From 0f76ef91a9dface06c7187215f26d895ee9490ad Mon Sep 17 00:00:00 2001 From: James Magahern Date: Thu, 25 Jun 2026 21:48:19 -0700 Subject: [PATCH] ios: restore working ci p12 import --- .gitea/workflows/testflight-release.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/testflight-release.yml b/.gitea/workflows/testflight-release.yml index 26505d6..855a53e 100644 --- a/.gitea/workflows/testflight-release.yml +++ b/.gitea/workflows/testflight-release.yml @@ -87,16 +87,18 @@ jobs: previous_default_keychain="$(security default-keychain -d user | sed 's/[ "]//g' || true)" developer_dir="$(xcode-select -p)" signing_dir="$(mktemp -d "${RUNNER_TEMP:-${TMPDIR:-/tmp}}/sybil-signing.XXXXXX")" - keychain_path="${signing_dir}/${SIGNING_KEYCHAIN}.keychain-db" + keychain_path="${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db" certificate_path="${signing_dir}/appstore-signing.p12" + wwdr_certificate_path="${signing_dir}/AppleWWDRCAG3.cer" profile_path="${signing_dir}/Sybil_AppStore_CI.mobileprovision" profile_plist="${signing_dir}/profile.plist" old_profile_dir="${HOME}/Library/MobileDevice/Provisioning Profiles" xcode_profile_dir="${HOME}/Library/Developer/Xcode/UserData/Provisioning Profiles" - mkdir -p "${old_profile_dir}" "${xcode_profile_dir}" + mkdir -p "${HOME}/Library/Keychains" "${old_profile_dir}" "${xcode_profile_dir}" printf '%s' "${APPSTORE_CERTIFICATES_FILE_BASE64}" | base64 --decode > "${certificate_path}" printf '%s' "${APPSTORE_PROVISIONING_PROFILE_BASE64}" | base64 --decode > "${profile_path}" + curl -fsSL https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer -o "${wwdr_certificate_path}" security cms -D -i "${profile_path}" > "${profile_plist}" profile_uuid="$(/usr/libexec/PlistBuddy -c 'Print UUID' "${profile_plist}")" profile_name="$(/usr/libexec/PlistBuddy -c 'Print Name' "${profile_plist}")" @@ -112,9 +114,13 @@ jobs: security create-keychain -p "${keychain_password}" "${keychain_path}" security set-keychain-settings -lut 21600 "${keychain_path}" security unlock-keychain -p "${keychain_password}" "${keychain_path}" + security import "${wwdr_certificate_path}" \ + -k "${keychain_path}" \ + -T /usr/bin/codesign \ + -T /usr/bin/security \ + -T /usr/bin/xcodebuild security import "${certificate_path}" \ -k "${keychain_path}" \ - -f pkcs12 \ -P "${APPSTORE_CERTIFICATES_PASSWORD}" \ -T /usr/bin/codesign \ -T /usr/bin/security \ @@ -255,5 +261,5 @@ jobs: "${SYBIL_XCODE_PROFILE_PATH:-}" \ "${SYBIL_OLD_NAMED_PROFILE_PATH:-}" \ "${SYBIL_XCODE_NAMED_PROFILE_PATH:-}" - security delete-keychain "${SYBIL_SIGNING_KEYCHAIN_PATH:-}" || true + security delete-keychain "${SYBIL_SIGNING_KEYCHAIN_PATH:-${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db}" || true rm -rf "${SYBIL_SIGNING_DIR:-}"