diff --git a/.gitea/workflows/custom-release.yml b/.gitea/workflows/custom-release.yml
index a71989474..ec9ec4f53 100644
--- a/.gitea/workflows/custom-release.yml
+++ b/.gitea/workflows/custom-release.yml
@@ -61,6 +61,12 @@ jobs:
           keychain_password="$(openssl rand -hex 24)"
           certificate_path="$RUNNER_TEMP/developer-id-application.p12"
           previous_default_keychain="$(security default-keychain -d user 2>/dev/null | sed 's/[ "]//g' || true)"
+          previous_dynamic_default_keychain="$(security default-keychain -d dynamic 2>/dev/null | sed 's/[ "]//g' || true)"
+
+          echo "CUSTOM_RELEASE_KEYCHAIN_PATH=$keychain_path" >> "$GITHUB_ENV"
+          echo "CUSTOM_RELEASE_KEYCHAIN_PASSWORD=$keychain_password" >> "$GITHUB_ENV"
+          echo "CUSTOM_RELEASE_PREVIOUS_DEFAULT_KEYCHAIN=$previous_default_keychain" >> "$GITHUB_ENV"
+          echo "CUSTOM_RELEASE_PREVIOUS_DYNAMIC_DEFAULT_KEYCHAIN=$previous_dynamic_default_keychain" >> "$GITHUB_ENV"
 
           if [ -z "$DEVELOPER_ID_APPLICATION_P12_BASE64" ]; then
             echo "DEVELOPER_ID_APPLICATION_P12_BASE64 secret is required" >&2
@@ -73,9 +79,19 @@ jobs:
           security set-keychain-settings -lut 21600 "$keychain_path"
           security unlock-keychain -p "$keychain_password" "$keychain_path"
           security import "$certificate_path" -k "$keychain_path" -P "$DEVELOPER_ID_APPLICATION_P12_PASSWORD" -A -T /usr/bin/codesign -T /usr/bin/security
-          security list-keychains -d user -s "$keychain_path" $(security list-keychains -d user | sed 's/[ "]//g')
+          existing_keychains=()
+          while IFS= read -r existing_keychain; do
+            existing_keychain="$(printf '%s' "$existing_keychain" | sed 's/[ "]//g')"
+            if [ -n "$existing_keychain" ] && [ -e "$existing_keychain" ]; then
+              existing_keychains+=("$existing_keychain")
+            fi
+          done < <(security list-keychains -d user)
+          security list-keychains -d user -s "$keychain_path" "${existing_keychains[@]}"
+          security list-keychains -d dynamic -s "$keychain_path" "${existing_keychains[@]}" || true
           security default-keychain -d user -s "$keychain_path"
+          security default-keychain -d dynamic -s "$keychain_path" || true
           security list-keychains -d user
+          security list-keychains -d dynamic || true
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$keychain_password" "$keychain_path"
           identity_output="$(security find-identity -v -p codesigning "$keychain_path")"
           printf '%s\n' "$identity_output"
@@ -93,9 +109,6 @@ jobs:
 
           echo "CUSTOM_RELEASE_CODESIGN_IDENTITY=$codesign_identity" >> "$GITHUB_ENV"
           echo "CUSTOM_RELEASE_CODESIGN_IDENTITY_SHA1=$codesign_identity_sha1" >> "$GITHUB_ENV"
-          echo "CUSTOM_RELEASE_KEYCHAIN_PATH=$keychain_path" >> "$GITHUB_ENV"
-          echo "CUSTOM_RELEASE_KEYCHAIN_PASSWORD=$keychain_password" >> "$GITHUB_ENV"
-          echo "CUSTOM_RELEASE_PREVIOUS_DEFAULT_KEYCHAIN=$previous_default_keychain" >> "$GITHUB_ENV"
         env:
           DEVELOPER_ID_APPLICATION_P12_BASE64: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_BASE64 }}
           DEVELOPER_ID_APPLICATION_P12_PASSWORD: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_PASSWORD }}
@@ -119,6 +132,9 @@ jobs:
           if [ -n "${CUSTOM_RELEASE_PREVIOUS_DEFAULT_KEYCHAIN:-}" ] && [ -e "$CUSTOM_RELEASE_PREVIOUS_DEFAULT_KEYCHAIN" ]; then
             security default-keychain -d user -s "$CUSTOM_RELEASE_PREVIOUS_DEFAULT_KEYCHAIN" || true
           fi
+          if [ -n "${CUSTOM_RELEASE_PREVIOUS_DYNAMIC_DEFAULT_KEYCHAIN:-}" ] && [ -e "$CUSTOM_RELEASE_PREVIOUS_DYNAMIC_DEFAULT_KEYCHAIN" ]; then
+            security default-keychain -d dynamic -s "$CUSTOM_RELEASE_PREVIOUS_DYNAMIC_DEFAULT_KEYCHAIN" || true
+          fi
           if [ -n "${CUSTOM_RELEASE_KEYCHAIN_PATH:-}" ]; then
             security delete-keychain "$CUSTOM_RELEASE_KEYCHAIN_PATH" || true
           fi
diff --git a/scripts/tests/test-custom-release-macos-runner.bats b/scripts/tests/test-custom-release-macos-runner.bats
index 353d82276..98dc7e001 100644
--- a/scripts/tests/test-custom-release-macos-runner.bats
+++ b/scripts/tests/test-custom-release-macos-runner.bats
@@ -56,9 +56,15 @@ setup() {
 	run rg -n 'CUSTOM_RELEASE_PREVIOUS_DEFAULT_KEYCHAIN=\$previous_default_keychain' "$WORKFLOW"
 	[ "$status" -eq 0 ]
 
+	run rg -n 'CUSTOM_RELEASE_PREVIOUS_DYNAMIC_DEFAULT_KEYCHAIN=\$previous_dynamic_default_keychain' "$WORKFLOW"
+	[ "$status" -eq 0 ]
+
 	run rg -n 'security default-keychain -d user -s "\$CUSTOM_RELEASE_PREVIOUS_DEFAULT_KEYCHAIN"' "$WORKFLOW"
 	[ "$status" -eq 0 ]
 
+	run rg -n 'security default-keychain -d dynamic -s "\$CUSTOM_RELEASE_PREVIOUS_DYNAMIC_DEFAULT_KEYCHAIN"' "$WORKFLOW"
+	[ "$status" -eq 0 ]
+
 	run rg -n 'security find-identity -v -p codesigning$' "$WORKFLOW" "$RELEASE_SCRIPT"
 	[ "$status" -eq 0 ]
 
@@ -92,9 +98,15 @@ setup() {
 	run rg -n 'rm -f "\$keychain_path"' "$WORKFLOW"
 	[ "$status" -eq 0 ]
 
+	run rg -n 'existing_keychains=\(\)' "$WORKFLOW"
+	[ "$status" -eq 0 ]
+
 	run rg -n 'security list-keychains -d user$' "$WORKFLOW"
 	[ "$status" -eq 0 ]
 
+	run rg -n 'security list-keychains -d dynamic -s "\$keychain_path"' "$WORKFLOW"
+	[ "$status" -eq 0 ]
+
 	run rg -n 'security import' "$WORKFLOW"
 	[ "$status" -eq 0 ]