From a34b7ed291e7acf24c1b4a28565cc0ac470623c9 Mon Sep 17 00:00:00 2001 From: Connor Yoh Date: Fri, 11 Jul 2025 13:37:32 +0100 Subject: [PATCH] unlock keystore --- .github/workflows/tauri-test.yml | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tauri-test.yml b/.github/workflows/tauri-test.yml index 270fad230..61b613de7 100644 --- a/.github/workflows/tauri-test.yml +++ b/.github/workflows/tauri-test.yml @@ -238,13 +238,37 @@ jobs: KEYCHAIN_PATH="$HOME/Library/Keychains/build.keychain-db" echo "Using keychain path: $KEYCHAIN_PATH" - jarsigner -verbose \ + # Ensure keychain is unlocked and accessible + security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain + security set-keychain-settings -t 3600 -u build.keychain + + # Add timeout and proper error handling + timeout 300 jarsigner -verbose \ -keystore "$KEYCHAIN_PATH" \ -storetype KeychainStore \ -storepass "$KEYCHAIN_PASSWORD" \ -signedjar "${MAIN_JAR}.signed" \ "$MAIN_JAR" \ - "$CERT_ID" + "$CERT_ID" || { + echo "❌ jarsigner failed or timed out" + echo "Trying alternative approach with PKCS12 keystore..." + + # Convert to PKCS12 and try again + security export -k build.keychain -t identities -f pkcs12 -o temp_cert.p12 -P "$APPLE_CERTIFICATE_PASSWORD" + + timeout 300 jarsigner -verbose \ + -keystore temp_cert.p12 \ + -storetype PKCS12 \ + -storepass "$APPLE_CERTIFICATE_PASSWORD" \ + -signedjar "${MAIN_JAR}.signed" \ + "$MAIN_JAR" \ + 1 || { + echo "❌ Both signing methods failed" + exit 1 + } + + rm -f temp_cert.p12 + } # Replace original with signed JAR mv "${MAIN_JAR}.signed" "$MAIN_JAR"