Here I give an example for CircleCI, in a step prior to using the certificate, let's say for code-signing, make sure you have installed the certificate on your macOS executor, otherwise you may get error while executing code signing.
See sample commands below for your reference:
sign-app-on-macOS:
macos:
xcode: 15.2.0
resource_class: macos.m1.medium.gen1
steps:
- run:
name: Download and install P12 certificate on macOS
command: |
aws s3 cp s3://bucket/certificates/Certificates.p12 Certificates.p12
security create-keychain -p "password" ci.keychain
security default-keychain -s ci.keychain
security unlock-keychain -p "password" ci.keychain
security import Certificates.p12 -k ci.keychain -P $CSC_KEY_PASSWORD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "password" ci.keychain
security find-identity -p codesigning -v
- run: codesign --deep blah blah ...
Steps are as followed:
- Download Certificates.p12 from cloud store
- Create keychain and import certificate into it
- Verify installed certificate that's valid
Note that CSC_KEY_PASSWORD environment variable is set for importing the password protected cert.
Top comments (0)