feat(#20): sign macOS distributions

getezy · Sep 6, 2022 · 56bc991 · 56bc991
1 parent 8381370
commit 56bc991
Show file tree

Hide file tree

Showing 6 changed files with 678 additions and 17 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -39,12 +39,12 @@ jobs:
         with:
           node-version: 18.x
           cache: npm
-      # - name: Set MacOS signing certs
-      #   if: matrix.os == 'macOS-latest'
-      #   run: chmod +x tools/add-macos-cert.sh && ./tools/add-macos-cert.sh
-      #   env:
-      #     MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }}
-      #     MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }}
+      - name: Set MacOS signing certs
+        if: matrix.os == 'macOS-latest'
+        run: chmod +x scripts/add-osx-cert.sh && ./scripts/add-osx-cert.sh
+        env:
+          CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
+          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
       # - name: Set Windows signing certificate
       #   if: matrix.os == 'windows-latest'
       #   continue-on-error: true
@@ -60,8 +60,8 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         run: npm run make -- --arch=${{ matrix.arch }}
         env:
-          # APPLE_ID: ${{ secrets.APPLE_ID }}
-          # APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # WINDOWS_CODESIGN_FILE: ${{ steps.write_file.outputs.filePath }}
           # WINDOWS_CODESIGN_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_PASSWORD }}

diff --git a/forge.config.js b/forge.config.js
@@ -15,6 +15,8 @@ const config = {
     executableName: 'ezy',
     asar: true,
     icon: path.resolve(__dirname, 'assets', 'icons', 'icon'),
+    appBundleId: 'com.getezy.ezy',
+    appCategoryType: 'public.app-category.developer-tools',
   },
   makers: [
     {
@@ -30,7 +32,7 @@ const config = {
       }),
     },
     {
-      name: '@electron-forge/maker-zip',
+      name: '@electron-forge/maker-dmg',
       platforms: ['darwin'],
     },
     {
@@ -81,4 +83,36 @@ const config = {
   ],
 };
 
+function macOsSignAndNotarize() {
+  if (process.platform !== 'darwin') {
+    return;
+  }
+
+  if (!process.env.APPLE_ID || !process.env.APPLE_ID_PASSWORD) {
+    // eslint-disable-next-line no-console
+    console.warn(
+      'Should be signed and notarized, but environment variables APPLE_ID or APPLE_ID_PASSWORD are missing!'
+    );
+    return;
+  }
+
+  config.packagerConfig.osxSign = {
+    identity: 'Developer ID Application: Alexey Vasyukov (956U3Y3QV9)',
+    hardenedRuntime: true,
+    'gatekeeper-assess': false,
+    entitlements: 'static/entitlements.plist',
+    'entitlements-inherit': 'static/entitlements.plist',
+    'signature-flags': 'library',
+  };
+
+  config.packagerConfig.osxNotarize = {
+    appBundleId: 'com.getezy.ezy',
+    appleId: process.env.APPLE_ID,
+    appleIdPassword: process.env.APPLE_ID_PASSWORD,
+    ascProvider: '956U3Y3QV9',
+  };
+}
+
+macOsSignAndNotarize();
+
 module.exports = config;