mirror of
https://github.com/enso-org/enso.git
synced 2025-01-09 03:57:54 +03:00
Use the new notarization tool from Apple (#8192)
This commit is contained in:
parent
b5d6628c57
commit
a9118ee0c3
2
.github/workflows/gui.yml
vendored
2
.github/workflows/gui.yml
vendored
@ -821,6 +821,7 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
||||||
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
||||||
|
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
|
||||||
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
||||||
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
||||||
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
||||||
@ -1008,6 +1009,7 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
||||||
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
||||||
|
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
|
||||||
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
||||||
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
||||||
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
||||||
|
14
.github/workflows/release.yml
vendored
14
.github/workflows/release.yml
vendored
@ -628,6 +628,7 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
||||||
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
||||||
|
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
|
||||||
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
||||||
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
||||||
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
||||||
@ -725,7 +726,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- if: startsWith(runner.name, 'GitHub Actions') || startsWith(runner.name, 'Hosted Agent')
|
- if: startsWith(runner.name, 'GitHub Actions') || startsWith(runner.name, 'Hosted Agent')
|
||||||
name: Setup conda (GH runners only)
|
name: Setup conda (GH runners only)
|
||||||
uses: s-weigand/setup-conda@v1.0.6
|
uses: s-weigand/setup-conda@v1.2.1
|
||||||
with:
|
with:
|
||||||
update-conda: false
|
update-conda: false
|
||||||
conda-channels: anaconda, conda-forge
|
conda-channels: anaconda, conda-forge
|
||||||
@ -747,7 +748,7 @@ jobs:
|
|||||||
run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :"
|
run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :"
|
||||||
shell: bash
|
shell: bash
|
||||||
- name: Checking out the repository
|
- name: Checking out the repository
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
clean: false
|
clean: false
|
||||||
submodules: recursive
|
submodules: recursive
|
||||||
@ -787,7 +788,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- if: startsWith(runner.name, 'GitHub Actions') || startsWith(runner.name, 'Hosted Agent')
|
- if: startsWith(runner.name, 'GitHub Actions') || startsWith(runner.name, 'Hosted Agent')
|
||||||
name: Setup conda (GH runners only)
|
name: Setup conda (GH runners only)
|
||||||
uses: s-weigand/setup-conda@v1.0.6
|
uses: s-weigand/setup-conda@v1.2.1
|
||||||
with:
|
with:
|
||||||
update-conda: false
|
update-conda: false
|
||||||
conda-channels: anaconda, conda-forge
|
conda-channels: anaconda, conda-forge
|
||||||
@ -809,7 +810,7 @@ jobs:
|
|||||||
run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :"
|
run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :"
|
||||||
shell: bash
|
shell: bash
|
||||||
- name: Checking out the repository
|
- name: Checking out the repository
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
clean: false
|
clean: false
|
||||||
submodules: recursive
|
submodules: recursive
|
||||||
@ -826,6 +827,7 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
APPLEID: ${{ secrets.APPLE_NOTARIZATION_USERNAME }}
|
||||||
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
APPLEIDPASS: ${{ secrets.APPLE_NOTARIZATION_PASSWORD }}
|
||||||
|
APPLETEAMID: ${{ secrets.APPLE_NOTARIZATION_TEAM_ID }}
|
||||||
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
CSC_IDENTITY_AUTO_DISCOVERY: "true"
|
||||||
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
CSC_KEY_PASSWORD: ${{ secrets.APPLE_CODE_SIGNING_CERT_PASSWORD }}
|
||||||
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
CSC_LINK: ${{ secrets.APPLE_CODE_SIGNING_CERT }}
|
||||||
@ -856,7 +858,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- if: startsWith(runner.name, 'GitHub Actions') || startsWith(runner.name, 'Hosted Agent')
|
- if: startsWith(runner.name, 'GitHub Actions') || startsWith(runner.name, 'Hosted Agent')
|
||||||
name: Setup conda (GH runners only)
|
name: Setup conda (GH runners only)
|
||||||
uses: s-weigand/setup-conda@v1.0.6
|
uses: s-weigand/setup-conda@v1.2.1
|
||||||
with:
|
with:
|
||||||
update-conda: false
|
update-conda: false
|
||||||
conda-channels: anaconda, conda-forge
|
conda-channels: anaconda, conda-forge
|
||||||
@ -878,7 +880,7 @@ jobs:
|
|||||||
run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :"
|
run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :"
|
||||||
shell: bash
|
shell: bash
|
||||||
- name: Checking out the repository
|
- name: Checking out the repository
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
clean: false
|
clean: false
|
||||||
submodules: recursive
|
submodules: recursive
|
||||||
|
@ -10,7 +10,7 @@ import * as childProcess from 'node:child_process'
|
|||||||
import * as fs from 'node:fs/promises'
|
import * as fs from 'node:fs/promises'
|
||||||
|
|
||||||
import * as electronBuilder from 'electron-builder'
|
import * as electronBuilder from 'electron-builder'
|
||||||
import * as electronNotarize from 'electron-notarize'
|
import * as electronNotarize from '@electron/notarize'
|
||||||
import type * as macOptions from 'app-builder-lib/out/options/macOptions'
|
import type * as macOptions from 'app-builder-lib/out/options/macOptions'
|
||||||
import yargs from 'yargs'
|
import yargs from 'yargs'
|
||||||
|
|
||||||
@ -230,8 +230,6 @@ export function createElectronBuilderConfig(passedArgs: Arguments): electronBuil
|
|||||||
) {
|
) {
|
||||||
const {
|
const {
|
||||||
packager: {
|
packager: {
|
||||||
// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
|
|
||||||
platformSpecificBuildOptions: buildOptions,
|
|
||||||
appInfo: { productFilename: appName },
|
appInfo: { productFilename: appName },
|
||||||
config: { mac: macConfig },
|
config: { mac: macConfig },
|
||||||
},
|
},
|
||||||
@ -250,20 +248,17 @@ export function createElectronBuilderConfig(passedArgs: Arguments): electronBuil
|
|||||||
})
|
})
|
||||||
|
|
||||||
console.log(' • Notarizing.')
|
console.log(' • Notarizing.')
|
||||||
// The type-cast is safe because this is only executes
|
|
||||||
// when `platform === electronBuilder.Platform.MAC`.
|
|
||||||
// eslint-disable-next-line no-restricted-syntax
|
|
||||||
const macBuildOptions = buildOptions as macOptions.MacConfiguration
|
|
||||||
await electronNotarize.notarize({
|
await electronNotarize.notarize({
|
||||||
// This will always be defined since we set it at the top of this object.
|
tool: 'notarytool',
|
||||||
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
||||||
appBundleId: macBuildOptions.appId!,
|
|
||||||
appPath: `${appOutDir}/${appName}.app`,
|
appPath: `${appOutDir}/${appName}.app`,
|
||||||
// It is a mistake for either of these to be undefined.
|
// It is a mistake for either of these to be undefined.
|
||||||
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
||||||
appleId: process.env.APPLEID!,
|
appleId: process.env.APPLEID!,
|
||||||
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
||||||
appleIdPassword: process.env.APPLEIDPASS!,
|
appleIdPassword: process.env.APPLEIDPASS!,
|
||||||
|
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
||||||
|
teamId: process.env.APPLETEAMID!,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
"crypto-js": "4.1.1",
|
"crypto-js": "4.1.1",
|
||||||
"electron": "25.7.0",
|
"electron": "25.7.0",
|
||||||
"electron-builder": "^22.14.13",
|
"electron-builder": "^22.14.13",
|
||||||
"electron-notarize": "1.2.2",
|
"@electron/notarize": "2.1.0",
|
||||||
"enso-common": "^1.0.0",
|
"enso-common": "^1.0.0",
|
||||||
"esbuild": "^0.19.3",
|
"esbuild": "^0.19.3",
|
||||||
"fast-glob": "^3.2.12",
|
"fast-glob": "^3.2.12",
|
||||||
|
1
app/ide-desktop/lib/types/globals.d.ts
vendored
1
app/ide-desktop/lib/types/globals.d.ts
vendored
@ -81,6 +81,7 @@ declare global {
|
|||||||
/* eslint-disable @typescript-eslint/naming-convention */
|
/* eslint-disable @typescript-eslint/naming-convention */
|
||||||
APPLEID?: string
|
APPLEID?: string
|
||||||
APPLEIDPASS?: string
|
APPLEIDPASS?: string
|
||||||
|
APPLETEAMID?: string
|
||||||
/* eslint-enable @typescript-eslint/naming-convention */
|
/* eslint-enable @typescript-eslint/naming-convention */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -94,6 +94,7 @@ pub mod secret {
|
|||||||
pub const APPLE_CODE_SIGNING_CERT_PASSWORD: &str = "APPLE_CODE_SIGNING_CERT_PASSWORD";
|
pub const APPLE_CODE_SIGNING_CERT_PASSWORD: &str = "APPLE_CODE_SIGNING_CERT_PASSWORD";
|
||||||
pub const APPLE_NOTARIZATION_USERNAME: &str = "APPLE_NOTARIZATION_USERNAME";
|
pub const APPLE_NOTARIZATION_USERNAME: &str = "APPLE_NOTARIZATION_USERNAME";
|
||||||
pub const APPLE_NOTARIZATION_PASSWORD: &str = "APPLE_NOTARIZATION_PASSWORD";
|
pub const APPLE_NOTARIZATION_PASSWORD: &str = "APPLE_NOTARIZATION_PASSWORD";
|
||||||
|
pub const APPLE_NOTARIZATION_TEAM_ID: &str = "APPLE_NOTARIZATION_TEAM_ID";
|
||||||
|
|
||||||
// === Windows Code Signing ===
|
// === Windows Code Signing ===
|
||||||
/// Name of the GitHub Actions secret that stores path to the Windows code signing certificate
|
/// Name of the GitHub Actions secret that stores path to the Windows code signing certificate
|
||||||
|
@ -232,6 +232,10 @@ pub fn expose_os_specific_signing_secret(os: OS, step: Step) -> Step {
|
|||||||
secret::APPLE_NOTARIZATION_PASSWORD,
|
secret::APPLE_NOTARIZATION_PASSWORD,
|
||||||
&crate::ide::web::env::APPLEIDPASS,
|
&crate::ide::web::env::APPLEIDPASS,
|
||||||
)
|
)
|
||||||
|
.with_secret_exposed_as(
|
||||||
|
secret::APPLE_NOTARIZATION_TEAM_ID,
|
||||||
|
&crate::ide::web::env::APPLETEAMID,
|
||||||
|
)
|
||||||
.with_env(&crate::ide::web::env::CSC_IDENTITY_AUTO_DISCOVERY, "true"),
|
.with_env(&crate::ide::web::env::CSC_IDENTITY_AUTO_DISCOVERY, "true"),
|
||||||
_ => step,
|
_ => step,
|
||||||
}
|
}
|
||||||
|
@ -85,6 +85,9 @@ pub mod env {
|
|||||||
/// https://support.apple.com/HT204397
|
/// https://support.apple.com/HT204397
|
||||||
APPLEIDPASS, String;
|
APPLEIDPASS, String;
|
||||||
|
|
||||||
|
/// Apple Team ID.
|
||||||
|
APPLETEAMID, String;
|
||||||
|
|
||||||
/// `true` or `false`. Defaults to `true` — on a macOS development machine valid and
|
/// `true` or `false`. Defaults to `true` — on a macOS development machine valid and
|
||||||
/// appropriate identity from your keychain will be automatically used.
|
/// appropriate identity from your keychain will be automatically used.
|
||||||
CSC_IDENTITY_AUTO_DISCOVERY, bool;
|
CSC_IDENTITY_AUTO_DISCOVERY, bool;
|
||||||
|
56
package-lock.json
generated
56
package-lock.json
generated
@ -146,10 +146,10 @@
|
|||||||
"yargs": "17.6.2"
|
"yargs": "17.6.2"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
|
"@electron/notarize": "2.1.0",
|
||||||
"crypto-js": "4.1.1",
|
"crypto-js": "4.1.1",
|
||||||
"electron": "25.7.0",
|
"electron": "25.7.0",
|
||||||
"electron-builder": "^22.14.13",
|
"electron-builder": "^22.14.13",
|
||||||
"electron-notarize": "1.2.2",
|
|
||||||
"enso-common": "^1.0.0",
|
"enso-common": "^1.0.0",
|
||||||
"esbuild": "^0.19.3",
|
"esbuild": "^0.19.3",
|
||||||
"fast-glob": "^3.2.12",
|
"fast-glob": "^3.2.12",
|
||||||
@ -1753,6 +1753,20 @@
|
|||||||
"node": ">= 4.0.0"
|
"node": ">= 4.0.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/@electron/notarize": {
|
||||||
|
"version": "2.1.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/@electron/notarize/-/notarize-2.1.0.tgz",
|
||||||
|
"integrity": "sha512-Q02xem1D0sg4v437xHgmBLxI2iz/fc0D4K7fiVWHa/AnW8o7D751xyKNXgziA6HrTOme9ul1JfWN5ark8WH1xA==",
|
||||||
|
"dev": true,
|
||||||
|
"dependencies": {
|
||||||
|
"debug": "^4.1.1",
|
||||||
|
"fs-extra": "^9.0.1",
|
||||||
|
"promise-retry": "^2.0.1"
|
||||||
|
},
|
||||||
|
"engines": {
|
||||||
|
"node": ">= 10.0.0"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/@electron/universal": {
|
"node_modules/@electron/universal": {
|
||||||
"version": "1.0.5",
|
"version": "1.0.5",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
@ -7543,18 +7557,6 @@
|
|||||||
"url": "https://github.com/sponsors/sindresorhus"
|
"url": "https://github.com/sponsors/sindresorhus"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/electron-notarize": {
|
|
||||||
"version": "1.2.2",
|
|
||||||
"dev": true,
|
|
||||||
"license": "MIT",
|
|
||||||
"dependencies": {
|
|
||||||
"debug": "^4.1.1",
|
|
||||||
"fs-extra": "^9.0.1"
|
|
||||||
},
|
|
||||||
"engines": {
|
|
||||||
"node": ">= 10.0.0"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"node_modules/electron-osx-sign": {
|
"node_modules/electron-osx-sign": {
|
||||||
"version": "0.5.0",
|
"version": "0.5.0",
|
||||||
"dev": true,
|
"dev": true,
|
||||||
@ -7803,6 +7805,12 @@
|
|||||||
"node": ">=6"
|
"node": ">=6"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/err-code": {
|
||||||
|
"version": "2.0.3",
|
||||||
|
"resolved": "https://registry.npmjs.org/err-code/-/err-code-2.0.3.tgz",
|
||||||
|
"integrity": "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==",
|
||||||
|
"dev": true
|
||||||
|
},
|
||||||
"node_modules/errno": {
|
"node_modules/errno": {
|
||||||
"version": "0.1.8",
|
"version": "0.1.8",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
@ -13126,6 +13134,19 @@
|
|||||||
"node": ">=0.4.0"
|
"node": ">=0.4.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/promise-retry": {
|
||||||
|
"version": "2.0.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz",
|
||||||
|
"integrity": "sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g==",
|
||||||
|
"dev": true,
|
||||||
|
"dependencies": {
|
||||||
|
"err-code": "^2.0.2",
|
||||||
|
"retry": "^0.12.0"
|
||||||
|
},
|
||||||
|
"engines": {
|
||||||
|
"node": ">=10"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/prop-types": {
|
"node_modules/prop-types": {
|
||||||
"version": "15.8.1",
|
"version": "15.8.1",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
@ -13682,6 +13703,15 @@
|
|||||||
"node": ">=0.12"
|
"node": ">=0.12"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"node_modules/retry": {
|
||||||
|
"version": "0.12.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz",
|
||||||
|
"integrity": "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow==",
|
||||||
|
"dev": true,
|
||||||
|
"engines": {
|
||||||
|
"node": ">= 4"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/reusify": {
|
"node_modules/reusify": {
|
||||||
"version": "1.0.4",
|
"version": "1.0.4",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
|
Loading…
Reference in New Issue
Block a user