From 5831e8bfa129f89c0964a7df5b9b6e4a54dd502c Mon Sep 17 00:00:00 2001 From: Christopher Willis-Ford <7019101+cwillisf@users.noreply.github.com> Date: Wed, 2 Jun 2021 21:38:02 -0700 Subject: [PATCH] update handling of context vars on CircleCI --- .circleci/config.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5b59e56..6befc9a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -61,17 +61,20 @@ jobs: } decodeToFile embedded.provisionprofile "${MAC_PROVISION_PROFILE}" decodeToFile mas-dev.provisionprofile "${MAC_DEV_PROVISION_PROFILE}" - decodeToFile macos-certs-scratch-foundation.p12 "${CSC_MACOS}" + decodeToFile macos-certs-scratch-foundation.p12.gz "${CSC_MACOS_GZ}" + decodeToFile apple-dev-cert.p12 "${MAC_DEV_CERT}" + gunzip macos-certs-scratch-foundation.p12.gz security -v create-keychain -p circleci circleci.keychain security -v default-keychain -s circleci.keychain security -v import macos-certs-scratch-foundation.p12 -k circleci.keychain -P "${CSC_MACOS_PASSWORD}" -T /usr/bin/codesign -T /usr/bin/productbuild + security -v import apple-dev-cert.p12 -k circleci.keychain -P "${MAC_DEV_CERT_PASSWORD}" -T /usr/bin/codesign -T /usr/bin/productbuild security -v unlock-keychain -p circleci circleci.keychain # "set-key-partition-list" prints extensive not-so-useful output and adding "-q" (even multiple times) doesn't suppress it. # The "grep -v" at the end of this line suppresses all of that so any errors or warnings might be more visible. security -v set-key-partition-list -S apple-tool:,apple:,codesign: -s -k circleci circleci.keychain | grep -v '^ 0x' security -v set-keychain-settings -lut 600 circleci.keychain security -v find-identity circleci.keychain - rm macos-certs-scratch-foundation.p12 + rm macos-certs-scratch-foundation.p12 apple-dev-cert.p12 - restore_cache: # Caching Homebrew's files (see the save_cache step below) means that Homebrew doesn't have to update as # much. The Homebrew update can take several minutes without this, but with the cache it tends to take less