diff --git a/.github/workflows/publish-lume.yml b/.github/workflows/publish-lume.yml index 89567c04..665b3b27 100644 --- a/.github/workflows/publish-lume.yml +++ b/.github/workflows/publish-lume.yml @@ -84,8 +84,8 @@ jobs: security import application.p12 -k build.keychain -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/pkgbuild security import installer.p12 -k build.keychain -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/pkgbuild - # Allow codesign and pkgbuild to access the certificates - security set-key-partition-list -S apple-tool:,apple:,codesign:,pkgbuild: -s -k "$KEYCHAIN_PASSWORD" build.keychain + # Allow codesign to access the certificates + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain # List the certificates to ensure they were imported correctly security find-identity -v -p codesigning @@ -117,73 +117,15 @@ jobs: echo "Available signing identities:" security find-identity -v -p codesigning - # Debug certificate variables - echo "CERT_APPLICATION_NAME: $CERT_APPLICATION_NAME" - echo "CERT_INSTALLER_NAME: $CERT_INSTALLER_NAME" - echo "All certificate identities:" - security find-identity -v - - # Verify installer certificate availability - if security find-identity -v | grep -q "Developer ID Installer"; then - echo "Installer certificate found" - else - echo "ERROR: Installer certificate not found. Make sure it's imported correctly." - echo "Recreating certificate file and reimporting..." - echo $INSTALLER_CERT_BASE64 | base64 --decode > installer.p12 - security import installer.p12 -k build.keychain -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/pkgbuild -T /usr/bin/productbuild - rm installer.p12 - echo "Retrying after reimport..." - security find-identity -v - if security find-identity -v | grep -q "Developer ID Installer"; then - echo "Installer certificate found after reimport" - else - echo "ERROR: Installer certificate still not found after reimport." - exit 1 - fi - fi - # Build the project first swift build --configuration release # Debug build output ls -la .build/release/ - - # Try signing manually to test certificate - echo "Testing code signing with certificate" - codesign --force --options runtime \ - --entitlement ./resources/lume.entitlements \ - --sign "$CERT_APPLICATION_NAME" \ - .build/release/lume - - # Create test directory for pkgbuild - TEST_ROOT=$(mktemp -d) - mkdir -p "$TEST_ROOT/usr/local/bin" - cp -f .build/release/lume "$TEST_ROOT/usr/local/bin/" - - # Test pkgbuild with verbose output - echo "Testing pkgbuild with certificate" - echo "Command: pkgbuild --root '$TEST_ROOT' --identifier 'com.trycua.lume' --version '1.0' --install-location '/' --sign '$CERT_INSTALLER_NAME' ./.release/test.pkg" - pkgbuild --root "$TEST_ROOT" \ - --identifier "com.trycua.lume" \ - --version "1.0" \ - --install-location "/" \ - --sign "$CERT_INSTALLER_NAME" \ - ./.release/test.pkg 2>&1 | tee pkgbuild_output.log - - # Show pkgbuild output for debugging - echo "pkgbuild output:" - cat pkgbuild_output.log - - # Make script executable and run it if signing works - if [ -f "./.release/test.pkg" ]; then - echo "Test package created successfully, proceeding with build script" - chmod +x scripts/build/build-release-notarized.sh - cd scripts/build - ./build-release-notarized.sh - else - echo "Test package creation failed, aborting script execution" - exit 1 - fi + + chmod +x scripts/build/build-release-notarized.sh + cd scripts/build + ./build-release-notarized.sh - name: Generate SHA256 Checksums id: generate_checksums