ci(release): manual Developer ID export — cloud signing has no fallback
With -allowProvisioningUpdates, exportArchive prefers cloud-managed
Developer ID signing; the App-Manager API key can't ("Cloud signing
permission error") and the valid local identity is never tried.
signingStyle=manual + explicit signingCertificate, cloud flags off
this step (archive keeps them for profile fetch).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -139,17 +139,19 @@ jobs:
|
||||
<key>method</key><string>developer-id</string>
|
||||
<key>teamID</key><string>$TEAM_ID</string>
|
||||
<key>destination</key><string>export</string>
|
||||
<!-- Manual + explicit cert: with -allowProvisioningUpdates Xcode prefers
|
||||
CLOUD-managed Developer ID signing, which the App-Manager-role API key
|
||||
can't do ("Cloud signing permission error") and it never falls back to
|
||||
the perfectly valid local identity. -->
|
||||
<key>signingStyle</key><string>manual</string>
|
||||
<key>signingCertificate</key><string>Developer ID Application</string>
|
||||
</dict>
|
||||
</plist>
|
||||
EOF
|
||||
DEVELOPER_DIR="$XCODE_DEV_DIR" xcodebuild -exportArchive \
|
||||
-archivePath "$RUNNER_TEMP/Punktfunk-macos.xcarchive" \
|
||||
-exportOptionsPlist "$RUNNER_TEMP/export-devid.plist" \
|
||||
-exportPath "$RUNNER_TEMP/export-devid" \
|
||||
-allowProvisioningUpdates \
|
||||
-authenticationKeyPath "$RUNNER_TEMP/asc.p8" \
|
||||
-authenticationKeyID "${{ secrets.ASC_API_KEY_ID }}" \
|
||||
-authenticationKeyIssuerID "${{ secrets.ASC_API_ISSUER_ID }}"
|
||||
-exportPath "$RUNNER_TEMP/export-devid"
|
||||
|
||||
- name: Notarized DMG
|
||||
run: |
|
||||
|
||||
Reference in New Issue
Block a user