Update release.yml with code-signing

ccxzhang · ccxzhang · commit 2d594c16c4f3 · 2025-04-04T23:53:07.000-04:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -39,19 +39,20 @@ jobs:
           CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
         run: |
           echo "$SIGNING_CERTIFICATE" | base64 --decode > certificate.p12
-          security import certificate.p12 -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign
+          # Import certificate into the login keychain explicitly
+          security import certificate.p12 -k ~/Library/Keychains/login.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign
 
       - name: Code Sign Application
         if: matrix.os == 'macos-latest'
         run: |
-          codesign --sign "3rd Party Mac Developer Application: Your Name (TeamID)" \
+          codesign --sign "${{ secrets.SIGNING_IDENTITY }}" \
             --deep --force --timestamp --options runtime \
             --entitlements build/entitlements.mac.plist \
-            "dist/mac/YourAppName.app"
+            "dist/mac/DHIS2 Downloader.app"
 
       - name: Verify Code Signature
         if: matrix.os == 'macos-latest'
-        run: codesign --verify --deep --strict --verbose=2 "dist/mac/YourAppName.app"
+        run: codesign --verify --deep --strict --verbose=2 "dist/mac/DHIS2 Downloader.app"
       # === End of macOS Code Signing Steps ===
 
       - name: Upload artifact
