ai-space/goose
3
0
Fork 0
mirror of https://github.com/aaif-goose/goose.git synced 2026-06-02 06:14:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
376e94e47aeffe69771121d1f2b9ab5224b31af0
goose/.github/actions/apple-codesign/action.yml
T
Jack Amadeo 376e94e47a chore(aaif): Switch macOS code signing (#8076)
2026-03-27 11:36:19 +00:00

54 lines
1.7 KiB
YAML
Raw Blame History

name: 'Apple Certificate Keychain Setup'
description: 'Import a Developer ID certificate into a temporary keychain for Electron Forge signing'
inputs:
certificate-base64:
description: 'Base64-encoded Developer ID Application .p12 certificate'
required: true
certificate-password:
description: 'Password for the .p12 certificate'
required: true
outputs:
keychain-path:
description: 'Path to the temporary keychain'
value: ${{ steps.import-cert.outputs.keychain-path }}
runs:
using: 'composite'
steps:
- name: Import Apple certificate
id: import-cert
shell: bash
env:
APPLE_CERTIFICATE_BASE64: ${{ inputs.certificate-base64 }}
APPLE_CERTIFICATE_PASSWORD: ${{ inputs.certificate-password }}
run: |
set -e
CERTIFICATE_PATH="$RUNNER_TEMP/certificate.p12"
KEYCHAIN_PATH="$RUNNER_TEMP/signing.keychain-db"
KEYCHAIN_PASSWORD="$(openssl rand -hex 16)"
echo "$APPLE_CERTIFICATE_BASE64" | base64 --decode > "$CERTIFICATE_PATH"
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security import "$CERTIFICATE_PATH" \
-k "$KEYCHAIN_PATH" \
-P "$APPLE_CERTIFICATE_PASSWORD" \
-T /usr/bin/codesign
security set-key-partition-list \
-S apple-tool:,apple: \
-s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security list-keychains -d user -s "$KEYCHAIN_PATH" login.keychain-db
echo "keychain-path=$KEYCHAIN_PATH" >> "$GITHUB_OUTPUT"
echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> "$GITHUB_ENV"
rm -f "$CERTIFICATE_PATH"
Reference in New Issue View Git Blame Copy Permalink