Skip to content

Commit b3cb80b

Browse files
umbynosumbynos
committed
replace third party action to handle keychain with shell commands
1 parent 15deaae commit b3cb80b

File tree

1 file changed

+20
-12
lines changed

1 file changed

+20
-12
lines changed

.github/workflows/release.yml

+20-12
Original file line numberDiff line numberDiff line change
@@ -107,12 +107,16 @@ jobs:
107107
path: arduino-create-agent-macOS-latest
108108

109109
- name: Import Code-Signing Certificates
110-
uses: Apple-Actions/import-codesign-certs@v1
111-
with:
112-
# The certificates in a PKCS12 file encoded as a base64 string
113-
p12-file-base64: ${{ secrets.INSTALLER_CERT_MAC_P12 }}
114-
# The password used to import the PKCS12 file.
115-
p12-password: ${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}
110+
env:
111+
KEYCHAIN: "sign.keychain"
112+
INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
113+
run: |
114+
echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > ${{ env.INSTALLER_CERT_MAC_PATH }}
115+
security create-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }}
116+
security default-keychain -s ${{ env.KEYCHAIN }}
117+
security unlock-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }}
118+
security import ${{ env.INSTALLER_CERT_MAC_PATH }} -k ${{ env.KEYCHAIN }} -f pkcs12 -A -T /usr/bin/codesign -P ${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}
119+
security set-key-partition-list -S apple-tool:,apple: -s -k ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }}
116120
117121
- name: Install gon via HomeBrew for code signing and app notarization
118122
run: |
@@ -267,12 +271,16 @@ jobs:
267271
run: chmod -v +x ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-installer-${{ matrix.browser }}.app/Contents/MacOS/*
268272

269273
- name: Import Code-Signing Certificates
270-
uses: Apple-Actions/import-codesign-certs@v1
271-
with:
272-
# The certificates in a PKCS12 file encoded as a base64 string
273-
p12-file-base64: ${{ secrets.INSTALLER_CERT_MAC_P12 }}
274-
# The password used to import the PKCS12 file.
275-
p12-password: ${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}
274+
env:
275+
KEYCHAIN: "sign.keychain"
276+
INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
277+
run: |
278+
echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > ${{ env.INSTALLER_CERT_MAC_PATH }}
279+
security create-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }}
280+
security default-keychain -s ${{ env.KEYCHAIN }}
281+
security unlock-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }}
282+
security import ${{ env.INSTALLER_CERT_MAC_PATH }} -k ${{ env.KEYCHAIN }} -f pkcs12 -A -T /usr/bin/codesign -P ${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}
283+
security set-key-partition-list -S apple-tool:,apple: -s -k ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }}
276284
277285
- name: Install gon via HomeBrew for code signing and app notarization
278286
run: |

0 commit comments

Comments
 (0)