ci(release): manual Developer ID export — cloud signing has no fallback
ci / web (push) Failing after 34s
ci / rust (push) Successful in 55s
ci / docs-site (push) Failing after 34s
apple / swift (push) Successful in 1m18s
docker / deploy-docs (push) Failing after 14s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 3s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 3s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 4s
release / apple (push) Failing after 2m35s
ci / web (push) Failing after 34s
ci / rust (push) Successful in 55s
ci / docs-site (push) Failing after 34s
apple / swift (push) Successful in 1m18s
docker / deploy-docs (push) Failing after 14s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 3s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 3s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 4s
release / apple (push) Failing after 2m35s
With -allowProvisioningUpdates, exportArchive prefers cloud-managed
Developer ID signing; the App-Manager API key can't ("Cloud signing
permission error") and the valid local identity is never tried.
signingStyle=manual + explicit signingCertificate, cloud flags off
this step (archive keeps them for profile fetch).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -139,17 +139,19 @@ jobs:
|
|||||||
<key>method</key><string>developer-id</string>
|
<key>method</key><string>developer-id</string>
|
||||||
<key>teamID</key><string>$TEAM_ID</string>
|
<key>teamID</key><string>$TEAM_ID</string>
|
||||||
<key>destination</key><string>export</string>
|
<key>destination</key><string>export</string>
|
||||||
|
<!-- Manual + explicit cert: with -allowProvisioningUpdates Xcode prefers
|
||||||
|
CLOUD-managed Developer ID signing, which the App-Manager-role API key
|
||||||
|
can't do ("Cloud signing permission error") and it never falls back to
|
||||||
|
the perfectly valid local identity. -->
|
||||||
|
<key>signingStyle</key><string>manual</string>
|
||||||
|
<key>signingCertificate</key><string>Developer ID Application</string>
|
||||||
</dict>
|
</dict>
|
||||||
</plist>
|
</plist>
|
||||||
EOF
|
EOF
|
||||||
DEVELOPER_DIR="$XCODE_DEV_DIR" xcodebuild -exportArchive \
|
DEVELOPER_DIR="$XCODE_DEV_DIR" xcodebuild -exportArchive \
|
||||||
-archivePath "$RUNNER_TEMP/Punktfunk-macos.xcarchive" \
|
-archivePath "$RUNNER_TEMP/Punktfunk-macos.xcarchive" \
|
||||||
-exportOptionsPlist "$RUNNER_TEMP/export-devid.plist" \
|
-exportOptionsPlist "$RUNNER_TEMP/export-devid.plist" \
|
||||||
-exportPath "$RUNNER_TEMP/export-devid" \
|
-exportPath "$RUNNER_TEMP/export-devid"
|
||||||
-allowProvisioningUpdates \
|
|
||||||
-authenticationKeyPath "$RUNNER_TEMP/asc.p8" \
|
|
||||||
-authenticationKeyID "${{ secrets.ASC_API_KEY_ID }}" \
|
|
||||||
-authenticationKeyIssuerID "${{ secrets.ASC_API_ISSUER_ID }}"
|
|
||||||
|
|
||||||
- name: Notarized DMG
|
- name: Notarized DMG
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
Reference in New Issue
Block a user