Skip to content

Commit 4565e99

Browse files
ChxGuillaumeChxGuillaume
committed
chore: simplify macOS workflow by consolidating Apple certificates into a single bundle for improved maintainability
1 parent e015cc5 commit 4565e99

File tree

1 file changed

+5
-26
lines changed

1 file changed

+5
-26
lines changed

.github/workflows/build-mac.yml

Lines changed: 5 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -62,39 +62,18 @@ jobs:
6262

6363
- name: Install Apple Code Signing Certificate
6464
env:
65-
MAC_INSTALLER_CERTIFICATE_BASE64: ${{ secrets.MAC_INSTALLER_CERTIFICATE_BASE64 }}
66-
MAC_DEVELOPMENT_CERTIFICATE_BASE64: ${{ secrets.MAC_DEVELOPMENT_CERTIFICATE_BASE64 }}
67-
MAC_APP_CERTIFICATE_BASE64: ${{ secrets.MAC_APP_CERTIFICATE_BASE64 }}
68-
DEVELOPER_ID_APPLICATION_BASE64: ${{ secrets.DEVELOPER_ID_APPLICATION_BASE64 }}
69-
DEVELOPER_ID_INSTALLER_BASE64: ${{ secrets.DEVELOPER_ID_INSTALLER_BASE64 }}
70-
DISTRIBUTION_BASE64: ${{ secrets.DISTRIBUTION_BASE64 }}
71-
72-
MAC_INSTALLER_CERTIFICATE_PATH: ${{ runner.temp }}/mac_installer_certificate.cer
73-
MAC_DEVELOPMENT_CERTIFICATE_PATH: ${{ runner.temp }}/mac_development_certificate.cer
74-
MAC_APP_CERTIFICATE_PATH: ${{ runner.temp }}/mac_app_certificate.cer
75-
DEVELOPER_ID_APPLICATION_PATH: ${{ runner.temp }}/developerID_application.cer
76-
DEVELOPER_ID_INSTALLER_PATH: ${{ runner.temp }}/developerID_installer.cer
77-
DISTRIBUTION_PATH: ${{ runner.temp }}/distribution.cer
65+
APPLE_CERTIFICATES_BUNDLE_BASE64: ${{ secrets.APPLE_CERTIFICATES_BUNDLE_BASE64 }}
66+
APPLE_CERTIFICATES_BUNDLE_PATH: ${{ runner.temp }}/apple_certificates_bundle.p12
67+
APPLE_CERTIFICATES_BUNDLE_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_BUNDLE_PASSWORD }}
7868
KEYCHAIN_PATH: ${{ runner.temp }}/app-signing.keychain-db
7969
run: |
80-
echo -n "$MAC_INSTALLER_CERTIFICATE_BASE64" | base64 --decode -o $MAC_INSTALLER_CERTIFICATE_PATH
81-
echo -n "$MAC_DEVELOPMENT_CERTIFICATE_BASE64" | base64 --decode -o $MAC_DEVELOPMENT_CERTIFICATE_PATH
82-
echo -n "$MAC_APP_CERTIFICATE_BASE64" | base64 --decode -o $MAC_APP_CERTIFICATE_PATH
83-
echo -n "$DEVELOPER_ID_APPLICATION_BASE64" | base64 --decode -o $DEVELOPER_ID_APPLICATION_PATH
84-
echo -n "$DEVELOPER_ID_INSTALLER_BASE64" | base64 --decode -o $DEVELOPER_ID_INSTALLER_PATH
85-
echo -n "$DISTRIBUTION_BASE64" | base64 --decode -o $DISTRIBUTION_PATH
70+
echo -n "$APPLE_CERTIFICATES_BUNDLE_BASE64" | base64 --decode -o $APPLE_CERTIFICATES_BUNDLE_PATH
8671
8772
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
8873
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
8974
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
9075
91-
security import $MAC_INSTALLER_CERTIFICATE_PATH -A -t cert -k $KEYCHAIN_PATH
92-
security import $MAC_DEVELOPMENT_CERTIFICATE_PATH -A -t cert -k $KEYCHAIN_PATH
93-
security import $MAC_APP_CERTIFICATE_PATH -A -t cert -k $KEYCHAIN_PATH
94-
security import $DEVELOPER_ID_APPLICATION_PATH -A -t cert -k $KEYCHAIN_PATH
95-
security import $DEVELOPER_ID_INSTALLER_PATH -A -t cert -k $KEYCHAIN_PATH
96-
security import $DISTRIBUTION_PATH -A -t cert -k $KEYCHAIN_PATH
97-
security list-keychain -d user -s $KEYCHAIN_PATH
76+
security import $APPLE_CERTIFICATES_BUNDLE_PATH -k $KEYCHAIN_PATH -f pkcs12 -P "$APPLE_CERTIFICATES_BUNDLE_PASSWORD"
9877
9978
- name: Install Apple API key
10079
run: |

0 commit comments

Comments
 (0)