soundasleep
commented
5 months ago UPDATE: It seems this may be because actions/upload-artifact@v4 loses permissions – but to be more specific, it's because it's unable to handle symlinks, and the raw files are stored instead.
If I tar the repository and then untar it, the code signature is not broken.
- name: Compress package
run: |
cd ${{ github.workspace }}/build
mkdir ../tar
tar -zcvf ../tar/package.tar.gz .
- name: Archive Mac build
uses: actions/upload-artifact@v4
with:
name: mac-build
path: tar/and
- name: Restore Mac build
uses: actions/download-artifact@v4
with:
name: mac-build
path: tar/
- name: Uncompress package
run: |
cd ${{ github.workspace }}/tar
mkdir ../build
tar -zxvf package.tar.gz -C ../buildI think this may be a duplicate of #93
What happened?
I've got a script set up to build an application (Application.app), sign it, notarize it, staple it, and then it needs to be uploaded on a different environment.
However, it seems when uploading and downloading the signed artifact, something goes wrong and the archive is no longer notarized. If I manually check out the downloaded artifact,
codesign --verify --deepsays that a bunch of files have been modified.What did you expect to happen?
Uploading and downloading an artifact should not impact MacOS notarization/code signing
How can we reproduce it?
Anything else we need to know?
No response
What version of the action are you using?
v4
What are your runner environments?
linux, macos
Are you on GitHub Enterprise Server? If so, what version?
No response