SekiDesu01/hytale-f2p-mirror
1
0
Fork 0
mirror of https://git.sanhost.net/sanasol/hytale-f2p.git synced 2026-02-26 14:51:48 -03:00
Code Issues Packages Projects Releases Wiki Activity

feat: add macOS code signing and notarization support

Browse Source 
- Add entitlements.mac.plist for hardened runtime
- Add notarize.js post-sign hook for Apple notarization
- Update package.json with signing config and @electron/notarize dep
- Update GitHub Actions workflow with signing secrets

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
sanasol
2026-01-28 14:48:40 +01:00
parent 79456e43a6
commit e8105cb30e
4 changed files with 69 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/release.yml vendored
View File

@@ -40,6 +40,14 @@ jobs:
- run: npm ci - run: npm ci
- name: Build macOS Packages - name: Build macOS Packages
env:
# Code signing
CSC_LINK: ${{ secrets.CSC_LINK }}
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
# Notarization
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
run: npx electron-builder --mac --publish never run: npx electron-builder --mac --publish never
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@v4
with: with:

18
build/entitlements.mac.plist Normal file
View File

@@ -0,0 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
</dict>
</plist>

8
package.json
View File

@@ -45,6 +45,7 @@
}, },
"license": "MIT", "license": "MIT",
"devDependencies": { "devDependencies": {
"@electron/notarize": "^2.5.0",
"electron": "^40.0.0", "electron": "^40.0.0",
"electron-builder": "^26.4.0" "electron-builder": "^26.4.0"
}, },
@@ -131,8 +132,13 @@
} }
], ],
"icon": "build/icon.icns", "icon": "build/icon.icns",
"category": "public.app-category.games" "category": "public.app-category.games",
"hardenedRuntime": true,
"gatekeeperAssess": false,
"entitlements": "build/entitlements.mac.plist",
"entitlementsInherit": "build/entitlements.mac.plist"
}, },
"afterSign": "scripts/notarize.js",
"nsis": { "nsis": {
"oneClick": false, "oneClick": false,
"allowToChangeInstallationDirectory": true, "allowToChangeInstallationDirectory": true,

36
scripts/notarize.js Normal file
View File

@@ -0,0 +1,36 @@
const { notarize } = require('@electron/notarize');
const path = require('path');
exports.default = async function notarizing(context) {
const { electronPlatformName, appOutDir } = context;
// Only notarize macOS builds
if (electronPlatformName !== 'darwin') {
console.log('Skipping notarization: not macOS');
return;
}
// Skip if credentials not provided (local builds)
if (!process.env.APPLE_ID || !process.env.APPLE_APP_SPECIFIC_PASSWORD || !process.env.APPLE_TEAM_ID) {
console.log('Skipping notarization: missing credentials (APPLE_ID, APPLE_APP_SPECIFIC_PASSWORD, or APPLE_TEAM_ID)');
return;
}
const appName = context.packager.appInfo.productFilename;
const appPath = path.join(appOutDir, `${appName}.app`);
console.log(`Notarizing ${appPath}...`);
try {
await notarize({
appPath,
appleId: process.env.APPLE_ID,
appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD,
teamId: process.env.APPLE_TEAM_ID,
});
console.log('Notarization complete!');
} catch (error) {
console.error('Notarization failed:', error);
throw error;
}
};