Skip to content

Commit

Permalink
feat(sltt-app): sign and notarize macos application (#28)
Browse files Browse the repository at this point in the history
What issue(s) is this trying to resolve?
* feat(sltt-app): Sign and notarize Mac application #9

How does it all work?
* In order for a Mac application to be successfully installed, the app
installer must be signed (with a certificate) and notarized (uploaded to
Apple to be scanned for viruses, etc.).

What particularly has changed?
* Description of procedure
[HERE](https://docs.google.com/document/d/1Qk-bz-uRPBThCXs2rRfNnr4QIxsC3yNlM_e7eMjGGHs/edit?usp=sharing)
* Signing certificate created
* .env file with notarization credentials created
* package.json "build" object updated with Mac build config

Steps for testing
1. yarn build:mac
2. Copy newly created .dmg file to another mac
3. Launch dmg file, drag application icon to Applications folder, launch
application, smoke test.


ticket: #9
commit-convention: https://www.conventionalcommits.org/en/v1.0.0/

---------

Co-authored-by: Eric Pyle <[email protected]>
  • Loading branch information
Nathan22Miles and ericpyle authored Aug 26, 2024
1 parent adb1584 commit 48a688a
Show file tree
Hide file tree
Showing 6 changed files with 50 additions and 24 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,5 @@ node_modules
dist
out
*.log*
.env
.DS_Store
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -152,3 +152,7 @@ vite v4.3.3 building for production...
[====================] 100% 0.0s | sltt-app-Setup-1.0.6.exe to github
Done in 55.90s.
```
# Building Releases for Mac
Discussion of process [HERE](https://docs.google.com/document/d/1Qk-bz-uRPBThCXs2rRfNnr4QIxsC3yNlM_e7eMjGGHs/edit?usp=sharing)
2 changes: 2 additions & 0 deletions build/entitlements.mac.plist
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,7 @@
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
</dict>
</plist>
48 changes: 24 additions & 24 deletions build/notarize.js
Original file line number Diff line number Diff line change
@@ -1,36 +1,36 @@
const { notarize } = require('@electron/notarize')

module.exports = async (context) => {
if (process.platform !== 'darwin') return
console.log('afterSign hook triggered')

console.log('aftersign hook triggered, start to notarize app.')
require('dotenv').config()

if (!process.env.CI) {
console.log(`skipping notarizing, not in CI.`)
return
}
const { notarize } = require('@electron/notarize')

if (!('APPLE_ID' in process.env && 'APPLE_ID_PASS' in process.env)) {
console.warn('skipping notarizing, APPLE_ID and APPLE_ID_PASS env variables must be set.')
exports.default = async function notarizing(context) {
const { electronPlatformName, appOutDir } = context
if (electronPlatformName !== 'darwin') {
return
}

const appId = 'net.sltt-bible.app'

const { appOutDir } = context
console.log('notarizing...')

const appName = context.packager.appInfo.productFilename

try {
await notarize({
appBundleId: appId,
appPath: `${appOutDir}/${appName}.app`,
appleId: process.env.APPLE_ID,
appleIdPassword: process.env.APPLEIDPASS
})
} catch (error) {
console.error(error)
// Get appleId and appleIdPassword from environment variables.
// These values are in the .env file.
// appleId: email address you use to login to App Store Connect
// appleIdPassword: app-specific password generated by appleid.apple.com
const { appleId, appleIdPassword, teamId } = process.env

if (!appleId || !appleIdPassword || !teamId) {
console.error('Missing Apple ID or Apple ID password or Team ID')
return
}

console.log(`done notarizing ${appId}.`)
return await notarize({
appBundleId: 'net.sltt-bible.app',
appPath: `${appOutDir}/${appName}.app`,
appleId,
appleIdPassword,
tool: 'notarytool',
teamId,
})
}
4 changes: 4 additions & 0 deletions electron-builder.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,11 @@ nsis:
uninstallDisplayName: ${productName}
createDesktopShortcut: always
mac:
category: "public.app-category.business"
entitlements: build/entitlements.mac.plist
entitlementsInherit: build/entitlements.mac.plist
hardenedRuntime: true
gatekeeperAssess: false
extendInfo:
- NSCameraUsageDescription: Application requests access to the device's camera.
- NSMicrophoneUsageDescription: Application requests access to the device's microphone.
Expand Down
14 changes: 14 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,26 @@
"build:win:prerelease": "npm run build && electron-builder --win --config --publish onTagOrDraft --prerelease",
"build:win:draft": "npm run build && electron-builder --win --config --publish onTagOrDraft",
"build:win:release": "npm run build && cross-env GH_TOKEN=%SLTT_APP_PAT% electron-builder --win --config --publish always",
"build:mac:norelease": "electron-vite build && electron-builder --mac --config --publish never",
"build:mac": "electron-vite build && electron-builder --mac --config",
"build:mac:release": "electron-vite build && electron-builder --mac --config --publish always",
"build:linux": "electron-vite build && electron-builder --linux --config"
},
"build": {
"appId": "net.sltt-bible.app",
"productName": "sltt-app",
"forceCodeSigning": true,
"afterSign": "build/notarize.js",
"mac": {
"target": [
{
"target": "dmg",
"arch": [
"x64"
]
}
]
},
"directories": {
"output": "dist"
},
Expand Down

0 comments on commit 48a688a

Please sign in to comment.