From 697717eb1ea46590d9221afbc2b34a09086e79d3 Mon Sep 17 00:00:00 2001
From: Jonas Kvinge <jonas@jkvinge.net>
Date: Sun, 15 Oct 2023 16:09:25 +0200
Subject: [PATCH] CI: Use apple-actions/import-codesign-certs

---
 .github/workflows/build.yml | 34 ++++++----------------------------
 1 file changed, 6 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 00ef2133f..8e8b14ed8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -793,39 +793,17 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Write certificate file
+      - name: Import certificate file
         if: matrix.runner == 'macos-11'
-        env:
-          APPLE_DEVELOPER_ID_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE }}
-        run: echo ${APPLE_DEVELOPER_ID_CERTIFICATE} | base64 --decode > certificate.p12
-
-      - name: Create keychain
-        if: matrix.runner == 'macos-11'
-        run: security create-keychain -p ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }} build.keychain
-
-      - name: Set keychain
-        if: matrix.runner == 'macos-11'
-        run: security default-keychain -s build.keychain
-
-      - name: Unlock keychain
-        if: matrix.runner == 'macos-11'
-        run: security unlock-keychain -p ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }} build.keychain
+        uses: apple-actions/import-codesign-certs@v2
+        with:
+          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE }}
+          p12-password: ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }}
 
       - name: Unlock keychain
         if: matrix.runner == 'macos-arm64'
         run: security unlock-keychain -p ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD2 }}
 
-      - name: Import certificate
-        if: matrix.runner == 'macos-11'
-        run: security import certificate.p12 -k build.keychain -P ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }} -T /usr/bin/codesign
-
-      - name: Show certificate
-        run: security find-identity -v
-
-      - name: Allow certificate
-        if: matrix.runner == 'macos-11'
-        run: security set-key-partition-list -S 'apple-tool:,apple:,codesign:' -s -k ${{ secrets.APPLE_DEVELOPER_ID_CERTIFICATE_PASSWORD }} build.keychain
-
       - name: Download macOS dependencies
         run: curl -f -O -L https://github.com/strawberrymusicplayer/strawberry-macos-dependencies/releases/latest/download/strawberry-macos-${{env.arch}}-${{env.buildtype}}.tar.xz
 
@@ -859,7 +837,7 @@ jobs:
           -DENABLE_DBUS=OFF
           -DICU_ROOT="${{env.prefix_path}}"
           -DFFTW3_DIR="${{env.prefix_path}}"
-          -DAPPLE_DEVELOPER_ID=$(test "${{matrix.runner}}" = "macos-arm64" && echo "383J84DVB6" || echo "")
+          -DAPPLE_DEVELOPER_ID="383J84DVB6"
 
       - name: Build
         run: cmake --build build --config Release --parallel 4