Unlock keychain in build script

airbnb · Dec 14, 2023 · e63369d · e63369d
1 parent ead6042
commit e63369d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -128,12 +128,14 @@ jobs:
         with:
           xcode: ${{ matrix.xcode }}
       - name: Build XCFramework
+        env:
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
         run: |
           # Once there is a production Xcode version with the visionOS SDK, we will 
           # need to also build an XCFramework using that version but without `SKIP_VISION_OS=true`.
           SKIP_VISION_OS=true 
 
-          # Codesign using the unlocked custom keychain created in the previous step.
+          # Codesign using the custom keychain created in the previous step.
           KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
 
           bundle exec rake build:xcframework[Lottie-Xcode-${{ matrix.xcode }}]

diff --git a/Rakefile b/Rakefile
@@ -114,16 +114,20 @@ namespace :build do
       if $?.success?
         puts "Signing certificate is installed. Code signing Lottie.xcframework."
 
-        # In GitHub actions the certificate is in a custom keychain, which we have to pass when codesigning.
+        # In GitHub actions the certificate is in a custom keychain, which we have to unlock and use when codesigning.
         custom_keychain_path = ENV['KEYCHAIN_PATH']
-        if !custom_keychain_path.nil? && !custom_keychain_path.empty?
+        custom_keychain_password = ENV['KEYCHAIN_PASSWORD']
+        if !custom_keychain_path.nil? && !custom_keychain_path.empty? && !custom_keychain_password.nil? && !custom_keychain_password.empty?
+          puts "Unlocking and using custom keychain..."
+          sh 'security unlock-keychain -p "' + custom_keychain_password + '" ' + custom_keychain_path
           sh 'codesign --timestamp -v --sign "Lottie iOS Code Signing" --keychain ' + custom_keychain_path + ' Lottie.xcframework'
         else
           sh 'codesign --timestamp -v --sign "Lottie iOS Code Signing" Lottie.xcframework '
         end
 
+        puts "Successfully codesigned Lottie.xcframework."
       else
-        puts "Signing certificate is not installed. Lottie.xcframework will not be code signed."
+        puts "Signing certificate is not installed. Lottie.xcframework will not be codesigned."
       end
 
       # Archive the XCFramework into a zip file