feat: enhance code signing process in release workflow

张星宇 · 张星宇 · commit e1e4cc15a0c6 · 2025-12-15T16:15:00.000+08:00
- Add checks to verify if the Apple code signing certificate is configured before attempting to import it.
- Update environment variables to conditionally enable automatic code signing discovery based on certificate availability.
- Improve comments for clarity regarding the signing process and its prerequisites.

This change ensures a smoother build process by preventing errors related to missing certificates.

Change-Id: I9c117da9f288d9fad544f34ff28cfba587e739e5
Co-developed-by: Cursor &lt;noreply@cursor.com&gt;
Signed-off-by: 张星宇 &lt;neil.zxy@alibaba-inc.com&gt;
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -64,13 +64,21 @@ jobs:
       - name: Build Next.js
         run: npm run build
 
-      # 导入 Apple 开发者证书用于签名
+      # 导入 Apple 开发者证书用于签名（如果配置了证书）
       - name: Import Code Signing Certificate
-        if: ${{ secrets.APPLE_CERTIFICATE_BASE64 != '' }}
         env:
           APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
           APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
         run: |
+          # 检查是否配置了证书
+          if [ -z "$APPLE_CERTIFICATE_BASE64" ]; then
+            echo "⚠️ No signing certificate configured, skipping code signing"
+            echo "HAS_CERTIFICATE=false" >> $GITHUB_ENV
+            exit 0
+          fi
+          
+          echo "HAS_CERTIFICATE=true" >> $GITHUB_ENV
+          
           # 创建临时钥匙串
           KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
           KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
@@ -100,13 +108,12 @@ jobs:
           npx electron-builder --mac --${{ matrix.arch }} --config electron-builder.config.js
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # 签名相关环境变量
-          # 如果没有配置证书，CSC_IDENTITY_AUTO_DISCOVERY=false 会跳过签名
-          # CSC_IDENTITY_AUTO_DISCOVERY: ${{ secrets.APPLE_CERTIFICATE_BASE64 != '' }}
-          # # 公证相关环境变量
-          # APPLE_ID: ${{ secrets.APPLE_ID }}
-          # APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
-          # APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          # 如果没有证书，禁用自动签名发现
+          CSC_IDENTITY_AUTO_DISCOVERY: ${{ env.HAS_CERTIFICATE == 'true' }}
+          # 公证相关环境变量（仅在配置了证书时有效）
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
 
       # 清理钥匙串
       - name: Cleanup Keychain
