I am using Xcode Cloud to build my Mac Catalyst app for Developer ID Distribution as a DMG package that must be codesigned and notarized. I have a ci_post_xcodebuild.sh script that runs after the Archive action.
This needs to perform the following tasks:
- Produce a DMG from the provided exported archive located at
CI_DEVELOPER_ID_SIGNED_APP_PATH - Codesign that DMG using the same certificate identity that Xcode Cloud used when automatic code signing the exported archive using cloud signing.
- Notarize that code signed dmg with the notary service
- Generate a Sparkle appcast.xml file
- Upload the DMG and appcast.xml file to s3
The issue I am having is that I do not have access to the cloud signing keychain identity that Xcode Cloud uses to automatically codesign the exported archive.
I check for identities and none are found. Running:
security find-identity -v -p codesigning
There are no code signing identities available. Make sure you have a "Developer ID (Application)" certificate (with the private key) installed on your Mac with Keychain Access.
How can I access the cloud signing identity in this script so I can sign my DMG file before notarizing it?
I am currently experimenting with installing my own certificate in the build server keychain and run my own archive + export commands after the Build action completes. This is not ideal.
Thanks,
Andrew