build(macos): allow local codesign [skip ci]

This commit is contained in:
Baptiste Augrain 2024-06-02 17:45:59 +02:00
parent 3860f2832c
commit c3064a2cb3
5 changed files with 48 additions and 20 deletions

View file

@ -120,5 +120,11 @@ if [[ "${SKIP_ASSETS}" == "no" ]]; then
rm -rf build/windows/msi/releasedir
fi
if [[ "${OS_NAME}" == "osx" && -f "./macos-codesign.env" ]]; then
. macos-codesign.env
echo "CERTIFICATE_OSX_ID: ${CERTIFICATE_OSX_ID}"
fi
. prepare_assets.sh
fi

View file

@ -0,0 +1,5 @@
CERTIFICATE_OSX_APP_PASSWORD=
CERTIFICATE_OSX_ID=
CERTIFICATE_OSX_P12_DATA=
CERTIFICATE_OSX_P12_PASSWORD=
CERTIFICATE_OSX_TEAM_ID=

View file

@ -0,0 +1,28 @@
diff --git a/build/darwin/sign.js b/build/darwin/sign.js
index f5913b7..100b950 100644
--- a/build/darwin/sign.js
+++ b/build/darwin/sign.js
@@ -53,5 +53,7 @@ async function main(buildDir) {
ignore: (filePath) => {
+ const ext = path.extname(filePath);
return filePath.includes(gpuHelperAppName) ||
filePath.includes(rendererHelperAppName) ||
- filePath.includes(pluginHelperAppName);
+ filePath.includes(pluginHelperAppName) ||
+ ext == '.asar' || ext == '.dat' || ext == '.gif' || ext == '.icns' || ext == '.ico' || ext == '.json' || ext == '.mp3' || ext == '.nib' || ext == '.pak' || ext == '.png' || ext == '.scpt' || ext == '.ttf' || ext == '.wasm' || ext == '.woff' || ext == '.woff2';
}
@@ -83,3 +85,3 @@ async function main(buildDir) {
'-string',
- 'An application in Visual Studio Code wants to use AppleScript.',
+ 'An application in VSCodium wants to use AppleScript.',
`${infoPlistPath}`
@@ -90,3 +92,3 @@ async function main(buildDir) {
'-string',
- 'An application in Visual Studio Code wants to use the Microphone.',
+ 'An application in VSCodium wants to use the Microphone.',
`${infoPlistPath}`
@@ -97,3 +99,3 @@ async function main(buildDir) {
'-string',
- 'An application in Visual Studio Code wants to use the Camera.',
+ 'An application in VSCodium wants to use the Camera.',
`${infoPlistPath}`

View file

@ -1,19 +0,0 @@
diff --git a/build/darwin/sign.js b/build/darwin/sign.js
index f5913b7..c861e3e 100644
--- a/build/darwin/sign.js
+++ b/build/darwin/sign.js
@@ -83,3 +83,3 @@ async function main(buildDir) {
'-string',
- 'An application in Visual Studio Code wants to use AppleScript.',
+ 'An application in VSCodium wants to use AppleScript.',
`${infoPlistPath}`
@@ -90,3 +90,3 @@ async function main(buildDir) {
'-string',
- 'An application in Visual Studio Code wants to use the Microphone.',
+ 'An application in VSCodium wants to use the Microphone.',
`${infoPlistPath}`
@@ -97,3 +97,3 @@ async function main(buildDir) {
'-string',
- 'An application in Visual Studio Code wants to use the Camera.',
+ 'An application in VSCodium wants to use the Camera.',
`${infoPlistPath}`

View file

@ -20,13 +20,19 @@ sum_file() {
mkdir -p assets
if [[ "${OS_NAME}" == "osx" ]]; then
if [[ "${CI_BUILD}" != "no" ]]; then
if [[ -n "${CERTIFICATE_OSX_P12_DATA}" ]]; then
if [[ "${CI_BUILD}" == "no" ]]; then
RUNNER_TEMP="${TMPDIR}"
fi
CERTIFICATE_P12="${APP_NAME}.p12"
KEYCHAIN="${RUNNER_TEMP}/buildagent.keychain"
AGENT_TEMPDIRECTORY="${RUNNER_TEMP}"
# shellcheck disable=SC2006
KEYCHAINS=`security list-keychains | xargs`
rm -f "${KEYCHAIN}"
echo "${CERTIFICATE_OSX_P12_DATA}" | base64 --decode > "${CERTIFICATE_P12}"
echo "+ create temporary keychain"
@ -48,6 +54,7 @@ if [[ "${OS_NAME}" == "osx" ]]; then
export CODESIGN_IDENTITY AGENT_TEMPDIRECTORY
DEBUG="electron-osx-sign*" node vscode/build/darwin/sign.js "$( pwd )"
# codesign --display --entitlements :- ""
echo "+ notarize"
@ -57,6 +64,7 @@ if [[ "${OS_NAME}" == "osx" ]]; then
zip -r -X -y "${ZIP_FILE}" ./*.app
xcrun notarytool store-credentials "${APP_NAME}" --apple-id "${CERTIFICATE_OSX_ID}" --team-id "${CERTIFICATE_OSX_TEAM_ID}" --password "${CERTIFICATE_OSX_APP_PASSWORD}" --keychain "${KEYCHAIN}"
# xcrun notarytool history --keychain-profile "${APP_NAME}" --keychain "${KEYCHAIN}"
xcrun notarytool submit "${ZIP_FILE}" --keychain-profile "${APP_NAME}" --wait --keychain "${KEYCHAIN}"
echo "+ attach staple"