ivabus/gui
1
0
Fork 0
mirror of https://github.com/ivabus/gui synced 2025-06-07 15:50:27 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

notarize .app

Browse source
This commit is contained in:
neil 2023-02-02 16:11:25 +08:00
parent 747eed4959
commit 9d440270b5
2 changed files with 52 additions and 127 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

123
.github/workflows/ci.yml vendored
View file

@ -135,10 +135,9 @@ jobs:
CSC_LINK: ${{ secrets.GUI_APPLE_CERTIFICATE }} CSC_LINK: ${{ secrets.GUI_APPLE_CERTIFICATE }}
CSC_KEY_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }} CSC_KEY_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
CSC_NAME: ${{ secrets.APPLE_IDENTITY_NO_PREFIX }} CSC_NAME: ${{ secrets.APPLE_IDENTITY_NO_PREFIX }}
APPLE_ID: ${{ secrets.APPLE_ID }} # APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_PASSWORD }} # APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
- run: mkdir -p target - run: mkdir -p target
- run: cp ./modules/desktop/dist/*.dmg ./target/tea.dmg
- run: cp ./modules/desktop/dist/*.zip ./target/tea.zip - run: cp ./modules/desktop/dist/*.zip ./target/tea.zip
- run: tar -czvf artifacts.tgz -C ./target/ . - run: tar -czvf artifacts.tgz -C ./target/ .
- name: upload artifacts - name: upload artifacts
@ -148,88 +147,27 @@ jobs:
path: artifacts.tgz path: artifacts.tgz
if-no-files-found: error if-no-files-found: error
# notorize_tauri: notorize_tauri:
# needs: [build_desktop] needs: [build_desktop]
# runs-on: macos-11 # NOTE: atm notarization is only doable in gh macos-11 not in our self-hosted runner
# strategy: runs-on: macos-11
# matrix: strategy:
# platform: matrix:
# - darwin+x86-64 platform:
# - darwin+aarch64 - darwin+x86-64
# steps: - darwin+aarch64
# - uses: actions/download-artifact@v3 steps:
# with: - uses: actions/download-artifact@v3
# name: ${{ matrix.platform }} with:
name: ${{ matrix.platform }}
# - run: tar xzf artifacts.tgz - run: tar xzf artifacts.tgz
# # Notarize. Can take up to 10 minutes (and fail) asynchronously
# - run: xcrun altool --notarize-app --username "$APPLE_ID" --password "$APPLE_PASSWORD" --primary-bundle-id "xyz.tea.gui" --file ./tea.zip
# env:
# APPLE_ID: ${{ secrets.APPLE_ID }}
# APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
# build_tauri:
# needs: changes
# if: false
# runs-on: ${{ matrix.platform.os }}
# strategy:
# matrix:
# platform:
# - os: macos-11
# name: darwin+x86-64
# - os: ubuntu-latest
# name: linux+x86-64
# - os: [self-hosted, macOS, ARM64]
# name: darwin+aarch64
# # err: Package atk was not found in the pkg-config search path.
# # requires atk >= 2.18
# # - os: [self-hosted, linux, ARM64]
# # name: linux+aarch64
# steps:
# - uses: actions/checkout@v3
# - uses: teaxyz/setup@v0
# if: startsWith(matrix.platform.name, 'darwin')
# - name: cache gui build
# # TODO: cache issue in our self-hosted macos runner ESPIPE: invalid seek, read
# # but its ok to ignore, its still the fastest builder
# # NOTE: enabling cache in the self hosted runner slows down the pipeline by 4m because post-cache builder error ^
# if: startsWith(matrix.platform.name, 'linux') || matrix.platform.name == 'darwin+x86-64'
# uses: actions/cache@v3
# with:
# key: ${{matrix.platform.name}}-pnpm-cargo
# path: |
# ./pnpm
# ./target
# # - name: build tauri for Linux
# # uses: ./devops/linux-build
# - name: build tauri for MacOS
# if: startsWith(matrix.platform.name, 'darwin')
# # FROM: https://tauri.app/v1/guides/distribution/sign-macos
# env:
# CARGO_TARGET_DIR: ${{ github.workspace }}/target
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ENABLE_CODE_SIGNING: ${{ secrets.GUI_APPLE_CERTIFICATE }}
# APPLE_CERTIFICATE: ${{ secrets.GUI_APPLE_CERTIFICATE }}
# APPLE_CERTIFICATE_PASSWORD: ${{ secrets.GUI_APPLE_CERTIFICATE_PASSWORD }}
# APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
# run: tea -ES xc build
# - name: build tauri for Linux
# if: startsWith(matrix.platform.name, 'linux')
# # TODO: https://tauri.app/v1/guides/distribution/sign-linux
# uses: ./devops/linux-builder
# - run: tar -czvf artifacts.tgz -C ./target/release/bundle .
# - name: upload artifacts
# uses: actions/upload-artifact@v3
# with:
# name: ${{ matrix.platform.name }}
# path: artifacts.tgz
# if-no-files-found: error
# Notarize. Can take up to 10 minutes (and fail) asynchronously
- run: xcrun altool --notarize-app --username "$APPLE_ID" --password "$APPLE_PASSWORD" --primary-bundle-id "xyz.tea.gui" --file ./tea.zip
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
upload: upload:
needs: [build_desktop] needs: [build_desktop]
@ -270,11 +208,11 @@ jobs:
;; ;;
"darwin+aarch64") "darwin+aarch64")
BUILD_PLATFORM="aarch64" BUILD_PLATFORM="aarch64"
EXTENSION="dmg" EXTENSION="zip"
;; ;;
"darwin+x86-64") "darwin+x86-64")
BUILD_PLATFORM="x64" BUILD_PLATFORM="x64"
EXTENSION="dmg" EXTENSION="zip"
;; ;;
*) *)
echo "Unknown platform $platform" echo "Unknown platform $platform"
@ -300,14 +238,6 @@ jobs:
"./tea.$extension" \ "./tea.$extension" \
"s3://preview.gui.tea.xyz/$prefix/tea_$platform.$extension" "s3://preview.gui.tea.xyz/$prefix/tea_$platform.$extension"
- name: cp package zip for MacOS
if: startsWith(matrix.platform.name, 'darwin')
env:
prefix: ${{ needs.changes.outputs.preview_folder }}
platform: ${{ steps.build_platform.outputs.build_platform }}
run: |
aws s3 cp ./tea.zip "s3://preview.gui.tea.xyz/$prefix/tea_$platform.zip"
- name: comment install for Linux - name: comment install for Linux
if: startsWith(matrix.platform.name, 'linux') if: startsWith(matrix.platform.name, 'linux')
uses: mshick/add-pr-comment@v2 uses: mshick/add-pr-comment@v2
@ -315,8 +245,6 @@ jobs:
message-id: ${{ matrix.platform.id }}-comment message-id: ${{ matrix.platform.id }}-comment
message: | message: |
**installer for Linux ${{ matrix.platform.name }} is at**: **installer for Linux ${{ matrix.platform.name }} is at**:
<a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.${{steps.build_platform.outputs.extension}}" target="_blank">here</a>
```bash ```bash
http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }} http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.${{ steps.build_platform.outputs.extension }}
``` ```
@ -329,12 +257,7 @@ jobs:
message-id: ${{ matrix.platform.id }}-comment message-id: ${{ matrix.platform.id }}-comment
message: | message: |
**installers for MacOS ${{ matrix.platform.name }} is at**: **installers for MacOS ${{ matrix.platform.name }} is at**:
<a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.zip" target="_blank">.zip</a>
or
<a href="http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{steps.build_platform.outputs.build_platform}}.dmg" target="_blank">.dmg</a>
```bash ```bash
http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.zip http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.zip
http://preview.gui.tea.xyz.s3-website-us-east-1.amazonaws.com/${{ needs.changes.outputs.preview_folder }}/tea_${{ steps.build_platform.outputs.build_platform }}.dmg
``` ```
copy-paste into a browser to download copy-paste into a browser to download

56
modules/desktop/electron-builder.config.cjs
View file

@ -1,6 +1,6 @@
const { notarize } = require('@electron/notarize'); // const { notarize } = require('@electron/notarize');
const fs = require('fs'); // const fs = require('fs');
const path = require('path'); // const path = require('path');
module.exports = { module.exports = {
appId: 'xyz.tea.gui', appId: 'xyz.tea.gui',
@ -8,34 +8,36 @@ module.exports = {
asar: true, asar: true,
directories: { output: 'dist' }, directories: { output: 'dist' },
files: ['src/electron.cjs', { from: 'build', to: '' }], files: ['src/electron.cjs', { from: 'build', to: '' }],
afterSign: async (params) => { // TODO: if xcrun altool exists eventually in our self-hosted macos
if (process.platform !== 'darwin') { // SOLUTION: is notarize separately in next pipeline step
return; // afterSign: async (params) => {
} // if (process.platform !== 'darwin') {
// return;
// }
console.log('afterSign hook triggered', params); // console.log('afterSign hook triggered', params);
const appBundleId = 'xyz.tea.gui'; // const appBundleId = 'xyz.tea.gui';
let appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`); // let appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
if (!fs.existsSync(appPath)) { // if (!fs.existsSync(appPath)) {
console.log('skip'); // console.log('skip');
return; // return;
} // }
console.log(`Notarizing ${appBundleId} found at ${appPath} with Apple ID ${process.env.APPLE_ID}`); // console.log(`Notarizing ${appBundleId} found at ${appPath} with Apple ID ${process.env.APPLE_ID}`);
try { // try {
await notarize({ // await notarize({
appBundleId, // appBundleId,
appPath, // appPath,
appleId: process.env.APPLE_ID, // appleId: process.env.APPLE_ID,
appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD // appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD
}); // });
} catch (error) { // } catch (error) {
console.error(error); // console.error(error);
} // }
console.log(`Done notarizing ${appId}`); // console.log(`Done notarizing ${appId}`);
} // }
}; };