From 2ab484582dca76668cfd54064123b170a58e0e30 Mon Sep 17 00:00:00 2001
From: Konstantin Azizov <azizovkostya97@gmail.com>
Date: Sun, 3 Nov 2024 15:22:49 +0100
Subject: [PATCH] ci: trust self-signed certificate

---
 .github/workflows/release.yaml | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b9d43f7..e3bb511 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,5 +1,7 @@
 on:
   push:
+    branches:
+      - ci/fix-mac-signing
     tags:
       - '*'
   workflow_dispatch:
@@ -32,17 +34,26 @@ jobs:
         uses: ./.github/actions/setup-env
       - name: Add target
         run: rustup target add ${{ matrix.platform.target }}
-      - uses: apple-actions/import-codesign-certs@v2
+      - name: Import Apple Developer Certificate
         if: startsWith(matrix.platform.target, 'aarch64-apple-darwin') || startsWith(matrix.platform.target, 'x86_64-apple-darwin')
-        with:
-          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
-          p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
-      - name: Verify certificate
-        if: startsWith(matrix.platform.target, 'aarch64-apple-darwin') || startsWith(matrix.platform.target, 'x86_64-apple-darwin')
-        run: security find-identity -v -p codesigning ${{ runner.temp }}/build.keychain
+        env:
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
+          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
+          openssl pkcs12 -in certificate.p12 -password ${APPLE_CERTIFICATE_PASSWORD} -clcerts -nokeys -out certificate.crt
+          security add-trusted-cert -d -r trustRoot -k build.keychain certificate.crt
+          security find-identity -v -p codesigning build.keychain
       - name: Create release
         uses: tauri-apps/tauri-action@v0
         with:
+          releaseDraft: true
           includeUpdaterJson: true
           tagName: v__VERSION__
           releaseName: 'v__VERSION__'