From 9d440270b5ce02a28273488b87f9d0f061fcdca5 Mon Sep 17 00:00:00 2001
From: neil <neil@neils-MacBook-Pro.local>
Date: Thu, 2 Feb 2023 16:11:25 +0800
Subject: [PATCH] notarize .app

---
 .github/workflows/ci.yml                    | 123 ++++----------------
 modules/desktop/electron-builder.config.cjs |  56 ++++-----
 2 files changed, 52 insertions(+), 127 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d9363c1..eb32a0d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -135,10 +135,9 @@ jobs:
         CSC_LINK: ${{ secrets.GUI_APPLE_CERTIFICATE }}
         CSC_KEY_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
         CSC_NAME: ${{ secrets.APPLE_IDENTITY_NO_PREFIX }}
-        APPLE_ID: ${{ secrets.APPLE_ID }}
-        APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+        # APPLE_ID: ${{ secrets.APPLE_ID }}
+        # APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
     - run: mkdir -p target
-    - run: cp ./modules/desktop/dist/*.dmg ./target/tea.dmg
     - run: cp ./modules/desktop/dist/*.zip ./target/tea.zip
     - run: tar -czvf artifacts.tgz -C ./target/ .
     - name: upload artifacts
@@ -148,88 +147,27 @@ jobs:
         path: artifacts.tgz
         if-no-files-found: error
 
-  # notorize_tauri:
-  #   needs: [build_desktop]
-  #   runs-on: macos-11
-  #   strategy:
-  #     matrix:
-  #       platform:
-  #         - darwin+x86-64
-  #         - darwin+aarch64
-  #   steps:
-  #   - uses: actions/download-artifact@v3
-  #     with:
-  #       name: ${{ matrix.platform }}
+  notorize_tauri:
+    needs: [build_desktop]
+    # NOTE: atm notarization is only doable in gh macos-11 not in our self-hosted runner
+    runs-on: macos-11
+    strategy:
+      matrix:
+        platform:
+          - darwin+x86-64
+          - darwin+aarch64
+    steps:
+    - uses: actions/download-artifact@v3
+      with:
+        name: ${{ matrix.platform }}
 
-  #   - run: tar xzf artifacts.tgz
-
-  #   # Notarize. Can take up to 10 minutes (and fail) asynchronously
-  #   - run: xcrun altool --notarize-app --username "$APPLE_ID" --password "$APPLE_PASSWORD" --primary-bundle-id "xyz.tea.gui" --file ./tea.zip
-  #     env:
-  #       APPLE_ID: ${{ secrets.APPLE_ID }}
-  #       APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
-
-  # build_tauri:
-  #   needs: changes
-  #   if: false
-  #   runs-on: ${{ matrix.platform.os }}
-  #   strategy:
-  #     matrix:
-  #       platform:
-  #         - os: macos-11
-  #           name: darwin+x86-64
-  #         - os: ubuntu-latest
-  #           name: linux+x86-64
-  #         - os: [self-hosted, macOS, ARM64]
-  #           name: darwin+aarch64
-  #         # err: Package atk was not found in the pkg-config search path.
-  #         # requires atk >= 2.18
-  #         # - os: [self-hosted, linux, ARM64]
-  #         #   name: linux+aarch64
-  #   steps:
-  #   - uses: actions/checkout@v3
-  #   - uses: teaxyz/setup@v0
-  #     if: startsWith(matrix.platform.name, 'darwin')
-
-  #   - name: cache gui build
-  #     # TODO: cache issue in our self-hosted macos runner ESPIPE: invalid seek, read
-  #     # but its ok to ignore, its still the fastest builder
-  #     # NOTE: enabling cache in the self hosted runner slows down the pipeline by 4m because post-cache builder error ^
-  #     if: startsWith(matrix.platform.name, 'linux') || matrix.platform.name == 'darwin+x86-64'
-  #     uses: actions/cache@v3
-  #     with:
-  #       key: ${{matrix.platform.name}}-pnpm-cargo
-  #       path: |
-  #         ./pnpm
-  #         ./target
-  #   # - name: build tauri for Linux
-  #   #   uses: ./devops/linux-build
-  #   - name: build tauri for MacOS
-  #     if: startsWith(matrix.platform.name, 'darwin')
-  #     # FROM: https://tauri.app/v1/guides/distribution/sign-macos
-  #     env:
-  #       CARGO_TARGET_DIR: ${{ github.workspace }}/target
-  #       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  #       ENABLE_CODE_SIGNING: ${{ secrets.GUI_APPLE_CERTIFICATE }}
-  #       APPLE_CERTIFICATE: ${{ secrets.GUI_APPLE_CERTIFICATE }}
-  #       APPLE_CERTIFICATE_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
-  #       APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
-  #     run: tea -ES xc build
-
-  #   - name: build tauri for Linux
-  #     if: startsWith(matrix.platform.name, 'linux')
-  #     # TODO: https://tauri.app/v1/guides/distribution/sign-linux
-  #     uses: ./devops/linux-builder
-
-  #   - run: tar -czvf artifacts.tgz -C ./target/release/bundle .
-
-  #   - name: upload artifacts
-  #     uses: actions/upload-artifact@v3
-  #     with:
-  #       name: ${{ matrix.platform.name }}
-  #       path: artifacts.tgz
-  #       if-no-files-found: error
+    - run: tar xzf artifacts.tgz
 
+    # Notarize. Can take up to 10 minutes (and fail) asynchronously
+    - run: xcrun altool --notarize-app --username "$APPLE_ID" --password "$APPLE_PASSWORD" --primary-bundle-id "xyz.tea.gui" --file ./tea.zip
+      env:
+        APPLE_ID: ${{ secrets.APPLE_ID }}
+        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
 
   upload:
     needs: [build_desktop]
@@ -270,11 +208,11 @@ jobs:
             ;;
           "darwin+aarch64")
             BUILD_PLATFORM="aarch64"
-            EXTENSION="dmg"
+            EXTENSION="zip"
             ;;
           "darwin+x86-64")
             BUILD_PLATFORM="x64"
-            EXTENSION="dmg"
+            EXTENSION="zip"
             ;;
           *)
             echo "Unknown platform $platform"
@@ -300,14 +238,6 @@ jobs:
           "./tea.$extension" \
           "s3://preview.gui.tea.xyz/$prefix/tea_$platform.$extension"
 
-    - name: cp package zip for MacOS
-      if: startsWith(matrix.platform.name, 'darwin')
-      env:
-        prefix: ${{ needs.changes.outputs.preview_folder }}
-        platform: ${{ steps.build_platform.outputs.build_platform }}
-      run: |
-        aws s3 cp ./tea.zip "s3://preview.gui.tea.xyz/$prefix/tea_$platform.zip"
-
     - name: comment install for Linux
       if: startsWith(matrix.platform.name, 'linux')
       uses: mshick/add-pr-comment@v2
@@ -315,8 +245,6 @@ jobs:
         message-id: ${{ matrix.platform.id }}-comment
         message: |
           **installer for Linux ${{ matrix.platform.name }} is at**:
-          <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}}" target="_blank">here</a>
-
           ```bash
           http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
           ```
@@ -329,12 +257,7 @@ jobs:
         message-id: ${{ matrix.platform.id }}-comment
         message: |
           **installers for MacOS ${{ matrix.platform.name }} is at**:
-          <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.zip" target="_blank">.zip</a>
-          or
-          <a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.dmg" target="_blank">.dmg</a>
-
           ```bash
           http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.zip
-          http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.dmg
           ```
           copy-paste into a browser to download
\ No newline at end of file
diff --git a/modules/desktop/electron-builder.config.cjs b/modules/desktop/electron-builder.config.cjs
index 3afa9a6..2d1e317 100644
--- a/modules/desktop/electron-builder.config.cjs
+++ b/modules/desktop/electron-builder.config.cjs
@@ -1,6 +1,6 @@
-const { notarize } = require('@electron/notarize');
-const fs = require('fs');
-const path = require('path');
+// const { notarize } = require('@electron/notarize');
+// const fs = require('fs');
+// const path = require('path');
 
 module.exports = {
 	appId: 'xyz.tea.gui',
@@ -8,34 +8,36 @@ module.exports = {
 	asar: true,
 	directories: { output: 'dist' },
 	files: ['src/electron.cjs', { from: 'build', to: '' }],
-	afterSign: async (params) => {
-		if (process.platform !== 'darwin') {
-			return;
-		}
+	// TODO: if xcrun altool exists eventually in our self-hosted macos
+	// SOLUTION: is notarize separately in next pipeline step
+	// afterSign: async (params) => {
+	// 	if (process.platform !== 'darwin') {
+	// 		return;
+	// 	}
 
-		console.log('afterSign hook triggered', params);
+	// 	console.log('afterSign hook triggered', params);
 
-		const appBundleId = 'xyz.tea.gui';
+	// 	const appBundleId = 'xyz.tea.gui';
 
-		let appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
-		if (!fs.existsSync(appPath)) {
-			console.log('skip');
-			return;
-		}
+	// 	let appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
+	// 	if (!fs.existsSync(appPath)) {
+	// 		console.log('skip');
+	// 		return;
+	// 	}
 
-		console.log(`Notarizing ${appBundleId} found at ${appPath} with Apple ID ${process.env.APPLE_ID}`);
+	// 	console.log(`Notarizing ${appBundleId} found at ${appPath} with Apple ID ${process.env.APPLE_ID}`);
 
-		try {
-			await notarize({
-				appBundleId,
-				appPath,
-				appleId: process.env.APPLE_ID,
-				appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD
-			});
-		} catch (error) {
-			console.error(error);
-		}
+	// 	try {
+	// 		await notarize({
+	// 			appBundleId,
+	// 			appPath,
+	// 			appleId: process.env.APPLE_ID,
+	// 			appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD
+	// 		});
+	// 	} catch (error) {
+	// 		console.error(error);
+	// 	}
 
-		console.log(`Done notarizing ${appId}`);
-	}
+	// 	console.log(`Done notarizing ${appId}`);
+	// }
 };