From bdf29719223b67d6b558185f49fb3c34e9429d42 Mon Sep 17 00:00:00 2001 From: Oleksii-Flamingo Date: Tue, 16 Dec 2025 13:13:21 +0200 Subject: [PATCH] Update signing step (#18) --- .github/steps/sign-macos-package/action.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/steps/sign-macos-package/action.yml b/.github/steps/sign-macos-package/action.yml index 8c8318c22..032db2b78 100644 --- a/.github/steps/sign-macos-package/action.yml +++ b/.github/steps/sign-macos-package/action.yml @@ -58,13 +58,22 @@ runs: rm "$CERTIFICATE_PATH" echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >> $GITHUB_ENV + # Extract the signing identity from the keychain (use SHA-1 hash for reliability) + SIGNING_IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN_PATH" | grep "Developer ID Application" | head -1 | awk -F'"' '{print $2}') + if [[ -z "$SIGNING_IDENTITY" ]]; then + echo "Error: No Developer ID Application identity found in keychain" + exit 1 + fi + echo "Found signing identity: $SIGNING_IDENTITY" + echo "SIGNING_IDENTITY=$SIGNING_IDENTITY" >> $GITHUB_ENV + - name: Code Sign Standalone binary shell: bash run: | chmod +x "$BINARY_PATH" # Sign the binary and verify - codesign --sign "$DEVELOPER_ID" --timestamp --options runtime --deep --force "$BINARY_PATH" + codesign --sign "$SIGNING_IDENTITY" --timestamp --options runtime --deep --force "$BINARY_PATH" # Verify signature codesign --verify --deep --strict --verbose=2 "$BINARY_PATH"