diff --git a/.github/workflows/desktop-builds.yml b/.github/workflows/desktop-builds.yml index 44b0af0e3..3ff03183d 100644 --- a/.github/workflows/desktop-builds.yml +++ b/.github/workflows/desktop-builds.yml @@ -29,13 +29,39 @@ jobs: with: node-version: 18 cache: yarn + architecture: ${{ matrix.architecture }} - name: Install dependencies run: yarn install --frozen-lockfile + - name: Build Electron Web bundle + working-directory: apps/desktop-app + run: yarn build + - name: Set MacOS signing certs + if: matrix.os == 'macOS-latest' + env: + MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }} + MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }} + MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} + run: | + echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 + security create-keychain -p $MACOS_KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $MACOS_KEYCHAIN_PASSWORD build.keychain + security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PASSWORD -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple: -s -k $MACOS_KEYCHAIN_PASSWORD build.keychain + rm -fr *.p12 + security set-keychain-settings -lut 1200 # prevent the keychain to get locked before codesign is done - name: Build, package & make + env: + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} working-directory: apps/desktop-app - run: yarn package --arch=${{ matrix.arch }} + timeout-minutes: 10 + run: yarn make --arch=${{ matrix.arch }} - name: Upload artifacts uses: actions/upload-artifact@v3 with: name: ${{ matrix.os }} - path: apps/desktop-app/out/**/* + # apps/desktop-app/out/ contains also the packaged app in case you need to debug it before make + # By default we only upload the bundled one to reduce the upload time + path: apps/desktop-app/out/make/**/* diff --git a/apps/desktop-app/forge.config.js b/apps/desktop-app/forge.config.js index 1782be217..5111f6920 100644 --- a/apps/desktop-app/forge.config.js +++ b/apps/desktop-app/forge.config.js @@ -1,10 +1,41 @@ const path = require("path"); +const fs = require("fs"); module.exports = { + name: "Serenity", + appBundleId: "re.serenity.desktop-app", + // asar: true, packagerConfig: { + executableName: "serenity-desktop-app", icon: path.resolve(__dirname, "icons", "icon"), + osxSign: { + // "hardened-runtime": true, + // "gatekeeper-assess": false, + }, + osxNotarize: { + tool: "notarytool", + appleId: process.env.APPLE_ID, + appleIdPassword: process.env.APPLE_ID_PASSWORD, + teamId: process.env.APPLE_TEAM_ID, + }, }, rebuildConfig: {}, + hooks: { + packageAfterPrune: async (forgeConfig, buildPath) => { + const sqliteBuildPath = path.join( + buildPath, + "node_modules", + "sqlite3", + "build" + ); + // console.log("Sqlite BuildPath: ", sqliteBuildPath); + // needs to be deleted otherwise macos codesign will fail + fs.rmSync(sqliteBuildPath, { + recursive: true, + force: true, + }); + }, + }, makers: [ { name: "@electron-forge/maker-squirrel", diff --git a/apps/desktop-app/package.json b/apps/desktop-app/package.json index 1f506da62..4c662d3e1 100644 --- a/apps/desktop-app/package.json +++ b/apps/desktop-app/package.json @@ -1,17 +1,16 @@ { "name": "serenity-desktop-app", + "license": "AGPL-3.0-only", "productName": "Serenity", - "executableName": "serenity", "version": "0.0.1", "description": "End-to-end encrypted workspaces for teams", "main": "src/index.ts", "scripts": { - "build-electron-web": "cd ../app && yarn build:electron-web && cd -", + "build": "cd ../app && yarn build:electron-web && cd -", "dev": "yarn && NODE_ENV=\"development\" electron-forge start", - "package": "yarn build-electron-web && electron-forge package", - "package:only": "electron-forge package", + "package": "DEBUG=electron-osx-sign* electron-forge package", "make": "electron-forge make", - "publish": "electron-forge publish", + "publish-app": "electron-forge publish", "lint": "eslint --ext .tsx --ext .ts ./", "test": "echo 'Nothing to test'", "ts:check": "yarn tsc --noEmit"