felixfoertsch/syncthing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

place signing keychain in runner library
custom release / build-custom-release (push) Failing after 10s
Details

Browse Source
This commit is contained in:
Felix Förtsch
2026-05-24 19:56:47 +02:00
parent fca9102314
commit 6ec6ce1d4e
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/custom-release.yml
+5 -1
View File
@@ -55,7 +55,9 @@ jobs:
- name: Import Developer ID certificate
run: |
set -euo pipefail
keychain_path="$RUNNER_TEMP/syncthing-release-signing.keychain-db"
keychain_dir="$HOME/Library/Keychains"
mkdir -p "$keychain_dir"
keychain_path="$keychain_dir/syncthing-release-signing-${GITHUB_RUN_ID:-$$}.keychain-db"
keychain_password="$(openssl rand -hex 24)"
certificate_path="$RUNNER_TEMP/developer-id-application.p12"
previous_default_keychain="$(security default-keychain -d user 2>/dev/null | sed 's/[ "]//g' || true)"
@@ -66,12 +68,14 @@ jobs:
fi
printf '%s' "$DEVELOPER_ID_APPLICATION_P12_BASE64" | base64 -D > "$certificate_path"
rm -f "$keychain_path"
security create-keychain -p "$keychain_password" "$keychain_path"
security set-keychain-settings -lut 21600 "$keychain_path"
security unlock-keychain -p "$keychain_password" "$keychain_path"
security import "$certificate_path" -k "$keychain_path" -P "$DEVELOPER_ID_APPLICATION_P12_PASSWORD" -A -T /usr/bin/codesign -T /usr/bin/security
security list-keychains -d user -s "$keychain_path" $(security list-keychains -d user | sed 's/[ "]//g')
security default-keychain -d user -s "$keychain_path"
security list-keychains -d user
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$keychain_password" "$keychain_path"
identity_output="$(security find-identity -v -p codesigning "$keychain_path")"
printf '%s\n' "$identity_output"
scripts/tests/test-custom-release-macos-runner.bats
+9
View File
@@ -86,6 +86,15 @@ setup() {
run rg -n 'security create-keychain' "$WORKFLOW"
[ "$status" -eq 0 ]
run rg -n 'keychain_dir="\$HOME/Library/Keychains"' "$WORKFLOW"
[ "$status" -eq 0 ]
run rg -n 'rm -f "\$keychain_path"' "$WORKFLOW"
[ "$status" -eq 0 ]
run rg -n 'security list-keychains -d user$' "$WORKFLOW"
[ "$status" -eq 0 ]
run rg -n 'security import' "$WORKFLOW"
[ "$status" -eq 0 ]