Skip to content

Commit

Permalink
new certs
Browse files Browse the repository at this point in the history
  • Loading branch information
@horacioh
horacioh committed Aug 9, 2023
1 parent 99fc895 commit 5f93e0d
Show file tree
Hide file tree
Showing 2 changed files with 101 additions and 129 deletions.
49 changes: 10 additions & 39 deletions .github/workflows/electron-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,43 +106,14 @@ jobs:
GOARCH: ${{ matrix.config.goarch }}
CGO_ENABLED: 1

- name: Install the Apple certificate and provisioning profile
# if: matrix.config.os == 'macos-latest' && startsWith(github.ref, 'refs/tags/')
if: matrix.config.os == 'macos-latest'
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=${{ runner.temp }}/build_certificate.p12
PP_PATH=${{ runner.temp }}/build_pp.provisionprofile
KEYCHAIN_PATH=${{ runner.temp }}/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles


# - name: Import MacOS certs
# if: matrix.config.os == 'macos-latest'
# uses: apple-actions/import-codesign-certs@v2
# with:
# p12-file-base64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
# p12-password: ${{ secrets.P12_PASSWORD }}
- name: Import MacOS certs
if: matrix.config.os == 'macos-latest'
uses: apple-actions/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}

- name: create AppImage private key file
if: matrix.config.os == 'ubuntu-latest'
Expand Down Expand Up @@ -179,9 +150,9 @@ jobs:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: '${{ secrets.APPLE_ID_PASSWORD }}'
APPLE_TEAM_ID: '${{ secrets.APPLE_TEAM_ID }}'
APPLE_API_ISSUER: '${{ secrets.APPLE_API_ISSUER }}'
APPLE_API_KEY: '${{ runner.temp }}/build_certificate.p12'
APPLE_API_KEY_ID: '${{ secrets.APPLE_API_KEY_ID }}'
# APPLE_API_ISSUER: '${{ secrets.APPLE_API_ISSUER }}'
# APPLE_API_KEY: '${{ runner.temp }}/build_certificate.p12'
# APPLE_API_KEY_ID: '${{ secrets.APPLE_API_KEY_ID }}'
# APPLE_API_KEY: '${{ secrets.APPLE_API_KEY }}'
# APPLE_API_PRIVKEY: '${{ secrets.APPLE_API_PRIVKEY }}'

Expand Down
181 changes: 91 additions & 90 deletions frontend/apps/electron/forge.config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,100 +27,101 @@ module.exports = {
},
osxNotarize: {
tool: 'notarytool',
// appleId: process.env.APPLE_ID,
// appleIdPassword: process.env.APPLE_ID_PASSWORD,
// teamId: process.env.APPLE_TEAM_ID,
appleApiKey: process.env.APPLE_API_KEY,
appleApiKeyId: process.env.APPLE_API_KEY_ID,
appleApiIssuer: process.env.APPLE_API_ISSUER,
appleId: process.env.APPLE_ID,
appleIdPassword: process.env.APPLE_ID_PASSWORD,
teamId: 'XSKC6RJDD8',
// appleApiKey: process.env.APPLE_API_KEY,
// appleApiKeyId: process.env.APPLE_API_KEY_ID,
// appleApiIssuer: process.env.APPLE_API_ISSUER,
// },
packageManager: 'yarn',
extraResource: [daemonBinaryPath],
},
packageManager: 'yarn',
extraResource: [daemonBinaryPath],
},
rebuildConfig: {},
makers: [
{
name: '@electron-forge/maker-zip',
platforms: ['darwin'],
},
{
name: '@electron-forge/maker-dmg',
config: {
// background: './assets/dmg-background.png',
format: 'ULFO',
debug: true,
overwrite: true,
icon: `${iconsPath}.icns`,
rebuildConfig: {},
makers: [
{
name: '@electron-forge/maker-zip',
platforms: ['darwin'],
},
},
// {
// name: '@electron-forge/maker-deb',
// config: {
// options: {
// icon: `${iconsPath}.png`,
// },
// },
// },
{
name: '@electron-forge/maker-squirrel',
config: {
// An URL to an ICO file to use as the application icon (displayed in Control Panel > Programs and Features).
iconUrl: `${iconsPath}.ico`,
name: 'Mintter',
// The ICO file to use as the icon for the generated Setup.exe
setupIcon: `${iconsPath}.ico`,
certificateFile: process.env.WINDOWS_PFX_FILE,
certificatePassword: process.env.WINDOWS_PFX_PASSWORD,
{
name: '@electron-forge/maker-dmg',
config: {
// background: './assets/dmg-background.png',
format: 'ULFO',
debug: true,
overwrite: true,
icon: `${iconsPath}.icns`,
},
},
},
],
plugins: [
// {
// name: '@electron-forge/plugin-electronegativity',
// config: {
// isSarif: true,
// },
// },
// {
// name: '@electron-forge/plugin-auto-unpack-natives',
// config: {},
// },
{
name: '@electron-forge/plugin-vite',
config: {
// `build` can specify multiple entry builds, which can be Main process, Preload scripts, Worker process, etc.
// If you are familiar with Vite configuration, it will look really familiar.
build: [
{
// `entry` is just an alias for `build.lib.entry` in the corresponding file of `config`.
entry: 'src/main.ts',
config: 'vite.main.config.ts',
},
{
entry: 'src/preload.ts',
config: 'vite.preload.config.ts',
},
],
renderer: [
{
name: 'main_window',
config: 'vite.renderer.config.ts',
},
],
// {
// name: '@electron-forge/maker-deb',
// config: {
// options: {
// icon: `${iconsPath}.png`,
// },
// },
// },
{
name: '@electron-forge/maker-squirrel',
config: {
// An URL to an ICO file to use as the application icon (displayed in Control Panel > Programs and Features).
iconUrl: `${iconsPath}.ico`,
name: 'Mintter',
// The ICO file to use as the icon for the generated Setup.exe
setupIcon: `${iconsPath}.ico`,
certificateFile: process.env.WINDOWS_PFX_FILE,
certificatePassword: process.env.WINDOWS_PFX_PASSWORD,
},
},
},
],
publishers: [
{
name: '@electron-forge/publisher-github',
config: {
repository: {
owner: 'mintterteam',
name: 'mintter',
],
plugins: [
// {
// name: '@electron-forge/plugin-electronegativity',
// config: {
// isSarif: true,
// },
// },
// {
// name: '@electron-forge/plugin-auto-unpack-natives',
// config: {},
// },
{
name: '@electron-forge/plugin-vite',
config: {
// `build` can specify multiple entry builds, which can be Main process, Preload scripts, Worker process, etc.
// If you are familiar with Vite configuration, it will look really familiar.
build: [
{
// `entry` is just an alias for `build.lib.entry` in the corresponding file of `config`.
entry: 'src/main.ts',
config: 'vite.main.config.ts',
},
{
entry: 'src/preload.ts',
config: 'vite.preload.config.ts',
},
],
renderer: [
{
name: 'main_window',
config: 'vite.renderer.config.ts',
},
],
},
draft: true,
prerelease: true,
},
},
],
],
publishers: [
{
name: '@electron-forge/publisher-github',
config: {
repository: {
owner: 'mintterteam',
name: 'mintter',
},
draft: true,
prerelease: true,
},
},
],
},
}

0 comments on commit 5f93e0d

Please sign in to comment.