From b1618e9ce15593292f3d555fdf0ac81d16ec3941 Mon Sep 17 00:00:00 2001 From: Peng Xiao Date: Tue, 4 Apr 2023 05:39:25 +0800 Subject: [PATCH] build: MacOS code signing (#1795) Co-authored-by: Himself65 --- .github/workflows/release-desktop-app.yml | 20 ++++++++++++++++++++ apps/electron/forge.config.js | 10 ++++++++++ apps/electron/yarn.lock | 6 ++++++ 3 files changed, 36 insertions(+) diff --git a/.github/workflows/release-desktop-app.yml b/.github/workflows/release-desktop-app.yml index 79351b4d19e1..097e6a627511 100644 --- a/.github/workflows/release-desktop-app.yml +++ b/.github/workflows/release-desktop-app.yml @@ -98,9 +98,19 @@ jobs: - name: move octobase Binary run: cp ./packages/octobase-node/octobase.*.node ./apps/electron/dist/layers/main/ + - name: Signing By Apple Developer ID + uses: apple-actions/import-codesign-certs@v2 + with: + p12-file-base64: ${{ secrets.CERTIFICATES_P12 }} + p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }} + - name: make build run: yarn make-macos-x64 working-directory: apps/electron + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - name: Save x64 artifacts run: | @@ -151,9 +161,19 @@ jobs: - name: move octobase Binary run: cp ./packages/octobase-node/octobase.*.node ./apps/electron/dist/layers/main/ + - name: Signing By Apple Developer ID + uses: apple-actions/import-codesign-certs@v2 + with: + p12-file-base64: ${{ secrets.CERTIFICATES_P12 }} + p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }} + - name: make build run: yarn make-macos-arm64 working-directory: apps/electron + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - name: Save arm64 artifacts run: | diff --git a/apps/electron/forge.config.js b/apps/electron/forge.config.js index 955147f3b5af..c0d5c8742615 100644 --- a/apps/electron/forge.config.js +++ b/apps/electron/forge.config.js @@ -2,6 +2,16 @@ module.exports = { packagerConfig: { name: 'AFFiNE', icon: './resources/icons/icon.icns', + osxSign: { + identity: 'Developer ID Application: TOEVERYTHING PTE. LTD.', + 'hardened-runtime': true, + }, // object must exist even if empty + osxNotarize: { + tool: 'notarytool', + appleId: process.env.APPLE_ID, + appleIdPassword: process.env.APPLE_PASSWORD, + teamId: process.env.APPLE_TEAM_ID, + }, }, makers: [ { diff --git a/apps/electron/yarn.lock b/apps/electron/yarn.lock index a760d11c32d3..d3d7997b9f9a 100644 --- a/apps/electron/yarn.lock +++ b/apps/electron/yarn.lock @@ -5552,6 +5552,12 @@ __metadata: languageName: node linkType: hard +"@toeverything/hooks@workspace:../../packages/hooks": + version: 0.0.0-use.local + resolution: "@toeverything/hooks@workspace:../../packages/hooks" + languageName: unknown + linkType: soft + "@toeverything/y-indexeddb@workspace:*, @toeverything/y-indexeddb@workspace:../../packages/y-indexeddb": version: 0.0.0-use.local resolution: "@toeverything/y-indexeddb@workspace:../../packages/y-indexeddb"