Merge branch 'main' of github.com:kryptokrona/aesir-wallet

kryptokrona · Oct 23, 2024 · 34ec6b7 · 34ec6b7
2 parents 58e2b60 + 621ee42
commit 34ec6b7
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 1 deletion.
diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml
@@ -79,6 +79,38 @@ jobs:
         if: matrix.config.os == 'ubuntu-latest'
         run: sudo snap install snapcraft --classic
 
+      - name: Install the Apple certificate and provisioning profile
+        if: matrix.config.os == 'macos-latest'
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # Import certificate and provisioning profile from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+
+          # Create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # Import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # Apply provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH .
+          ls
+
       - name: Install dependencies
         run: npm install --quiet
 
@@ -94,6 +126,29 @@ jobs:
         if: matrix.config.os == 'macos-latest'
         run: npm run build:mac-$PLATFORM
 
+      - name: Sign the macOS Application
+        if: matrix.config.os == 'macos-latest'
+        run: |
+          codesign --deep --force --verify --verbose --sign "$SIGNING_IDENTITY" dist/Aesir-${{ env.VERSION }}.dmg
+        env:
+          SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }}
+
+      - name: Check macOS signature
+        if: matrix.config.os == 'macos-latest'
+        run: codesign -vvv --deep --strict dist/Aesir-${{ env.VERSION }}.dmg
+
+      - name: Notarize macOS App
+        if: matrix.config.os == 'macos-latest'
+        run: xcrun notarytool submit --apple-id "$APPLE_ID" --team-id "$TEAM_ID" --password "$APP_SPECIFIC_PASSWORD" --wait dist/Aesir-${{ env.VERSION }}.dmg
+        env:
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          TEAM_ID: ${{ secrets.TEAM_ID }}
+          APP_SPECIFIC_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }}
+
+      - name: Staple Notarization
+        if: matrix.config.os == 'macos-latest'
+        run: xcrun stapler staple dist/Aesir-${{ env.VERSION }}.dmg
+
       - name: Check artifacts --DEBUG--
         run: ls dist
 

diff --git a/entitlements.plist b/entitlements.plist
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+	<dict>
+		<key>com.apple.security.cs.allow-jit</key>
+		<true/>
+		<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+		<true/>
+		<key>com.apple.security.cs.allow-dyld-environment-variables</key>
+		<true/>
+	</dict>
+</plist>
diff --git a/package.json b/package.json
@@ -27,6 +27,7 @@
         "publish:mac-intel": "cross-env NODE_ENV=production vite build && electron-builder --mac --x64 --config build.config.json -p never"
     },
     "build": {
+        "appId": "org.kryptokrona.aesir",
         "publish": [
             {
                 "provider": "github",
@@ -35,7 +36,11 @@
             }
         ],
         "mac": {
-            "asarUnpack": "./node_modules/node-notifier/vendor/**"
+            "asarUnpack": "./node_modules/node-notifier/vendor/**",
+            "entitlements": "./entitlements.plist",
+            "entitlementsInherit": "./entitlements.plist",
+            "identity": "Developer ID Application: Lukas Nyberg (YT27J42JQ8)",
+            "provisioningProfile": "build_pp.mobileprovision"
         }
     },
     "browserslist": [