0

I'm trying to setup a GitHub actions workflow to perform build on MacOS(10.15.7) system using self-hosted runner. My action workflow for build including code sign-in as follows

runs-on:  [self-macos]

  steps:
    - uses: actions/checkout@master
    - name: Build and Codesign
      env: 
        KEYCHAIN_PASSWD: ${{ secrets.KEYCHAIN_PASSWD }}
        KEYCHAIN_PATH: ${{ secrets.KEYCHAIN_PATH }}
        DEVELOPER_ID: ${{ secrets.DEVELOPER_ID }}
      run: |
           security list-keychain -d user -s $KEYCHAIN_PATH
           security unlock-keychain -p $KEYCHAIN_PASSWD $KEYCHAIN_PATH
           ./resources/compileExternalClasses.sh

Currently code-signing part is failing with below errors only on actions.

+ codesign -f -s '***' -v /Users/devadmin/actions-runner/_work/linux-driver/linux-driver/framework.app

error: The specified item could not be found in the keychain.
- script failed with code : 1
Running install script failed with exit code 1
build fail.
Error: Process completed with exit code 255.

On Mac runner system terminal with the same GitHub action workspace source code build & code signing working without any issue.

Even through Jenkins the same source code works without issues.

Already in our Mac Server side certificate installed and underKey-chain section below have activated.

Trust - When using this certificate - Use System Defaults

Access Control - Allow all applications to access this item

Since the above issue is occurring only on github action build. Please let me know what I'm missing with action side?

user4948798
  • 1,924
  • 4
  • 43
  • 89

2 Answers2

0

The item specified in the "s" parameter is unavailable in the keychain.

For GitHub you have to import your certificates to the Keychain first.

The easiest way will be to use:

uses: apple-actions/import-codesign-certs@v1
with: 
  p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
  p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}

Full instruction on how to create proper secrets is here.

Remember that for self-hosted runners, you have to clean it up after each run:

- name: Clean up keychain and provisioning profile
  if: ${{ always() }}
  run: |
    security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
    rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
Grzegorz Krukowski
  • 18,081
  • 5
  • 50
  • 71
0

With the help of this Link

Have copied apple developer certificate from login keychian to system list now my problem has been resolved.

user4948798
  • 1,924
  • 4
  • 43
  • 89