📦 Chore: macos code signing test

.github/workflows/mac.yml

@@ -0,0 +1,77 @@
+# main.yml
+
+# Workflow's name
+name: Mac Build
+
+# Workflow's trigger
+on: workflow_dispatch
+
+env:
+  ELECTRON_OUTPUT_PATH: ./dist_electron
+
+# Workflow's jobs
+jobs:
+  # job's id
+  release:
+    # job's name
+    name: build and release electron app
+
+    # the type of machine to run the job on
+    runs-on: ${{ matrix.os }}
+
+    # create a build matrix for jobs
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ macos-11]
+
+    # create steps
+    steps:
+      # step1: check out repository
+      - name: Check out git repository
+        uses: actions/checkout@v2
+      
+      # step2: sign
+      - name: Install the Apple certificates
+        run: |
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+
+      # step3: install node env
+      - name: Install Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: '16.x'
+
+      # step4: yarn
+      - name: Yarn install
+        run: |
+          yarn
+          yarn global add xvfb-maybe
+
+      - name: Build  & release app
+        run: |
+          yarn build
+          yarn upload-beta
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          R2_SECRET_ID: ${{ secrets.R2_SECRET_ID }}
+          R2_SECRET_KEY: ${{ secrets.R2_SECRET_KEY }}
+          R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
+          ELECTRON_SKIP_NOTARIZATION: ${{ secrets.ELECTRON_SKIP_NOTARIZATION }}
+          XCODE_APP_LOADER_EMAIL: ${{ secrets.XCODE_APP_LOADER_EMAIL }}
+          XCODE_APP_LOADER_PASSWORD: ${{ secrets.XCODE_APP_LOADER_PASSWORD }}
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}

package.json

@@ -16,6 +16,7 @@
     "postuninstall": "electron-builder install-app-deps",
     "release": "vue-cli-service electron:build --publish always",
     "upload-dist": "node ./scripts/upload-dist-to-r2.js",
+    "upload-beta": "node ./scripts/upload-beta.js",
     "link": "node ./scripts/link.js"
   },
   "dependencies": {
@@ -71,6 +72,7 @@
   },
   "devDependencies": {
     "@babel/plugin-proposal-optional-chaining": "^7.16.7",
+    "@electron/notarize": "^1.2.3",
     "@picgo/bump-version": "^1.1.2",
     "@types/ali-oss": "^6.16.7",
     "@types/electron-devtools-installer": "^2.2.0",
@@ -110,6 +112,10 @@
     "typescript": "^4.9.5",
     "vue-cli-plugin-electron-builder": "^3.0.0-alpha.4"
   },
+  "build": {
+    "appId": "com.kuingsmile.piclist",
+    "afterSign": "scripts/notarize.js"
+  },
   "commitlint": {
     "extends": [
       "./node_modules/@picgo/bump-version/commitlint-picgo"

scripts/notarize.js

@@ -0,0 +1,36 @@
+"use strict";
+
+require('dotenv').config()
+
+const { notarize } = require("@electron/notarize")
+const {
+  ELECTRON_SKIP_NOTARIZATION,
+  XCODE_APP_LOADER_EMAIL,
+  XCODE_APP_LOADER_PASSWORD,
+} = process.env
+
+async function main(context) {
+  const { electronPlatformName, appOutDir } = context
+
+  if (
+    electronPlatformName !== "darwin" ||
+    ELECTRON_SKIP_NOTARIZATION === "true" ||
+    !XCODE_APP_LOADER_EMAIL ||
+    !XCODE_APP_LOADER_PASSWORD
+  ) {
+    console.log("Skipping Apple notarization.")
+    return;
+  }
+
+  console.log("Starting Apple notarization.")
+  const appName = context.packager.appInfo.productFilename;
+  await notarize({
+    appBundleId: "com.kuingsmile.piclist",
+    appPath: `${appOutDir}/${appName}.app`,
+    appleId: XCODE_APP_LOADER_EMAIL,
+    appleIdPassword: XCODE_APP_LOADER_PASSWORD,
+  })
+
+}
+
+exports.default = main;

scripts/upload-beta.js

@@ -0,0 +1,64 @@
+// upload dist bundled-app to r2
+require('dotenv').config()
+const S3Client = require('@aws-sdk/client-s3')
+const Upload = require('@aws-sdk/lib-storage')
+const pkg = require('../package.json')
+const configList = require('./config')
+const fs = require('fs')
+const path = require('path')
+
+const BUCKET = 'piclist-dl'
+const VERSION = pkg.version
+const FILE_PATH = 'beta/'
+const ACCOUNT_ID = process.env.R2_ACCOUNT_ID
+const SECRET_ID = process.env.R2_SECRET_ID
+const SECRET_KEY = process.env.R2_SECRET_KEY
+
+
+const uploadFile = async () => {
+    try {
+        const platform = process.platform
+        if (configList[platform]) {
+            for (const [index, config] of configList[platform].entries()) {
+                const fileName = `${config.appNameWithPrefix}${VERSION}${config.arch}${config.ext}`
+                const distPath = path.join(__dirname, '../dist_electron')
+                console.log('[PicList Dist] Uploading...', fileName, `${index + 1}/${configList[platform].length}`)
+                const fileStream = fs.createReadStream(path.join(distPath, fileName))
+                const options = {
+                    credentials: {
+                        accessKeyId: SECRET_ID,
+                        secretAccessKey: SECRET_KEY
+                    },
+                    endpoint: `https://${ACCOUNT_ID}.r2.cloudflarestorage.com`,
+                    sslEnabled: true,
+                    region: 'us-east-1'
+                }
+                const client = new S3Client.S3Client(options)
+                const parallelUploads3 = new Upload.Upload({
+                    client,
+                    params: {
+                        Bucket: BUCKET,
+                        Key: `${FILE_PATH}${fileName}`,
+                        Body: fileStream,
+                        ContentType: 'application/octet-stream',
+                        Metadata: {
+                            description: 'uploaded by PicList'
+                        }
+                    }
+                })
+                parallelUploads3.on('httpUploadProgress', (progress) => {
+                    const progressBar = Math.round((progress.loaded / progress.total) * 100)
+                    process.stdout.write(`\r${progressBar}% ${fileName}`)
+                })
+                console.log('\n')
+                await parallelUploads3.done()
+                console.log(`${fileName} uploaded!`)
+            }
+        } else {
+            console.warn('platform not supported!', platform)
+        }
+    } catch (err) {
+        console.error(err)
+    }
+}
+uploadFile()

vue.config.js

@@ -49,6 +49,7 @@ const config = {
           }
         ],
         dmg: {
+          sign: false,
           contents: [
             {
               x: 410,

yarn.lock

@@ -2375,6 +2375,14 @@
   optionalDependencies:
     global-agent "^3.0.0"
 
+"@electron/notarize@^1.2.3":
+  version "1.2.3"
+  resolved "https://registry.npmjs.org/@electron/notarize/-/notarize-1.2.3.tgz#38056a629e5a0b5fd56c975c4828c0f74285b644"
+  integrity sha512-9oRzT56rKh5bspk3KpAVF8lPKHYQrBnRwcgiOeR0hdilVEQmszDaAu0IPCPrwwzJN0ugNs0rRboTreHMt/6mBQ==
+  dependencies:
+    debug "^4.1.1"
+    fs-extra "^9.0.1"
+
 "@electron/universal@1.2.1":
   version "1.2.1"
   resolved "https://registry.npmjs.org/@electron/universal/-/universal-1.2.1.tgz#3c2c4ff37063a4e9ab1e6ff57db0bc619bc82339"