Skip to content

Commit 1cf9d4e

Browse files
idid
committed
ci: fix release workflow
1 parent 3d8f858 commit 1cf9d4e

File tree

2 files changed

+12
-5
lines changed

2 files changed

+12
-5
lines changed

.github/workflows/release.yaml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@ jobs:
130130
- macos-14
131131
- macos-15
132132
otp:
133-
- 27.2-3
133+
- 27
134134

135135
runs-on: ${{ matrix.macos }}
136136

@@ -140,6 +140,8 @@ jobs:
140140
fetch-depth: 0
141141
ref: ${{ github.event.inputs.branch_or_tag }}
142142
- name: prepare
143+
env:
144+
OTP: ${{ matrix.otp }}
143145
run: |
144146
brew install curl zip unzip gnu-sed freetds erlang@$OTP
145147
echo "/usr/local/bin" >> $GITHUB_PATH
@@ -151,8 +153,8 @@ jobs:
151153
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
152154
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
153155
APPLE_DEVELOPER_IDENTITY: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
154-
APPLE_DEVELOPER_ID_BUNDLE: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
155-
APPLE_DEVELOPER_ID_BUNDLE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
156+
APPLE_DEVELOPER_ID_BUNDLE: ${{ matrix.os == 'macos-14' && secrets.APPLE_DEVELOPER_ID_BUNDLE || secrets.APPLE_DEVELOPER_ID_BUNDLE_NEW }}
157+
APPLE_DEVELOPER_ID_BUNDLE_PASSWORD: ${{ matrix.os == 'macos-14' && secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD || secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD_NEW }}
156158
BUILD_WITHOUT_QUIC: 1
157159
run: |
158160
erl -eval 'erlang:display(erlang:system_info(system_version)),halt()'

scripts/macos-sign-binaries.sh

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ if [[ "${APPLE_DEVELOPER_ID_BUNDLE:-0}" == 0 || "${APPLE_DEVELOPER_ID_BUNDLE_PAS
2323
fi
2424

2525
PKSC12_FILE="$HOME/developer-id-application.p12"
26-
base64 --decode > "${PKSC12_FILE}" <<<"${APPLE_DEVELOPER_ID_BUNDLE}"
26+
printf '%s' "${APPLE_DEVELOPER_ID_BUNDLE}" | base64 --decode > "${PKSC12_FILE}"
2727

2828
KEYCHAIN="emqtt-bench-$(date +%s).keychain-db"
2929
KEYCHAIN_PASSWORD="$(openssl rand -base64 32)"
@@ -40,7 +40,12 @@ security set-keychain-settings "${KEYCHAIN}"
4040
security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}"
4141
security import "${PKSC12_FILE}" -P "${APPLE_DEVELOPER_ID_BUNDLE_PASSWORD}" -t cert -f pkcs12 -k "${KEYCHAIN}" -T /usr/bin/codesign
4242
security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "${KEYCHAIN_PASSWORD}" "${KEYCHAIN}"
43-
security verify-cert -k "${KEYCHAIN}" -c "${PKSC12_FILE}"
43+
if [ "$(sw_vers -productVersion | cut -d'.' -f1)" -ge 15 ]; then
44+
openssl pkcs12 -in "${PKSC12_FILE}" -clcerts -nokeys -out certificate.crt --passin "pass:${APPLE_DEVELOPER_ID_BUNDLE_PASSWORD}"
45+
security verify-cert -k "${KEYCHAIN}" -c certificate.crt
46+
else
47+
security verify-cert -k "${KEYCHAIN}" -c "${PKSC12_FILE}"
48+
fi
4449
security find-identity -p codesigning "${KEYCHAIN}"
4550

4651
# add new keychain into the search path for codesign, otherwise the stuff does not work

0 commit comments

Comments
 (0)