unlock keystore

2025-08-02 13:48:15 +02:00 · 2025-07-11 13:37:32 +01:00 · 2025-07-11 13:37:32 +01:00 · a34b7ed291
commit a34b7ed291
parent c8107a37a0
1 changed files with 26 additions and 2 deletions
--- a/.github/workflows/tauri-test.yml
+++ b/.github/workflows/tauri-test.yml
@ -238,13 +238,37 @@ jobs:
          KEYCHAIN_PATH="$HOME/Library/Keychains/build.keychain-db"
          echo "Using keychain path: $KEYCHAIN_PATH"
          
-          jarsigner -verbose \
+          # Ensure keychain is unlocked and accessible
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          security set-keychain-settings -t 3600 -u build.keychain
+          
+          # Add timeout and proper error handling
+          timeout 300 jarsigner -verbose \
            -keystore "$KEYCHAIN_PATH" \
            -storetype KeychainStore \
            -storepass "$KEYCHAIN_PASSWORD" \
            -signedjar "${MAIN_JAR}.signed" \
            "$MAIN_JAR" \
-            "$CERT_ID"
+            "$CERT_ID" || {
+            echo "❌ jarsigner failed or timed out"
+            echo "Trying alternative approach with PKCS12 keystore..."
+            
+            # Convert to PKCS12 and try again
+            security export -k build.keychain -t identities -f pkcs12 -o temp_cert.p12 -P "$APPLE_CERTIFICATE_PASSWORD"
+            
+            timeout 300 jarsigner -verbose \
+              -keystore temp_cert.p12 \
+              -storetype PKCS12 \
+              -storepass "$APPLE_CERTIFICATE_PASSWORD" \
+              -signedjar "${MAIN_JAR}.signed" \
+              "$MAIN_JAR" \
+              1 || {
+              echo "❌ Both signing methods failed"
+              exit 1
+            }
+            
+            rm -f temp_cert.p12
+          }
          
          # Replace original with signed JAR
          mv "${MAIN_JAR}.signed" "$MAIN_JAR"