From 631ce68126bca3c3b4cd34c0df1bd40dabadab19 Mon Sep 17 00:00:00 2001
From: Jay Lee <jay0lee@gmail.com>
Date: Tue, 17 Sep 2024 11:52:34 -0400
Subject: [PATCH] actions: actually try to sign gam binary for MacOS

---
 .github/workflows/build.yml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6d5d462d..9c5b2c5e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -204,7 +204,8 @@ jobs:
       - name: MacOS import developer certificates for signing
         if: runner.os == 'macOS'
         uses: apple-actions/import-codesign-certs@v3
-        with: 
+        with:
+          keychain: signing_temp
           p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
           p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
 
@@ -603,14 +604,16 @@ jobs:
               ;;
           esac
           echo "ldlib=${ldlib}"
-          $PYTHON -m staticx -l "${ldlib}" "${gam}" "${gam}-staticx"
-          rm -v "${gam}"
-          mv -v "${gam}-staticx" "${gam}"
+          $PYTHON -m staticx -l "${ldlib}" "$gam" "${gam}-staticx"
+          rm -v "$gam"
+          mv -v "${gam}-staticx" "$gam"
 
       - name: MacOS sign GAM binary
         if: runner.os == 'macOS'
         run: |
-          security find-identity -p basic -v
+          security find-identity -v signing_temp.keychain
+          codesign --force --deep --sign "Jay Lee" --options=runtime --entitlements "${GITHUB_WORKSPACE}/.github/actions/entitlements.xml" --timestamp "$gam"
+          codesign -dv --verbose=4 "$gam"
 
       - name: Basic Tests all jobs
         id: basictests