fix(ci): verify the app inside the dmg, not the removed standalone .app#49
Conversation
The codesign verify gate added in #48 failed every macOS release build with "no codex_switch.app found to verify": the release finalize step (macos:artifacts:finalize:release) removes the standalone .app and keeps only the dmg/pkg, so `find ... -name codex_switch.app` matched nothing. The dmg's app itself is correctly signed (the #48 fix works). Verify the app inside the dmg (what users download) instead: find the dmg, hdiutil attach, codesign --verify --deep --strict the app, detach. Dry-run locally on an ad-hoc release build: dist/*.dmg -> mounted app verifies rc=0 ("valid on disk", "satisfies its Designated Requirement").
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| app="$(find /tmp/verify-dmg -maxdepth 2 -name '*.app' -print -quit)" | ||
| rc=1 | ||
| if [[ -n "$app" ]]; then | ||
| codesign --verify --deep --strict --verbose=2 "$app"; rc=$? |
There was a problem hiding this comment.
🟡 set -e causes immediate exit on codesign failure, skipping DMG detach cleanup
GitHub Actions runs shell: bash steps with set -eo pipefail by default. On line 189, codesign --verify --deep --strict --verbose=2 "$app"; rc=$? — if codesign returns non-zero, set -e terminates the script immediately before rc=$? executes. The then-body of an if statement is not exempt from set -e (only the if condition itself is exempt). This means when codesign verification fails (the exact scenario this check is designed to catch), hdiutil detach on line 193 is never reached (leaving the DMG mounted) and the descriptive error message on line 194 is never printed. The step does still fail (which is correct), but the cleanup and user-facing error message are bypassed.
The fix is to use || rc=$? or && rc=0 || rc=$? so that the non-zero exit code is captured without triggering set -e.
| codesign --verify --deep --strict --verbose=2 "$app"; rc=$? | |
| codesign --verify --deep --strict --verbose=2 "$app" && rc=0 || rc=$? |
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
Problem
The codesign verify gate added in #48 fails every macOS release build with
no codex_switch.app found to verify→ macos jobs fail → no assets → no draft release.Root cause (locally reproduced)
macos:artifacts:finalize:releaseremoves the standalone .app (log:Removed dist/codex_switch.app) and keeps onlydist/*.dmg+dist/*.pkg. So the gate'sfind ... -name codex_switch.appmatches nothing. The dmg's app is correctly signed — the #48 ad-hoc-codesign fix works; only the verify step looked in the wrong place.Fix
Verify the app inside the dmg (what users download): find the dmg,
hdiutil attach,codesign --verify --deep --strictthe app, detach.Verified locally (dry-run on an ad-hoc release build)
🤖 Generated with Claude Code