Skip to content

Commit ad080af

Browse files
ammarioammario
committed
🤖 Fix: macOS code signing certificate import (#74)
Fixes the certificate import error in the macOS build. ## Problem The previous implementation had a conflict: 1. Manual keychain creation + certificate import in a workflow step 2. Passing the certificate to electron-builder via `CSC_LINK` This caused electron-builder to try importing the certificate again, resulting in: ``` security: SecKeychainItemImport: Unknown format in import. ``` ## Solution Simplified the approach - let electron-builder handle everything: - Removed manual keychain creation and certificate import - Pass the raw base64 certificate string directly to electron-builder - Electron-builder automatically detects base64 format and handles the import ## Testing This will be tested when merged to main. _Generated with `cmux`_
1 parent 4a624c9 commit ad080af

File tree

1 file changed

+1
-26
lines changed

1 file changed

+1
-26
lines changed

.github/workflows/build.yml

Lines changed: 1 addition & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -26,34 +26,9 @@ jobs:
2626
- name: Build application
2727
run: bun run build
2828

29-
- name: Import Code Signing Certificate
30-
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && env.MACOS_CERTIFICATE != ''
31-
env:
32-
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
33-
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
34-
run: |
35-
# Create temporary keychain
36-
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
37-
KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
38-
39-
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
40-
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
41-
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
42-
43-
# Import certificate
44-
echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
45-
security import certificate.p12 -k "$KEYCHAIN_PATH" -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
46-
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
47-
48-
# Add keychain to search list
49-
security list-keychain -d user -s "$KEYCHAIN_PATH"
50-
51-
# Clean up certificate file
52-
rm certificate.p12
53-
5429
- name: Package for macOS
5530
env:
56-
CSC_LINK: base64:${{ secrets.MACOS_CERTIFICATE }}
31+
CSC_LINK: ${{ secrets.MACOS_CERTIFICATE }}
5732
CSC_KEY_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
5833
run: bun run dist:mac
5934

0 commit comments

Comments
 (0)