From cc72fadfbcdef7b3f790ede3835d28939a40c58f Mon Sep 17 00:00:00 2001 From: Mikael Finstad Date: Wed, 1 Nov 2023 18:17:11 +0900 Subject: [PATCH] try to use api key instead to notarize --- .github/workflows/build.yml | 10 ++-- ...pp-builder-lib-npm-24.8.0-51e1f5cd3f.patch | 49 ++++++++++++++++++- yarn.lock | 4 +- 3 files changed, 53 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 06eb13197ce..3057b89aaca 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -92,13 +92,9 @@ jobs: # windows_certs: ${{ secrets.windows_certs }} # windows_certs_password: ${{ secrets.windows_certs_password }} env: - # https://github.com/electron-userland/electron-builder/issues/7683 - APPLE_ID: ${{ secrets.apple_id }} - APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.apple_app_specific_password }} - # TODO use appleApiKey, appleApiKeyId and appleApiIssuer from https://github.com/electron/notarize - # once electron-builder supports those: https://github.com/electron-userland/electron-builder/blob/7c7db837bdf650228594a30114975f1581c37130/packages/app-builder-lib/src/macPackager.ts#L489 - #API_KEY_ID: ${{ secrets.api_key_id }} - #API_KEY_ISSUER_ID: ${{ secrets.api_key_issuer_id }} + APPLE_API_KEY: ${{ secrets.api_key }} + APPLE_API_KEY_ID: ${{ secrets.api_key_id }} + APPLE_API_KEY_ISSUER: ${{ secrets.api_key_issuer_id }} - name: Upload to Mac App Store if: startsWith(matrix.os, 'macos') && env.is_tag == 'true' diff --git a/.yarn/patches/app-builder-lib-npm-24.8.0-51e1f5cd3f.patch b/.yarn/patches/app-builder-lib-npm-24.8.0-51e1f5cd3f.patch index bf0a2c1aa0d..76d92a3f534 100644 --- a/.yarn/patches/app-builder-lib-npm-24.8.0-51e1f5cd3f.patch +++ b/.yarn/patches/app-builder-lib-npm-24.8.0-51e1f5cd3f.patch @@ -1,5 +1,5 @@ diff --git a/out/macPackager.js b/out/macPackager.js -index 30787ba358acb9277a63df05c839a0caeea8ad91..aa131c6397d274486117f7693d409729ba4d3ca1 100644 +index 30787ba358acb9277a63df05c839a0caeea8ad91..726c7fe36637ca351ecfce363f564a8e87bf351a 100644 --- a/out/macPackager.js +++ b/out/macPackager.js @@ -276,7 +276,7 @@ class MacPackager extends platformPackager_1.PlatformPackager { @@ -11,3 +11,50 @@ index 30787ba358acb9277a63df05c839a0caeea8ad91..aa131c6397d274486117f7693d409729 return true; } async getOptionsForFile(appPath, isMas, customSignOptions) { +@@ -407,24 +407,36 @@ class MacPackager extends platformPackager_1.PlatformPackager { + builder_util_1.log.info({ reason: "`notarizeOptions` is explicitly set to false" }, "skipped macOS notarization"); + return; + } ++ ++ let options; ++ // option 1: app-specific password + const appleId = process.env.APPLE_ID; + const appleIdPassword = process.env.APPLE_APP_SPECIFIC_PASSWORD; +- if (!appleId && !appleIdPassword) { ++ // option 2: API key ++ const appleApiKey = process.env.APPLE_API_KEY; ++ const appleApiKeyId = process.env.APPLE_API_KEY_ID; ++ const appleApiIssuer = process.env.APPLE_API_ISSUER; ++ if (appleId || appleIdPassword) { ++ if (!appleId) { ++ throw new builder_util_1.InvalidConfigurationError(`APPLE_ID env var needs to be set`); ++ } ++ if (!appleIdPassword) { ++ throw new builder_util_1.InvalidConfigurationError(`APPLE_APP_SPECIFIC_PASSWORD env var needs to be set`); ++ } ++ ++ options = this.generateNotarizeOptions({ appPath, appleId, appleIdPassword }); ++ } else if (appleApiKey || appleApiKeyId || appleApiIssuer) { ++ options = this.generateNotarizeOptions({ appleApiKey, appleApiKeyId, appleApiIssuer }); ++ } else { + // if no credentials provided, skip silently + return; + } +- if (!appleId) { +- throw new builder_util_1.InvalidConfigurationError(`APPLE_ID env var needs to be set`); +- } +- if (!appleIdPassword) { +- throw new builder_util_1.InvalidConfigurationError(`APPLE_APP_SPECIFIC_PASSWORD env var needs to be set`); +- } +- const options = this.generateNotarizeOptions(appPath, appleId, appleIdPassword); + await (0, notarize_1.notarize)(options); ++ + builder_util_1.log.info(null, "notarization successful"); + } +- generateNotarizeOptions(appPath, appleId, appleIdPassword) { +- const baseOptions = { appPath, appleId, appleIdPassword }; ++ generateNotarizeOptions({ appPath, appleId, appleIdPassword, appleApiKey, appleApiKeyId, appleApiIssuer }) { ++ const baseOptions = { appPath, appleId, appleIdPassword, appleApiKey, appleApiKeyId, appleApiIssuer }; + const options = this.platformSpecificBuildOptions.notarize; + if (typeof options === "boolean") { + const proj = { diff --git a/yarn.lock b/yarn.lock index 328294d880d..1c1a797f9f2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1998,7 +1998,7 @@ __metadata: "app-builder-lib@patch:app-builder-lib@npm%3A24.8.0#./.yarn/patches/app-builder-lib-npm-24.8.0-51e1f5cd3f.patch::locator=lossless-cut%40workspace%3A.": version: 24.8.0 - resolution: "app-builder-lib@patch:app-builder-lib@npm%3A24.8.0#./.yarn/patches/app-builder-lib-npm-24.8.0-51e1f5cd3f.patch::version=24.8.0&hash=ed7dfa&locator=lossless-cut%40workspace%3A." + resolution: "app-builder-lib@patch:app-builder-lib@npm%3A24.8.0#./.yarn/patches/app-builder-lib-npm-24.8.0-51e1f5cd3f.patch::version=24.8.0&hash=6f8a5c&locator=lossless-cut%40workspace%3A." dependencies: 7zip-bin: ~5.1.1 "@develar/schema-utils": ~2.6.5 @@ -2028,7 +2028,7 @@ __metadata: semver: ^7.3.8 tar: ^6.1.12 temp-file: ^3.4.0 - checksum: 955974c64fc49f3b67f764be76b977eaf5f0ac7231ae7886a47f1b2b45789cb56c6592999422d8b2f25430496f66332f77d2ef08a1986b71274694d37c91c773 + checksum: 3ce09b3cb8425ecbab5911c0d73f4efe61d0f98267d0e63883a480e8a202f89fa2dbb8577e31809676ed1bf11c75a22694054601a76b7ba8477fbf624d824f32 languageName: node linkType: hard