diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a52ca24..5107d9a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -74,6 +74,17 @@ jobs: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH + # Tell tauri which identity to sign with. The import above only + # places the certificate in the keychain; without + # APPLE_SIGNING_IDENTITY the bundler skips signing entirely and + # the app ships unsigned (Gatekeeper then shows the misleading + # "damaged" dialog). Extract the identity name from the + # keychain so no extra secret is needed. + IDENTITY=$(security find-identity -v -p codesigning $KEYCHAIN_PATH \ + | sed -n 's/.*"\(.*\)".*/\1/p' | head -1) + echo "Signing identity: ${IDENTITY}" + echo "APPLE_SIGNING_IDENTITY=${IDENTITY}" >> $GITHUB_ENV + - name: Build and release uses: tauri-apps/tauri-action@v0 env: