feat: add macOS code signing and notarization support

- Add entitlements.mac.plist for hardened runtime - Add notarize.js post-sign hook for Apple notarization - Update package.json with signing config and @electron/notarize dep - Update GitHub Actions workflow with signing secrets Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-26 06:41:47 -03:00 · 2026-01-28 14:48:40 +01:00
parent 79456e43a6
commit e8105cb30e
4 changed files with 69 additions and 1 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -40,6 +40,14 @@ jobs:
      - run: npm ci

      - name: Build macOS Packages
+        env:
+          # Code signing
+          CSC_LINK: ${{ secrets.CSC_LINK }}
+          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+          # Notarization
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
        run: npx electron-builder --mac --publish never
      - uses: actions/upload-artifact@v4
        with: