unlock imported signing keychain during release

2026-05-24 19:12:59 +02:00
parent 55f5a70ff5
commit cda7f54a48
3 changed files with 14 additions and 0 deletions
@@ -81,6 +81,7 @@ jobs:

          echo "CUSTOM_RELEASE_CODESIGN_IDENTITY=$codesign_identity" >> "$GITHUB_ENV"
          echo "CUSTOM_RELEASE_KEYCHAIN_PATH=$keychain_path" >> "$GITHUB_ENV"
+          echo "CUSTOM_RELEASE_KEYCHAIN_PASSWORD=$keychain_password" >> "$GITHUB_ENV"
        env:
          DEVELOPER_ID_APPLICATION_P12_BASE64: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_BASE64 }}
          DEVELOPER_ID_APPLICATION_P12_PASSWORD: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_PASSWORD }}
@@ -47,6 +47,9 @@ setup() {
 	run rg -n 'CUSTOM_RELEASE_CODESIGN_IDENTITY=\$codesign_identity' "$WORKFLOW"
 	[ "$status" -eq 0 ]

+	run rg -n 'CUSTOM_RELEASE_KEYCHAIN_PASSWORD=\$keychain_password' "$WORKFLOW"
+	[ "$status" -eq 0 ]
+
 	run rg -n 'CUSTOM_RELEASE_CODESIGN_IDENTITY: "Developer ID Application' "$WORKFLOW"
 	[ "$status" -ne 0 ]

@@ -78,6 +81,12 @@ setup() {
 	run rg -n -- '--keychain "\$CUSTOM_RELEASE_KEYCHAIN_PATH"' "$RELEASE_SCRIPT"
 	[ "$status" -eq 0 ]

+	run rg -n 'security unlock-keychain -p "\$CUSTOM_RELEASE_KEYCHAIN_PASSWORD" "\$CUSTOM_RELEASE_KEYCHAIN_PATH"' "$RELEASE_SCRIPT"
+	[ "$status" -eq 0 ]
+
+	run rg -n 'security find-identity -v -p codesigning "\$CUSTOM_RELEASE_KEYCHAIN_PATH"' "$RELEASE_SCRIPT"
+	[ "$status" -eq 0 ]
+
 	run rg -n 'Developer ID Application' "$WORKFLOW" "$RELEASE_SCRIPT"
 	[ "$status" -eq 0 ]

@@ -304,6 +304,10 @@ sign_and_validate_darwin_binary() {

 	codesign_args=(--force --sign "$codesign_identity" --options runtime --timestamp)
 	if [[ -n "${CUSTOM_RELEASE_KEYCHAIN_PATH:-}" ]]; then
+		if [[ -n "${CUSTOM_RELEASE_KEYCHAIN_PASSWORD:-}" ]]; then
+			security unlock-keychain -p "$CUSTOM_RELEASE_KEYCHAIN_PASSWORD" "$CUSTOM_RELEASE_KEYCHAIN_PATH"
+		fi
+		security find-identity -v -p codesigning "$CUSTOM_RELEASE_KEYCHAIN_PATH"
 		codesign_args+=(--keychain "$CUSTOM_RELEASE_KEYCHAIN_PATH")
 	fi
 	codesign "${codesign_args[@]}" "$binary"