Sign only .node binaries and use correct cert

GovTechSG · Aug 13, 2024 · 7d14e66 · 7d14e66
1 parent 0852f72
commit 7d14e66
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
@@ -72,12 +72,12 @@ jobs:
 
       - name: Sign required binaries for MacOS
         run: |
-          # Find a valid signing certificate in your keychain
-          CERTIFICATE=$(security find-identity -v -p codesigning -s - | tail -n +2 | grep -o '"[^"]*"' | sed 's/"//g')
+          # Find a valid code signing certificate in your keychain for distribution outside Mac App Store
+          CERTIFICATE=$(security find-identity -v -p codesigning -s - | tail -n +2 | grep -o '"Developer ID Application:[^"]*"' | sed 's/"//g')
+
+          # Paths to the binaries you want to sign only ending with .node
+          BINARIES=($(find . -type f -perm +111 -name "*.node" ! -path "*.framework/*" ! -path "*.dSYM/*"))
           
-          # Paths to the binaries you want to sign
-          BINARIES=($(find . -type f -perm +111 ! -path "*.framework/*" ! -path "*.dSYM/*"))
-      
           # Loop through the binary paths and sign each one with a secure timestamp
           for binary in "${BINARIES[@]}"; do
             # Check if the binary is already signed