Try to add the MacOS cert in a separate step

albireox · Apr 3, 2024 · 83d8919 · 83d8919
1 parent ac46342
commit 83d8919
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 3 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -39,14 +39,21 @@ jobs:
         with:
           cmd: install
 
-      - name: Build
+      - name: Add MacOS certs
+        if: matrix.os == 'macos-latest'
+        run: chmod +x tools/add-macos-cert.sh && ./tools/add-macos-cert.sh
+        env:
+          MACOS_CERT_P12: ${{ secrets.CSC_LINK }}
+          MACOS_CERT_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+
+      - name: Publish
         uses: borales/actions-yarn@v5
         env:
           # These values are used for auto updates signing
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_ID_PASS: ${{ secrets.APPLE_ID_PASSWORD }}
-          CSC_LINK: ${{ secrets.CSC_LINK }}
-          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+          # CSC_LINK: ${{ secrets.CSC_LINK }}
+          # CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
           # This is used for uploading release assets to github
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/tools/add-macos-cert.sh b/tools/add-macos-cert.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+KEY_CHAIN=build.keychain
+MACOS_CERT_P12_FILE=certificate.p12
+
+# Check if the variable is set
+if [ -n "$MACOS_CERT_P12" ]; then
+  # If the variable is set, print its length
+  variable_length=${#MACOS_CERT_P12}
+  echo "MACOS_CERT_P12 is set. Length: $variable_length"
+else
+  # If the variable is not set, print a message
+  echo "MACOS_CERT_P12 is not set."
+fi
+
+# Recreate the certificate from the secure environment variable
+echo -n "$MACOS_CERT_P12" | base64 -d > "$MACOS_CERT_P12_FILE"
+file_size=$(stat -f%z "$MACOS_CERT_P12_FILE")
+echo "Certificate size is $file_size bytes"
+
+# Create a keychain
+security create-keychain -p actions $KEY_CHAIN
+
+# Make the keychain the default so identities are found
+security default-keychain -s $KEY_CHAIN
+
+# Unlock the keychain
+security unlock-keychain -p actions $KEY_CHAIN
+
+# The latest Developer ID Intermediate Certificate from Apple is
+# missing on CircleCI, but we need it for the cert to be valid
+curl https://www.apple.com/certificateauthority/DeveloperIDG2CA.cer -o DeveloperIDG2CA.cer
+sudo security add-trusted-cert -d -r unspecified -k $KEY_CHAIN DeveloperIDG2CA.cer
+rm -f DeveloperIDG2CA.cer
+
+security import $MACOS_CERT_P12_FILE -k $KEY_CHAIN -P "$MACOS_CERT_PASSWORD" -T /usr/bin/codesign;
+
+security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEY_CHAIN
+
+# Debugging output
+security find-identity
+
+# remove certs
+rm -fr *.p12