diff --git a/.gitea/workflows/custom-release.yml b/.gitea/workflows/custom-release.yml index d6b455c91..6b77c86c0 100644 --- a/.gitea/workflows/custom-release.yml +++ b/.gitea/workflows/custom-release.yml @@ -73,13 +73,19 @@ jobs: security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$keychain_password" "$keychain_path" identity_output="$(security find-identity -v -p codesigning "$keychain_path")" printf '%s\n' "$identity_output" - codesign_identity="$(printf '%s\n' "$identity_output" | awk '/"Developer ID Application:/ { print $2; exit }')" + codesign_identity_sha1="$(printf '%s\n' "$identity_output" | awk '/"Developer ID Application:/ { print $2; exit }')" + codesign_identity="$(printf '%s\n' "$identity_output" | sed -n 's/.*"\(Developer ID Application:[^"]*\)".*/\1/p' | head -n 1)" if [ -z "$codesign_identity" ]; then echo "Developer ID Application signing identity is required in DEVELOPER_ID_APPLICATION_P12_BASE64" >&2 exit 1 fi + probe_binary="$RUNNER_TEMP/codesign-probe" + cp /usr/bin/true "$probe_binary" + codesign --force --dryrun --keychain "$keychain_path" --sign "$codesign_identity" --options runtime --timestamp "$probe_binary" + echo "CUSTOM_RELEASE_CODESIGN_IDENTITY=$codesign_identity" >> "$GITHUB_ENV" + echo "CUSTOM_RELEASE_CODESIGN_IDENTITY_SHA1=$codesign_identity_sha1" >> "$GITHUB_ENV" echo "CUSTOM_RELEASE_KEYCHAIN_PATH=$keychain_path" >> "$GITHUB_ENV" echo "CUSTOM_RELEASE_KEYCHAIN_PASSWORD=$keychain_password" >> "$GITHUB_ENV" env: diff --git a/scripts/tests/test-custom-release-macos-runner.bats b/scripts/tests/test-custom-release-macos-runner.bats index dfd244131..6fa49c6be 100644 --- a/scripts/tests/test-custom-release-macos-runner.bats +++ b/scripts/tests/test-custom-release-macos-runner.bats @@ -47,12 +47,24 @@ setup() { run rg -n 'security find-identity -v -p codesigning "\$keychain_path"' "$WORKFLOW" [ "$status" -eq 0 ] + run rg -n 'codesign_identity_sha1=' "$WORKFLOW" + [ "$status" -eq 0 ] + + run rg -n 'sed -n .*Developer ID Application' "$WORKFLOW" + [ "$status" -eq 0 ] + run rg -n 'CUSTOM_RELEASE_CODESIGN_IDENTITY=\$codesign_identity' "$WORKFLOW" [ "$status" -eq 0 ] + run rg -n 'CUSTOM_RELEASE_CODESIGN_IDENTITY_SHA1=\$codesign_identity_sha1' "$WORKFLOW" + [ "$status" -eq 0 ] + run rg -n 'CUSTOM_RELEASE_KEYCHAIN_PASSWORD=\$keychain_password' "$WORKFLOW" [ "$status" -eq 0 ] + run rg -n 'codesign --force --dryrun --keychain "\$keychain_path" --sign "\$codesign_identity" --options runtime --timestamp "\$probe_binary"' "$WORKFLOW" + [ "$status" -eq 0 ] + run rg -n 'CUSTOM_RELEASE_CODESIGN_IDENTITY: "Developer ID Application' "$WORKFLOW" [ "$status" -ne 0 ]