diff --git a/.github/workflows/gh-release.yaml b/.github/workflows/gh-release.yaml
index 90bfe914..da0ad07a 100644
--- a/.github/workflows/gh-release.yaml
+++ b/.github/workflows/gh-release.yaml
@@ -41,10 +41,14 @@ jobs:
           tar -xf ./preevy-bin/preevy-${{ matrix.platform }}-${{ matrix.arch }}.tar
           codesign --remove-signature ./preevy
           echo $CERT_DATA | base64 --decode > certificate.p12
-          security create-keychain -p temp temp.keychain
-          security import certificate.p12 -k temp.keychain -P $CERT_PASS -T /usr/bin/codesign
-          codesign --keychain temp.keychain --sign $CERT_CN ./preevy
-          security delete-keychain temp.keychain
+          security import certificate.p12 -k ~/Library/Keychains/build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign
+          security create-keychain -p actions build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p actions build.keychain
+          security set-keychain-settings -t 3600 -l ~/Library/Keychains/build.keychain
+          security find-identity -v
+          codesign --keychain build.keychain --sign $CERT_CN ./preevy
+          security delete-keychain build.keychain
           rm certificate.p12
           tar -cf ./preevy-bin/preevy-${{ matrix.platform }}-${{ matrix.arch }}.tar ./preevy