Fix CI signing: certificate, profile extension, and bundle ID (#67)

* Fix CI: use printf instead of echo for base64 decoding secrets

* Fix CI: strip whitespace from base64 secrets before decoding

* Fix base64 decode of signing certificate in CI

Use 'printenv | openssl base64 -d -A' instead of 'printf | tr | base64 --decode'.
openssl's base64 decoder is more lenient with whitespace and padding,
fixing 'base64: stdin: (null): error decoding base64 input stream'.
Also adds validation that the decoded P12 is non-empty.

* Fix provisioning profile extension: use .provisionprofile for Mac Catalyst

Mac Catalyst/macOS provisioning profiles require .provisionprofile extension,
not .mobileprovision (which is for iOS). The wrong extension caused the build
to fail with 'provisioning profile could not be found'.

* Fix ApplicationId to match provisioning profile: com.microsoft.PolyPilot

Author: PureWeen

.github/workflows/build.yml

@@ -109,15 +109,19 @@ jobs:
           KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
           KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
 
-          # Install provisioning profile
+          # Install provisioning profile (.provisionprofile for Mac Catalyst/macOS)
           mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
-          echo "$APPLE_PROVISIONING_PROFILE" | base64 --decode > $RUNNER_TEMP/profile.mobileprovision
-          PROFILE_UUID=$(/usr/libexec/PlistBuddy -c "Print UUID" /dev/stdin <<< $(security cms -D -i $RUNNER_TEMP/profile.mobileprovision))
-          cp $RUNNER_TEMP/profile.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$PROFILE_UUID.mobileprovision
+          printenv APPLE_PROVISIONING_PROFILE | openssl base64 -d -A > $RUNNER_TEMP/profile.provisionprofile
+          PROFILE_UUID=$(/usr/libexec/PlistBuddy -c "Print UUID" /dev/stdin <<< $(security cms -D -i $RUNNER_TEMP/profile.provisionprofile))
+          cp $RUNNER_TEMP/profile.provisionprofile ~/Library/MobileDevice/Provisioning\ Profiles/$PROFILE_UUID.provisionprofile
           echo "Installed profile with UUID: $PROFILE_UUID"
 
           # Create keychain and import certificate
-          echo "$APPLE_CERTIFICATE_P12" | base64 --decode > $RUNNER_TEMP/certificate.p12
+          printenv APPLE_CERTIFICATE_P12 | openssl base64 -d -A > $RUNNER_TEMP/certificate.p12
+          if [ ! -s $RUNNER_TEMP/certificate.p12 ]; then
+            echo "::error::Failed to decode APPLE_CERTIFICATE_P12 — check that the secret is valid base64"
+            exit 1
+          fi
           security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
           security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
           security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
@@ -249,7 +253,7 @@ jobs:
         if: always()
         run: |
           security delete-keychain $RUNNER_TEMP/app-signing.keychain-db || true
-          rm -f $RUNNER_TEMP/certificate.p12 $RUNNER_TEMP/profile.mobileprovision || true
+          rm -f $RUNNER_TEMP/certificate.p12 $RUNNER_TEMP/profile.provisionprofile || true
 
   notarize-maccatalyst:
     name: Notarize Mac Catalyst App

PolyPilot/PolyPilot.csproj

@@ -33,7 +33,7 @@
         <ApplicationTitle>PolyPilot</ApplicationTitle>
 
         <!-- App Identifier -->
-        <ApplicationId>com.companyname.PolyPilot</ApplicationId>
+        <ApplicationId>com.microsoft.PolyPilot</ApplicationId>
 
         <!-- Versions -->
         <ApplicationDisplayVersion>1.0</ApplicationDisplayVersion>