I have a macOS app (a background daemon) that I distribute outside the App Store as a .pkg installer. My build process is:
- Build the app (xcodebuild archive)
- Sign the app with Developer ID Application
- Package it with pkgbuild, signed with Developer ID Installer
- Notarize with notarytool
- Staple with stapler
This works perfectly on my local machine using custom build_pkg.sh.
I'm trying to automate this in Xcode Cloud using a ci_post_xcodebuild.sh script so a new build is triggered whenever I push to git repository. The problem is:
• security find-identity shows 0 valid identities in the post-build script environment • The archived app has Signature=adhoc (no Developer ID signing) • pkgbuild can't sign the .pkg without a Developer ID Installer certificate • Notarization rejects everything because nothing is signed with Developer ID
My question: Is there any way to make Developer ID certificates available in Xcode Cloud's post-build scripts? Or is Xcode Cloud only designed for App Store distribution, and I need to use a different CI (like GitHub Actions) for Developer ID / notarized .pkg workflows? Are there other ways to trigger creation of notarized pkg files whenever I push to GitHub?
There are definitely limitations here, but there may also be workarounds. See this thread.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"