unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 4 Wiki Activity

ci(release): make the throwaway keychain the default keychain
ci / web (push) Failing after 44s
Details
ci / rust (push) Successful in 54s
Details
apple / swift (push) Successful in 1m19s
Details
ci / docs-site (push) Failing after 42s
Details
docker / deploy-docs (push) Successful in 6s
Details
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 3s
Details
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 3s
Details
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 4s
Details
release / apple (push) Failing after 2m34s
Details

Browse Source 
exportArchive's signing lookup consults the default keychain; search
list membership alone leaves the (valid) identity invisible to it.
Restored to login.keychain in cleanup.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Enrico Bühler
2026-06-12 16:06:04 +00:00
parent 343cb544d9
commit 9758751a4d
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/release.yml
+4
View File
@@ -91,6 +91,9 @@ jobs:
security create-keychain -p "$KEYCHAIN_PASS" "$KEYCHAIN" security create-keychain -p "$KEYCHAIN_PASS" "$KEYCHAIN"
security set-keychain-settings -lut 7200 "$KEYCHAIN" security set-keychain-settings -lut 7200 "$KEYCHAIN"
security unlock-keychain -p "$KEYCHAIN_PASS" "$KEYCHAIN" security unlock-keychain -p "$KEYCHAIN_PASS" "$KEYCHAIN"
# xcodebuild's signing lookup consults the DEFAULT keychain — being on the
# search list alone isn't enough (find-identity sees the cert, export doesn't).
security default-keychain -d user -s "$KEYCHAIN"
# Apple's intermediates — without the issuing CA in the chain the identity is # Apple's intermediates — without the issuing CA in the chain the identity is
# "invalid" and xcodebuild reports "No signing certificate ... found" even # "invalid" and xcodebuild reports "No signing certificate ... found" even
# though the cert imported fine (fresh boxes don't ship all WWDR/Developer ID # though the cert imported fine (fresh boxes don't ship all WWDR/Developer ID
@@ -225,6 +228,7 @@ jobs:
- name: Clean up keychain + API key - name: Clean up keychain + API key
if: always() if: always()
run: | run: |
security default-keychain -d user -s login.keychain-db 2>/dev/null || true
[ -n "${KEYCHAIN:-}" ] && security delete-keychain "$KEYCHAIN" 2>/dev/null || true [ -n "${KEYCHAIN:-}" ] && security delete-keychain "$KEYCHAIN" 2>/dev/null || true
security list-keychains -d user -s login.keychain-db security list-keychains -d user -s login.keychain-db
rm -f "$RUNNER_TEMP/asc.p8" rm -f "$RUNNER_TEMP/asc.p8"