@bahmutov, thanks for the info. I was running into the same issue with the keychain password when I ran locally but strangely my app was getting signed on the CircleCI build. The signature was invalid and I couldn’t open the DMG but it was signed. Which was really weird.
Then I realized that it was getting signed using the certificate that we use to sign our Windows app/installer. And once I realized that I figured everything out! Well, not everything, but at least what I needed to know to get signed Electron apps for Windows and Mac out of CircleCI.
So I now have the process to build signed installers/apps for Windows, Linux, and OS X working. The real trick is that you don’t need to do any of the keychain stuff. It’s actually much simpler than that.
For reference, you can check out my working config.yml.
The trick is base64-encoding the application certificate (i.e. Developer ID Application: Foobar, LLC) and setting that in the context referenced in your configuration. My config has the following workflow defined:
workflows:
version: 2
build_all:
jobs:
- build_win_and_linux:
context: dxm
- build_mac:
context: dxm
I have three variables set in that dxm context:
- CSC_LINK contains the base64-encoded Apple application certificate
- CSC_KEY_PASSWORD is set to the password for the certificate in CSC_LINK
- WIN_CSC_LINK contains a base64-encoded certificate from DigiCert
And that’s basically it. Those environment variables get picked up by electron-osx-sign and converted for use when signing the applications/installers.
I’ll try to document the procedure from start to finish later but if anyone from CircleCI wants to try do it first feel free to reach out if you need any info.