ci: fix macOS build workflow failing on every push#4
Merged
Conversation
The macOS workflow ran on every push to main and failed at the Apple certificate import step because the repo has no signing secrets; it also referenced the old opcode.app bundle name from the upstream fork. - Make it a release/manual workflow (workflow_call + workflow_dispatch), not a per-push job — build-test.yml already compiles on all platforms - Make all signing secrets optional; gate certificate import on their presence so unsigned builds still succeed - Let Tauri handle signing/notarization (drops the opcode.app-specific lipo/codesign/notarytool steps) and build per-arch DMGs by target - Add fail-fast: false so one arch failing no longer cancels the other https://claude.ai/code/session_01Gmu1w8BkBKAGnZSLfTsERC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
build-macos.ymlran on every push tomainand failed ~13s in at the "Import Apple certificates" step because the repository has no Apple Developer signing secrets. With the default fail-fast matrix, the Intel job was then cancelled and the Universal Binary step skipped — producing the red "some checks were not successful". The workflow also still referencedopcode.app, a leftover bundle name from the upstream fork (the app is nowSyndrome AI).Fix
workflow_call+workflow_dispatch). Per-commit compilation is already covered bybuild-test.ymlacross Linux/Windows/macOS/ARM64.required: false, and the certificate import is gated onAPPLE_CERTIFICATEbeing present. Without secrets the build still succeeds and produces an unsigned bundle.opcode.applipo/codesign/notarytoolsteps; builds per-arch DMGs by target instead.fail-fast: falseso one arch failing no longer cancels the other.Verification
tsc --noEmitclean,npm run buildsucceeds,npm audit0 vulnerabilities.https://claude.ai/code/session_01Gmu1w8BkBKAGnZSLfTsERC
Generated by Claude Code