Skip to content

Put CLI and container-core-images in a keychain access group.#1257

Open
jglogan wants to merge 1 commit intoapple:mainfrom
jglogan:signing-group
Open

Put CLI and container-core-images in a keychain access group.#1257
jglogan wants to merge 1 commit intoapple:mainfrom
jglogan:signing-group

Conversation

@jglogan
Copy link
Contributor

@jglogan jglogan commented Feb 23, 2026

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update

Motivation and Context

It's easy to forget to hit "Allow All" in the opt-in dialog, and logins using short-lived access tokens constantly trigger the dialog in any case.

Testing

  • Tested locally (will look into trying to do a notarized build locally but want to post the PR for now)
  • Added/updated tests
  • Added/updated docs

@jglogan
Put CLI and container-core-images in a keychain access group.
7a2c4a8 
- Closes apple#1253 (hopefully).
- Requires apple/containerization#553.
- We share a keychain between the CLI and the image helper,
  but the user needs to opt-in the image helper for access
  to entries created by the CLI. Since both apps are
  notarized with the same team ID, we should be able to use
  an access group to avoid this step for release builds.
@github-actions github-actions bot added the cli label Feb 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

cli

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Running container image push after container registry login requires keychain access

1 participant

@jglogan