Merge pull request #17576 from desktop/notary-public

Notarize using notarytool instead of altool
This commit is contained in:
Markus Olsson 2023-10-19 13:55:06 +02:00 committed by GitHub
commit a023a562ec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 15 deletions

View file

@ -26,6 +26,7 @@ on:
DESKTOP_OAUTH_CLIENT_SECRET:
APPLE_ID:
APPLE_ID_PASSWORD:
APPLE_TEAM_ID:
APPLE_APPLICATION_CERT:
APPLE_APPLICATION_CERT_PASSWORD:
WINDOWS_CERT_PFX:
@ -101,6 +102,7 @@ jobs:
${{ secrets.DESKTOP_OAUTH_CLIENT_SECRET }}
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
APPLE_APPLICATION_CERT: ${{ secrets.APPLE_APPLICATION_CERT }}
KEY_PASSWORD: ${{ secrets.APPLE_APPLICATION_CERT_PASSWORD }}
npm_config_arch: ${{ matrix.arch }}

View file

@ -146,14 +146,13 @@ function packageApp() {
}
// get notarization deets, unless we're not going to publish this
const notarizationCredentials = isPublishableBuild
? getNotarizationCredentials()
: undefined
const osxNotarize = isPublishableBuild ? getNotarizationOptions() : undefined
if (
isPublishableBuild &&
isGitHubActions() &&
process.platform === 'darwin' &&
notarizationCredentials === undefined
osxNotarize === undefined
) {
// we can't publish a mac build without these
throw new Error(
@ -198,7 +197,7 @@ function packageApp() {
identity: isDevelopmentBuild ? '-' : undefined,
identityValidation: !isDevelopmentBuild,
},
osxNotarize: notarizationCredentials,
osxNotarize,
protocols: [
{
name: getBundleID(),
@ -426,14 +425,14 @@ ${licenseText}`
rmSync(chooseALicense, { recursive: true, force: true })
}
function getNotarizationCredentials(): OsxNotarizeOptions | undefined {
const appleId = process.env.APPLE_ID
const appleIdPassword = process.env.APPLE_ID_PASSWORD
if (appleId === undefined || appleIdPassword === undefined) {
return undefined
}
return {
appleId,
appleIdPassword,
}
function getNotarizationOptions(): OsxNotarizeOptions | undefined {
const {
APPLE_ID: appleId,
APPLE_ID_PASSWORD: appleIdPassword,
APPLE_TEAM_ID: teamId,
} = process.env
return appleId && appleIdPassword && teamId
? { tool: 'notarytool', appleId, appleIdPassword, teamId }
: undefined
}