From 3caabd3a0f22d31220cf7335f99b95ed81105844 Mon Sep 17 00:00:00 2001 From: Bill Glesias Date: Tue, 25 Jul 2023 09:51:02 -0400 Subject: [PATCH] chore: update electron notary tool to v2 (#27380) * chore: update electron-notarize to @electron/notarize v2. legacy tooling will stop working November 23 and this allows us to get ahead of the curve. see https://github.com/electron/notarize/commit/bf23272fa2a98b293ff74c29d2ceff549ac357bb. Also inquirer types were having issues in build which updated from v7 to v8. Nothing major changed there except dropping node 10 support chore: add Team ID to mac os code sign as it is now needed by the new signing tool. see https://github.com/electron/notarize#notes-on-your-teamid. [run ci] * chore: debug notary [run ci] --- .circleci/cache-version.txt | 2 +- .circleci/workflows.yml | 10 +++++----- package.json | 2 +- scripts/after-sign-hook.js | 7 ++++++- yarn.lock | 9 +++++++++ 5 files changed, 22 insertions(+), 8 deletions(-) diff --git a/.circleci/cache-version.txt b/.circleci/cache-version.txt index c620bbdae266..55f7033caf32 100644 --- a/.circleci/cache-version.txt +++ b/.circleci/cache-version.txt @@ -1,3 +1,3 @@ # Bump this version to force CI to re-create the cache from scratch. -07-19-23 \ No newline at end of file +07-25-23 \ No newline at end of file diff --git a/.circleci/workflows.yml b/.circleci/workflows.yml index e8dbd6da7468..93b7f6da7aee 100644 --- a/.circleci/workflows.yml +++ b/.circleci/workflows.yml @@ -30,7 +30,7 @@ mainBuildFilters: &mainBuildFilters - /^release\/\d+\.\d+\.\d+$/ # use the following branch as well to ensure that v8 snapshot cache updates are fully tested - 'update-v8-snapshot-cache-on-develop' - - 'reduce_requests_paused' + - 'chore/debug-arm64-notary' - 'chore/use_cloud_m1_runners' - 'publish-binary' @@ -43,7 +43,7 @@ macWorkflowFilters: &darwin-workflow-filters - equal: [ develop, << pipeline.git.branch >> ] # use the following branch as well to ensure that v8 snapshot cache updates are fully tested - equal: [ 'update-v8-snapshot-cache-on-develop', << pipeline.git.branch >> ] - - equal: [ 'reduce_requests_paused', << pipeline.git.branch >> ] + - equal: [ 'chore/debug-arm64-notary', << pipeline.git.branch >> ] - equal: [ 'chore/use_cloud_m1_runners', << pipeline.git.branch >> ] - matches: pattern: /^release\/\d+\.\d+\.\d+$/ @@ -55,7 +55,7 @@ linuxArm64WorkflowFilters: &linux-arm64-workflow-filters - equal: [ develop, << pipeline.git.branch >> ] # use the following branch as well to ensure that v8 snapshot cache updates are fully tested - equal: [ 'update-v8-snapshot-cache-on-develop', << pipeline.git.branch >> ] - - equal: [ 'reduce_requests_paused', << pipeline.git.branch >> ] + - equal: [ 'chore/debug-arm64-notary', << pipeline.git.branch >> ] - equal: [ 'chore/use_cloud_m1_runners', << pipeline.git.branch >> ] - equal: [ 'publish-binary', << pipeline.git.branch >> ] - matches: @@ -77,7 +77,7 @@ windowsWorkflowFilters: &windows-workflow-filters - equal: [ develop, << pipeline.git.branch >> ] # use the following branch as well to ensure that v8 snapshot cache updates are fully tested - equal: [ 'update-v8-snapshot-cache-on-develop', << pipeline.git.branch >> ] - - equal: [ 'reduce_requests_paused', << pipeline.git.branch >> ] + - equal: [ 'chore/debug-arm64-notary', << pipeline.git.branch >> ] - equal: [ 'chore/use_cloud_m1_runners', << pipeline.git.branch >> ] - matches: pattern: /^release\/\d+\.\d+\.\d+$/ @@ -1127,7 +1127,7 @@ commands: - run: name: Package the Cypress binary environment: - DEBUG: electron-builder,electron-osx-sign* + DEBUG: electron-builder,electron-osx-sign*,electron-notarize* # notarization on Mac can take a while no_output_timeout: "45m" command: | diff --git a/package.json b/package.json index d56a48d2464e..55dde8d541d3 100644 --- a/package.json +++ b/package.json @@ -75,6 +75,7 @@ "@cypress/request": "^2.88.11", "@cypress/request-promise": "4.2.6", "@electron/fuses": "1.6.1", + "@electron/notarize": "^2.1.0", "@fellow/eslint-plugin-coffee": "0.4.13", "@graphql-codegen/add": "3.1.0", "@graphql-codegen/cli": "2.2.0", @@ -145,7 +146,6 @@ "detect-port": "^1.3.0", "electron": "21.0.0", "electron-builder": "^22.13.1", - "electron-notarize": "^1.1.1", "enzyme-adapter-react-16": "1.12.1", "eslint": "7.22.0", "eslint-plugin-cypress": "2.11.2", diff --git a/scripts/after-sign-hook.js b/scripts/after-sign-hook.js index d40d11b6b2da..be1fc9dcad0e 100644 --- a/scripts/after-sign-hook.js +++ b/scripts/after-sign-hook.js @@ -3,7 +3,7 @@ // "afterSign": "./scripts/after-sign-hook.js" const fs = require('fs') const path = require('path') -let electron_notarize = require('electron-notarize') +let electron_notarize = require('@electron/notarize') module.exports = async function (params) { // Only notarize the app on Mac OS. @@ -40,12 +40,17 @@ module.exports = async function (params) { throw new Error('Missing Apple password for notarization: NOTARIZE_APP_PASSWORD') } + if (!process.env.NOTARIZE_APP_TEAM_ID) { + throw new Error('Missing Apple team id for notarization: NOTARIZE_APP_TEAM_ID') + } + try { await electron_notarize.notarize({ appBundleId: appId, appPath, appleId: process.env.NOTARIZE_APP_APPLE_ID, appleIdPassword: process.env.NOTARIZE_APP_PASSWORD, + teamId: process.env.NOTARIZE_APP_TEAM_ID, }) } catch (error) { console.error('could not notarize application') diff --git a/yarn.lock b/yarn.lock index d1f72c39b94e..a2d4bc8dbace 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2556,6 +2556,15 @@ global-agent "^3.0.0" global-tunnel-ng "^2.7.1" +"@electron/notarize@^2.1.0": + version "2.1.0" + resolved "https://registry.yarnpkg.com/@electron/notarize/-/notarize-2.1.0.tgz#76aaec10c8687225e8d0a427cc9df67611c46ff3" + integrity sha512-Q02xem1D0sg4v437xHgmBLxI2iz/fc0D4K7fiVWHa/AnW8o7D751xyKNXgziA6HrTOme9ul1JfWN5ark8WH1xA== + dependencies: + debug "^4.1.1" + fs-extra "^9.0.1" + promise-retry "^2.0.1" + "@electron/universal@1.0.5": version "1.0.5" resolved "https://registry.yarnpkg.com/@electron/universal/-/universal-1.0.5.tgz#b812340e4ef21da2b3ee77b2b4d35c9b86defe37"