You've already forked archr-flasher
mirror of
https://github.com/archr-linux/archr-flasher.git
synced 2026-07-12 18:19:47 -07:00
ci: pass the imported certificate identity to the bundler
The certificate import step only placed the Developer ID certificate in the keychain; without APPLE_SIGNING_IDENTITY the tauri bundler silently skips signing and notarization, so every published macOS bundle shipped unsigned and Apple Silicon rejected the app with the damaged-app dialog. Extract the identity from the keychain after the import and export it for the build step, so no additional secret is required.
This commit is contained in:
@@ -74,6 +74,17 @@ jobs:
|
||||
-k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
||||
security list-keychain -d user -s $KEYCHAIN_PATH
|
||||
|
||||
# Tell tauri which identity to sign with. The import above only
|
||||
# places the certificate in the keychain; without
|
||||
# APPLE_SIGNING_IDENTITY the bundler skips signing entirely and
|
||||
# the app ships unsigned (Gatekeeper then shows the misleading
|
||||
# "damaged" dialog). Extract the identity name from the
|
||||
# keychain so no extra secret is needed.
|
||||
IDENTITY=$(security find-identity -v -p codesigning $KEYCHAIN_PATH \
|
||||
| sed -n 's/.*"\(.*\)".*/\1/p' | head -1)
|
||||
echo "Signing identity: ${IDENTITY}"
|
||||
echo "APPLE_SIGNING_IDENTITY=${IDENTITY}" >> $GITHUB_ENV
|
||||
|
||||
- name: Build and release
|
||||
uses: tauri-apps/tauri-action@v0
|
||||
env:
|
||||
|
||||
Reference in New Issue
Block a user