Leak_Technologies/HULL
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import macOS code signing certificate from environment variables

Browse Source
This commit is contained in:
Tim Angus 2025-09-16 14:53:07 +01:00
parent 149818dd86
commit a7e076f2ff
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/build.yml vendored
View File

@ -122,6 +122,14 @@ jobs:
runs-on: macos-13
steps:
- uses: actions/checkout@v4
- name: Import Code Signing Certificate
if: github.ref_name == 'main'
run: |
misc/ci-macos-import-codesign-cert.sh
echo "APPLE_CERTIFICATE_ID=${{ secrets.APPLE_CERTIFICATE_ID }}" >> $GITHUB_ENV
env:
APPLE_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_CERTIFICATE_P12_BASE64 }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- name: Compile
run: |
cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release

24
misc/ci-macos-import-codesign-cert.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/sh
set -e
CERTIFICATE_P12_FILE=certificate.p12
if [ -n "${APPLE_CERTIFICATE_P12_BASE64}" ] && [ -n "${APPLE_CERTIFICATE_PASSWORD}" ]
then
echo ${APPLE_CERTIFICATE_P12_BASE64} | base64 --decode > ${CERTIFICATE_P12_FILE}
echo "Creating keychain..."
KEYCHAIN_PASSWORD=$(openssl rand -hex 12)
security create-keychain -p ${KEYCHAIN_PASSWORD} build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p ${KEYCHAIN_PASSWORD} build.keychain
echo "Importing certificate into keychain..."
security import ${CERTIFICATE_P12_FILE} -k build.keychain \
-P ${APPLE_CERTIFICATE_PASSWORD} -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s \
-k ${KEYCHAIN_PASSWORD} build.keychain
rm -rf ${CERTIFICATE_P12_FILE}
fi