
commented
1 year ago @FinsaasGH This is awesome. Fixed the formatting so it's easier to copy and paste. Thanks.
- name: Build keychain
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
security set-keychain-settings -lut 21600 build.keychain
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign -T /usr/bin/productsign -T /usr/bin/xcrun
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain@FinsaasGH @rolfb Thanks a lot! Just wondering why the Keychain password needs to be secret? Since it's a temporary Keychain anyway?
rolfb
commented
1 year ago @Safihre
why the Keychain password needs to be secret
It's a really cheap way to add a layer of security. You could use a random password or a job-specific password, or no password at all - but why add state or reduce security if it's easy not to?
alanjeon
commented
1 year ago @orj Hey, is there a release scheduled that includes this PR?
Safihre
commented
1 year ago @alanjeon just use the code provided by @rolfb, it works perfectly and doesn't require anything!
@orj May you please review at your earliest convenience?