When you use security unlock-keychain -p $PASSWORD $KEYCHAIN
the keychain will be unlocked, but, for only 5 minutes, due to an automatic relock. To keep the keychain unlocked permanently you need to use security set-keychain-settings $KEYCHAIN
.
For completeness of this answer, I would also recommend that you use security import $CERT -k $KEYCHAIN -P "$CERTPASSWORD" -T /usr/bin/codesign
to grant /usr/bin/codesign
access to your certificate.