GitHub Action gets stuck running codesign on macOS #941
Comments
|
Did this happen once, multiple times, or every time? macOS code signing, especially in CI likes to have hiccups for some reason and most of the time retrying is enough. If it does happen frequently, can you try it without bundling Python just to check if that's the issue (cause i can't remember seeing anyone bundling and signing it yet)? |
|
It seems like it's every time, I've tried it 10 - 15 times without success. Removing the Python framework didn't help either, it just got stuck trying to sign the executable instead. |
|
Same/similar problem here, it is stuck on signing. Nothing fancy going on just the vanilla - uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
with:
tagName: app-v__VERSION__ # the action automatically replaces \_\_VERSION\_\_ with the app version.
releaseName: "App v__VERSION__"
releaseBody: "See the assets to download this version and install."
releaseDraft: true
prerelease: false
args: ${{ matrix.args }}The last log where it hangs: Both aarch64 and x86_64 jobs are hanging at the same place |
|
It has to do with the way the certs are imported. I don't know what it is, but it works for me when using this action instead of my own import scripts - name: Import Apple Developer Certificate
env:
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
KEYCHAIN_PASSWORD=password
echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
security find-identity -v -p codesigning build.keychainAction that works: |
|
has someone find a way to fix this issue? |
My comment above f.ex :) |
|
This is the build & verify steps that worked for me with that action, it was also getting stuck for me with the steps in the guide: - uses: apple-actions/import-codesign-certs@v3
if: matrix.platform == 'macos-latest'
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
keychain: build
- name: Verify Certificate
if: matrix.platform == 'macos-latest'
run: |
security find-identity -v -p codesigning build.keychain
CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application")
CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
echo "Certificate imported."Swapped |
This was the initial error in my case. |
Hi, I'm trying to sign my macOS app using the Tauri action and it's hanging when it first runs codesign. From testing it out locally, it seems like it's getting stuck waiting on the user prompt to unlock the keychain. From my understanding of the keychain, the call to
security unlock-keychainshould avoid this but it doesn't seem to be working. Any help would be apperciated.Full log below:
The text was updated successfully, but these errors were encountered: