import-codesign-certs icon indicating copy to clipboard operation
import-codesign-certs copied to clipboard

Published 20 hours ago verified publisher icon Apple-Actions

hotfix: update to node16 per github deprecation

Open FinsaasGH opened this issue 2 years ago • 3 comments

FinsaasGH avatar Oct 12 '22 04:10 FinsaasGH

@orj May you please review at your earliest convenience?

FinsaasGH avatar Oct 14 '22 00:10 FinsaasGH

@FinsaasGH was closing this an unintended side effect?

rolfb avatar Oct 14 '22 17:10 rolfb

I forked and deleted which closed this PR for some reason.

FinsaasGH avatar Oct 15 '22 04:10 FinsaasGH

We might just need to fork this project to solve this and the set-output deprecations. Unfortunately seems @orj might have abandoned it.

Safihre avatar Oct 27 '22 08:10 Safihre

I tried forking it but there is too much out of date. I ended up just building a keychain manually. I'll post the steps in a follwlowup comment.

FinsaasGH avatar Oct 27 '22 15:10 FinsaasGH

  • name: Build keychain run: | echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain security default-keychain -s build.keychain security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain security set-keychain-settings -lut 21600 build.keychain security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign -T /usr/bin/productsign -T /usr/bin/xcrun security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain

FinsaasGH avatar Oct 27 '22 15:10 FinsaasGH

@FinsaasGH This is awesome. Fixed the formatting so it's easier to copy and paste. Thanks.

- name: Build keychain
  run: |
    echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
    security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain 
    security default-keychain -s build.keychain 
    security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
    security set-keychain-settings -lut 21600 build.keychain
    security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign -T /usr/bin/productsign -T /usr/bin/xcrun
    security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain

rolfb avatar Nov 01 '22 08:11 rolfb

@FinsaasGH @rolfb Thanks a lot! Just wondering why the Keychain password needs to be secret? Since it's a temporary Keychain anyway?

Safihre avatar Nov 01 '22 09:11 Safihre

@Safihre

why the Keychain password needs to be secret

It's a really cheap way to add a layer of security. You could use a random password or a job-specific password, or no password at all - but why add state or reduce security if it's easy not to?

rolfb avatar Nov 01 '22 11:11 rolfb

@orj Hey, is there a release scheduled that includes this PR?

alanjeon avatar Feb 27 '23 05:02 alanjeon

@alanjeon just use the code provided by @rolfb, it works perfectly and doesn't require anything!

Safihre avatar Feb 27 '23 07:02 Safihre