add keychain option

cmd/gon/main.go

@@ -183,6 +183,7 @@ func realMain() int {
 			err = sign.Sign(context.Background(), &sign.Options{
 				Files:        cfg.Source,
 				Identity:     cfg.Sign.ApplicationIdentity,
+				Keychain:     cfg.Sign.Keychain,
 				Entitlements: cfg.Sign.EntitlementsFile,
 				Deep:         cfg.Sign.Deep,
 				Logger:       logger.Named("sign"),
@@ -233,6 +234,7 @@ func realMain() int {
 			err = sign.Sign(context.Background(), &sign.Options{
 				Files:    []string{cfg.Dmg.OutputPath},
 				Identity: cfg.Sign.ApplicationIdentity,
+				Keychain: cfg.Sign.Keychain,
 				Deep:     cfg.Sign.Deep,
 				Logger:   logger.Named("dmg"),
 			})

internal/config/config.go

@@ -68,6 +68,8 @@ type Sign struct {
 	// ApplicationIdentity is the ID or name of the certificate to
 	// use for signing binaries. This is used for all binaries in "source".
 	ApplicationIdentity string `hcl:"application_identity"`
+	// Specify a path or a name of the keychain to use.
+	Keychain string `hcl:"keychain,optional"`
 	// Specify a path to an entitlements file in plist format
 	EntitlementsFile string `hcl:"entitlements_file,optional"`
 	// Specific to request a --deep codesigning.

sign/sign.go

@@ -24,6 +24,9 @@ type Options struct {
 	// be in a variety of forms.
 	Identity string
 
+	// Keychain is an (optional) path or name of a keychain to use.
+	Keychain string
+
 	// Entitlements is an (optional) path to a plist format .entitlements file
 	Entitlements string
 
@@ -84,6 +87,10 @@ func Sign(ctx context.Context, opts *Options) error {
 		cmd.Args = append(cmd.Args, "--deep")
 	}
 
+	if opts.Keychain != "" {
+		cmd.Args = append(cmd.Args, "--keychain", opts.Keychain)
+	}
+
 	// Append the files that we want to sign
 	cmd.Args = append(cmd.Args, opts.Files...)