Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RCOCOA-2395: Code sign our published xcframeworks #8637

Merged
merged 2 commits into from
Jul 23, 2024
Merged

RCOCOA-2395: Code sign our published xcframeworks #8637

merged 2 commits into from
Jul 23, 2024

Conversation

dianaafanador3
Copy link
Contributor

@dianaafanador3 dianaafanador3 commented Jun 20, 2024
edited
Loading

Code sign our published xcframeworks in Github actions.
You can verify the generated release package in this action run.
https://github.com/realm/realm-swift/actions/runs/9600027436

@cla-bot cla-bot bot added the cla: yes label Jun 20, 2024
@dianaafanador3 dianaafanador3 force-pushed the dp/sign-xcframework branch 2 times, most recently from 2800058 to 4bae45c Compare June 26, 2024 09:14
@dianaafanador3 dianaafanador3 marked this pull request as ready for review June 26, 2024 09:14
@dianaafanador3 dianaafanador3 linked an issue Jun 26, 2024 that may be closed by this pull request
Code sign our published xcframeworks #8630
Closed
@nirinchev
Copy link
Member

It looks like this is signed with your personal team certificate (team 74HX4QV25A rather than QX5CR2FTN2). We should probably update the certificates.

tgoyne
tgoyne reviewed Jun 26, 2024
View reviewed changes
Copy link
Member

@tgoyne tgoyne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where does the signing cert come from and how do we update it? If this is a manual process it needs to be documented.

.github/workflows/master-push.yml Outdated
Comment on lines 194 to 209
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

# import certificate and provisioning profile from secrets
echo -n "$DEVELOPMENT_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH

# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should all be a shell script which is invoked. The only thing which should ever be in the GHA yaml files are just the GHA configuration, and not the actual build steps.

@dianaafanador3 dianaafanador3 force-pushed the dp/sign-xcframework branch 4 times, most recently from 9543b67 to 4674cb5 Compare July 22, 2024 11:53
@dianaafanador3 dianaafanador3 merged commit 2fd2e3f into master Jul 23, 2024
386 of 393 checks passed
@dianaafanador3 dianaafanador3 deleted the dp/sign-xcframework branch July 23, 2024 15:23
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tgoyne tgoyne tgoyne approved these changes

@Naveen-C-Ramachandrappa Naveen-C-Ramachandrappa Naveen-C-Ramachandrappa approved these changes

@nirinchev nirinchev Awaiting requested review from nirinchev

Assignees

@dianaafanador3 dianaafanador3

Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Code sign our published xcframeworks
4 participants
@dianaafanador3 @nirinchev @tgoyne @Naveen-C-Ramachandrappa