Skip to content

Commit 3bc65b4

Browse files
joohwcursoragent
joohw
and
cursoragent
committed
ci(desktop): enable mac signing and notarization
Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 6ce1a30 commit 3bc65b4

4 files changed

Lines changed: 51 additions & 5 deletions

File tree

.github/workflows/release-desktop.yml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,35 @@ jobs:
8585

8686
- name: Build macOS desktop
8787
working-directory: electron
88+
env:
89+
CSC_LINK: ${{ secrets.CSC_LINK }}
90+
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
91+
APPLE_API_KEY_CONTENT: ${{ secrets.APPLE_API_KEY_CONTENT }}
92+
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
93+
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
94+
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
8895
run: |
96+
set -euo pipefail
97+
required_secrets=(
98+
CSC_LINK
99+
CSC_KEY_PASSWORD
100+
APPLE_API_KEY_CONTENT
101+
APPLE_API_KEY_ID
102+
APPLE_API_ISSUER
103+
APPLE_TEAM_ID
104+
)
105+
for secret_name in "${required_secrets[@]}"; do
106+
if [ -z "${!secret_name:-}" ]; then
107+
echo "::error::Missing required macOS signing secret: ${secret_name}"
108+
exit 1
109+
fi
110+
done
111+
112+
mkdir -p "$RUNNER_TEMP/appstoreconnect"
113+
export APPLE_API_KEY="$RUNNER_TEMP/appstoreconnect/AuthKey_${APPLE_API_KEY_ID}.p8"
114+
printf '%s' "$APPLE_API_KEY_CONTENT" > "$APPLE_API_KEY"
115+
chmod 600 "$APPLE_API_KEY"
116+
89117
npm ci
90118
npm run build:mac
91119

core/internal/buildinfo/buildinfo.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ import "strings"
44

55
// Set at link time via -ldflags (see .goreleaser.yaml).
66
var (
7-
Version = "dev0.1.39"
7+
Version = "dev0.1.40"
88
Commit = "none"
99
Date = "unknown"
1010
)

electron/build/entitlements.mac.plist

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
3+
<plist version="1.0">
4+
<dict>
5+
<key>com.apple.security.cs.allow-jit</key>
6+
<true/>
7+
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
8+
<true/>
9+
<key>com.apple.security.cs.disable-library-validation</key>
10+
<true/>
11+
<key>com.apple.security.network.client</key>
12+
<true/>
13+
<key>com.apple.security.network.server</key>
14+
<true/>
15+
</dict>
16+
</plist>

electron/package.json

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,17 +63,19 @@
6363
"mac": {
6464
"icon": "assets/icon.icns",
6565
"category": "public.app-category.developer-tools",
66+
"hardenedRuntime": true,
67+
"gatekeeperAssess": false,
68+
"entitlements": "build/entitlements.mac.plist",
69+
"entitlementsInherit": "build/entitlements.mac.plist",
70+
"notarize": true,
6671
"target": [
6772
{
6873
"target": "dmg",
6974
"arch": [
7075
"universal"
7176
]
7277
}
73-
],
74-
"identity": null,
75-
"hardenedRuntime": false,
76-
"gatekeeperAssess": false
78+
]
7779
},
7880
"dmg": {
7981
"artifactName": "clovapi-desktop-darwin-universal.${ext}"

0 commit comments

Comments
 (0)