Add verification step for signing setup

ammar-agent · ammar-agent · commit e8b1965ee161 · 2025-10-13T15:47:20.000-05:00
This will help us confirm:
- Signing secrets are available
- Keychain is created correctly
- Certificate is imported
- Parallel builds can access the keychain
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -28,6 +28,19 @@ jobs:
           AC_APIKEY_ID: ${{ secrets.AC_APIKEY_ID }}
           AC_APIKEY_ISSUER_ID: ${{ secrets.AC_APIKEY_ISSUER_ID }}
 
+      - name: Verify signing setup
+        run: |
+          echo "Checking if signing is enabled..."
+          if [ -n "${CSC_LINK:-}" ]; then
+            echo "✅ Code signing enabled"
+            echo "📦 Certificate: $CSC_LINK"
+            echo "🔑 Keychain: ${CSC_KEYCHAIN:-not set}"
+            security list-keychains -d user
+            security find-identity -v -p codesigning
+          else
+            echo "⚠️ Code signing NOT enabled (no secrets available)"
+          fi
+
       - name: Package for macOS
         run: make dist-mac
 
diff --git a/scripts/setup-macos-signing.sh b/scripts/setup-macos-signing.sh
@@ -13,7 +13,7 @@ set -euo pipefail
 
 # Setup code signing certificate
 if [ -n "${MACOS_CERTIFICATE:-}" ]; then
-  echo "Setting up code signing certificate..."
+  echo "🔐 Setting up code signing certificate..."
   
   # Decode certificate
   CERT_PATH=/tmp/certificate.p12
