From 4915290f135448b8e832f6584e679de0b8a78fbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=90=8C=E8=90=8C=E5=93=92=E8=B5=AB=E8=90=9D?= Date: Tue, 7 Mar 2023 13:09:56 +0800 Subject: [PATCH] :package: Chore: macos code signing test --- .github/workflows/mac.yml | 77 +++++++++++++++++++++++++++++++++++++++ package.json | 6 +++ scripts/notarize.js | 36 ++++++++++++++++++ scripts/upload-beta.js | 64 ++++++++++++++++++++++++++++++++ vue.config.js | 1 + yarn.lock | 8 ++++ 6 files changed, 192 insertions(+) create mode 100644 .github/workflows/mac.yml create mode 100644 scripts/notarize.js create mode 100644 scripts/upload-beta.js diff --git a/.github/workflows/mac.yml b/.github/workflows/mac.yml new file mode 100644 index 0000000..a9b0792 --- /dev/null +++ b/.github/workflows/mac.yml @@ -0,0 +1,77 @@ +# main.yml + +# Workflow's name +name: Mac Build + +# Workflow's trigger +on: workflow_dispatch + +env: + ELECTRON_OUTPUT_PATH: ./dist_electron + +# Workflow's jobs +jobs: + # job's id + release: + # job's name + name: build and release electron app + + # the type of machine to run the job on + runs-on: ${{ matrix.os }} + + # create a build matrix for jobs + strategy: + fail-fast: false + matrix: + os: [ macos-11] + + # create steps + steps: + # step1: check out repository + - name: Check out git repository + uses: actions/checkout@v2 + + # step2: sign + - name: Install the Apple certificates + run: | + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles + + # step3: install node env + - name: Install Node.js + uses: actions/setup-node@v2 + with: + node-version: '16.x' + + # step4: yarn + - name: Yarn install + run: | + yarn + yarn global add xvfb-maybe + + - name: Build & release app + run: | + yarn build + yarn upload-beta + env: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + R2_SECRET_ID: ${{ secrets.R2_SECRET_ID }} + R2_SECRET_KEY: ${{ secrets.R2_SECRET_KEY }} + R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} + ELECTRON_SKIP_NOTARIZATION: ${{ secrets.ELECTRON_SKIP_NOTARIZATION }} + XCODE_APP_LOADER_EMAIL: ${{ secrets.XCODE_APP_LOADER_EMAIL }} + XCODE_APP_LOADER_PASSWORD: ${{ secrets.XCODE_APP_LOADER_PASSWORD }} + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} diff --git a/package.json b/package.json index 2085fad..a67f501 100644 --- a/package.json +++ b/package.json @@ -16,6 +16,7 @@ "postuninstall": "electron-builder install-app-deps", "release": "vue-cli-service electron:build --publish always", "upload-dist": "node ./scripts/upload-dist-to-r2.js", + "upload-beta": "node ./scripts/upload-beta.js", "link": "node ./scripts/link.js" }, "dependencies": { @@ -71,6 +72,7 @@ }, "devDependencies": { "@babel/plugin-proposal-optional-chaining": "^7.16.7", + "@electron/notarize": "^1.2.3", "@picgo/bump-version": "^1.1.2", "@types/ali-oss": "^6.16.7", "@types/electron-devtools-installer": "^2.2.0", @@ -110,6 +112,10 @@ "typescript": "^4.9.5", "vue-cli-plugin-electron-builder": "^3.0.0-alpha.4" }, + "build": { + "appId": "com.kuingsmile.piclist", + "afterSign": "scripts/notarize.js" + }, "commitlint": { "extends": [ "./node_modules/@picgo/bump-version/commitlint-picgo" diff --git a/scripts/notarize.js b/scripts/notarize.js new file mode 100644 index 0000000..c9ab5cc --- /dev/null +++ b/scripts/notarize.js @@ -0,0 +1,36 @@ +"use strict"; + +require('dotenv').config() + +const { notarize } = require("@electron/notarize") +const { + ELECTRON_SKIP_NOTARIZATION, + XCODE_APP_LOADER_EMAIL, + XCODE_APP_LOADER_PASSWORD, +} = process.env + +async function main(context) { + const { electronPlatformName, appOutDir } = context + + if ( + electronPlatformName !== "darwin" || + ELECTRON_SKIP_NOTARIZATION === "true" || + !XCODE_APP_LOADER_EMAIL || + !XCODE_APP_LOADER_PASSWORD + ) { + console.log("Skipping Apple notarization.") + return; + } + + console.log("Starting Apple notarization.") + const appName = context.packager.appInfo.productFilename; + await notarize({ + appBundleId: "com.kuingsmile.piclist", + appPath: `${appOutDir}/${appName}.app`, + appleId: XCODE_APP_LOADER_EMAIL, + appleIdPassword: XCODE_APP_LOADER_PASSWORD, + }) + +} + +exports.default = main; \ No newline at end of file diff --git a/scripts/upload-beta.js b/scripts/upload-beta.js new file mode 100644 index 0000000..8352d90 --- /dev/null +++ b/scripts/upload-beta.js @@ -0,0 +1,64 @@ +// upload dist bundled-app to r2 +require('dotenv').config() +const S3Client = require('@aws-sdk/client-s3') +const Upload = require('@aws-sdk/lib-storage') +const pkg = require('../package.json') +const configList = require('./config') +const fs = require('fs') +const path = require('path') + +const BUCKET = 'piclist-dl' +const VERSION = pkg.version +const FILE_PATH = 'beta/' +const ACCOUNT_ID = process.env.R2_ACCOUNT_ID +const SECRET_ID = process.env.R2_SECRET_ID +const SECRET_KEY = process.env.R2_SECRET_KEY + + +const uploadFile = async () => { + try { + const platform = process.platform + if (configList[platform]) { + for (const [index, config] of configList[platform].entries()) { + const fileName = `${config.appNameWithPrefix}${VERSION}${config.arch}${config.ext}` + const distPath = path.join(__dirname, '../dist_electron') + console.log('[PicList Dist] Uploading...', fileName, `${index + 1}/${configList[platform].length}`) + const fileStream = fs.createReadStream(path.join(distPath, fileName)) + const options = { + credentials: { + accessKeyId: SECRET_ID, + secretAccessKey: SECRET_KEY + }, + endpoint: `https://${ACCOUNT_ID}.r2.cloudflarestorage.com`, + sslEnabled: true, + region: 'us-east-1' + } + const client = new S3Client.S3Client(options) + const parallelUploads3 = new Upload.Upload({ + client, + params: { + Bucket: BUCKET, + Key: `${FILE_PATH}${fileName}`, + Body: fileStream, + ContentType: 'application/octet-stream', + Metadata: { + description: 'uploaded by PicList' + } + } + }) + parallelUploads3.on('httpUploadProgress', (progress) => { + const progressBar = Math.round((progress.loaded / progress.total) * 100) + process.stdout.write(`\r${progressBar}% ${fileName}`) + }) + console.log('\n') + await parallelUploads3.done() + console.log(`${fileName} uploaded!`) + } + } else { + console.warn('platform not supported!', platform) + } + } catch (err) { + console.error(err) + } +} +uploadFile() \ No newline at end of file diff --git a/vue.config.js b/vue.config.js index 80c3dae..bf3f0b2 100644 --- a/vue.config.js +++ b/vue.config.js @@ -49,6 +49,7 @@ const config = { } ], dmg: { + sign: false, contents: [ { x: 410, diff --git a/yarn.lock b/yarn.lock index 1698884..fcb892a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2375,6 +2375,14 @@ optionalDependencies: global-agent "^3.0.0" +"@electron/notarize@^1.2.3": + version "1.2.3" + resolved "https://registry.npmjs.org/@electron/notarize/-/notarize-1.2.3.tgz#38056a629e5a0b5fd56c975c4828c0f74285b644" + integrity sha512-9oRzT56rKh5bspk3KpAVF8lPKHYQrBnRwcgiOeR0hdilVEQmszDaAu0IPCPrwwzJN0ugNs0rRboTreHMt/6mBQ== + dependencies: + debug "^4.1.1" + fs-extra "^9.0.1" + "@electron/universal@1.2.1": version "1.2.1" resolved "https://registry.npmjs.org/@electron/universal/-/universal-1.2.1.tgz#3c2c4ff37063a4e9ab1e6ff57db0bc619bc82339"