From 185a09152861c19bfd50a7011c6967110203eaf3 Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 17:42:14 +0200 Subject: [PATCH 01/10] fix: codesign the executable --- .github/workflows/build.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c41aab7..b4fa800 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -87,13 +87,43 @@ jobs: run: | sed -i '' 's/version = \"dev\"/version = \"${{ github.ref_name }}\"/' cli/root.go + - name: Import certificates and provisioning profile + env: + APPLE_WWDR_CERT: ${{ secrets.APPLE_WWDR_CERT }} + DEVELOPER_ID_APPLICATION_CERT: ${{ secrets.DEVELOPER_ID_APPLICATION_CERT }} + DEVELOPER_ID_APPLICATION_PASSWORD: ${{ secrets.DEVELOPER_ID_APPLICATION_PASSWORD }} + run: | + # Create keychain + security create-keychain -p "" build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p "" build.keychain + + echo -n "$APPLE_WWDR_CERT" | base64 --decode > apple_wwdr.cer + security import apple_wwdr.cer -k build.keychain -T /usr/bin/codesign + + echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 + security import certificate.p12 -k build.keychain -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 + + security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain + + # List identities to verify import + security find-identity -v -p codesigning + + security default-keychain -s build.keychain + - name: Build + env: + CODE_SIGN_IDENTITY: ${{ secrets.CODE_SIGN_IDENTITY }} run: | GOARCH=arm64 go build -ldflags="-s -w" -o mobilecli-arm64 GOARCH=amd64 go build -ldflags="-s -w" -o mobilecli-amd64 lipo mobilecli-arm64 mobilecli-amd64 -create -output mobilecli-darwin rm mobilecli-arm64 mobilecli-amd64 ./mobilecli-darwin --version + # codesign this binary + codesign --sign "$CODE_SIGN_IDENTITY" --timestamp --options runtime ./mobilecli + # make sure spctl passes + spctl -a -vv -t install ./mobilecli-darwin - name: Upload macos build artifact uses: actions/upload-artifact@v4 From 53c8b46fbe716a118038a3a3a6472e8c411f80f3 Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 17:51:23 +0200 Subject: [PATCH 02/10] fix: codesign the executable --- .github/workflows/build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b4fa800..cb488cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -120,10 +120,10 @@ jobs: lipo mobilecli-arm64 mobilecli-amd64 -create -output mobilecli-darwin rm mobilecli-arm64 mobilecli-amd64 ./mobilecli-darwin --version - # codesign this binary - codesign --sign "$CODE_SIGN_IDENTITY" --timestamp --options runtime ./mobilecli - # make sure spctl passes - spctl -a -vv -t install ./mobilecli-darwin + # codesign this binary + codesign --sign "$CODE_SIGN_IDENTITY" --timestamp --options runtime ./mobilecli + # make sure spctl passes + spctl -a -vv -t install ./mobilecli-darwin - name: Upload macos build artifact uses: actions/upload-artifact@v4 From c0fca324a95b41c465a6175e6438f966930892fc Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 17:57:43 +0200 Subject: [PATCH 03/10] fix: codesign the executable --- .github/workflows/build.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cb488cd..f6752ba 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -98,17 +98,22 @@ jobs: security default-keychain -s build.keychain security unlock-keychain -p "" build.keychain + echo "step1" echo -n "$APPLE_WWDR_CERT" | base64 --decode > apple_wwdr.cer security import apple_wwdr.cer -k build.keychain -T /usr/bin/codesign + echo "step2" echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 security import certificate.p12 -k build.keychain -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 + echo "step3" security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain # List identities to verify import + echo "step4" security find-identity -v -p codesigning + echo "step5" security default-keychain -s build.keychain - name: Build From 9a542242802139c03a855a0d29c979a11ce0058e Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 18:05:53 +0200 Subject: [PATCH 04/10] fix: codesign the executable --- .github/workflows/build.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f6752ba..c53a9cf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -98,22 +98,22 @@ jobs: security default-keychain -s build.keychain security unlock-keychain -p "" build.keychain - echo "step1" + echo "step1" echo -n "$APPLE_WWDR_CERT" | base64 --decode > apple_wwdr.cer security import apple_wwdr.cer -k build.keychain -T /usr/bin/codesign - echo "step2" + echo "step2" echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 security import certificate.p12 -k build.keychain -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 - echo "step3" + echo "step3" security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain # List identities to verify import - echo "step4" + echo "step4" security find-identity -v -p codesigning - echo "step5" + echo "step5" security default-keychain -s build.keychain - name: Build From aec64cfd410619055424be6bde78f04f1ebdfea4 Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 18:14:01 +0200 Subject: [PATCH 05/10] fixing --- .github/workflows/build.yml | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c53a9cf..cdc44a1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -94,27 +94,22 @@ jobs: DEVELOPER_ID_APPLICATION_PASSWORD: ${{ secrets.DEVELOPER_ID_APPLICATION_PASSWORD }} run: | # Create keychain - security create-keychain -p "" build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p "" build.keychain + security create-keychain -p "" build.keychain-db + security default-keychain -s build.keychain-db + security unlock-keychain -p "" build.keychain-db - echo "step1" echo -n "$APPLE_WWDR_CERT" | base64 --decode > apple_wwdr.cer - security import apple_wwdr.cer -k build.keychain -T /usr/bin/codesign + security import apple_wwdr.cer -k build.keychain-db -T /usr/bin/codesign - echo "step2" echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 - security import certificate.p12 -k build.keychain -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 + security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 - echo "step3" - security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain + security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain-db # List identities to verify import - echo "step4" security find-identity -v -p codesigning - echo "step5" - security default-keychain -s build.keychain + security default-keychain -s build.keychain-db - name: Build env: From 0c0d20e0015c740a014a93a7ef7f2f4d1ca253b2 Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 18:22:42 +0200 Subject: [PATCH 06/10] fixing --- .github/workflows/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cdc44a1..648047f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -104,6 +104,10 @@ jobs: echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 + - name: Setup tmate session + uses: mxschmitt/action-tmate@v3 + + - run: | security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain-db # List identities to verify import From 29542287d905eb1e7a164b03d86bedcbc07efef9 Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 18:47:13 +0200 Subject: [PATCH 07/10] updates --- .github/workflows/build.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 648047f..9ad0000 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -103,11 +103,6 @@ jobs: echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 - - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - - - run: | security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain-db # List identities to verify import From 4ab065d894d41eae430de1cb421ebf3d41949110 Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 20:27:10 +0200 Subject: [PATCH 08/10] updates --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9ad0000..fdd53e8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -102,7 +102,7 @@ jobs: security import apple_wwdr.cer -k build.keychain-db -T /usr/bin/codesign echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 - security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -A -t cert -f pkcs12 + security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -t cert -f pkcs12 security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain-db # List identities to verify import From 8a0e4d649ad027b6c6c144d18bb24586f548c894 Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 20:32:09 +0200 Subject: [PATCH 09/10] updates --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fdd53e8..493c87f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -102,7 +102,7 @@ jobs: security import apple_wwdr.cer -k build.keychain-db -T /usr/bin/codesign echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 - security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -t cert -f pkcs12 + security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain-db # List identities to verify import @@ -120,7 +120,7 @@ jobs: rm mobilecli-arm64 mobilecli-amd64 ./mobilecli-darwin --version # codesign this binary - codesign --sign "$CODE_SIGN_IDENTITY" --timestamp --options runtime ./mobilecli + codesign --sign "$CODE_SIGN_IDENTITY" --timestamp --options runtime ./mobilecli-darwin # make sure spctl passes spctl -a -vv -t install ./mobilecli-darwin From f348ba12c1cd1cde20917bcfe293f0e38763f269 Mon Sep 17 00:00:00 2001 From: gmegidish Date: Tue, 7 Oct 2025 20:39:18 +0200 Subject: [PATCH 10/10] updates --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 493c87f..ab0bdd0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -99,10 +99,10 @@ jobs: security unlock-keychain -p "" build.keychain-db echo -n "$APPLE_WWDR_CERT" | base64 --decode > apple_wwdr.cer - security import apple_wwdr.cer -k build.keychain-db -T /usr/bin/codesign + security import apple_wwdr.cer -k build.keychain-db -A echo -n "$DEVELOPER_ID_APPLICATION_CERT" | base64 --decode > certificate.p12 - security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security + security import certificate.p12 -k build.keychain-db -P "$DEVELOPER_ID_APPLICATION_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security -t cert -f pkcs12 -A security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain-db # List identities to verify import