fix: add verbose logging to notarize script for debugging

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
chore: update package-lock.json
2026-02-26 10:31:47 -03:00 · 2026-01-28 15:14:59 +01:00 · 2026-01-28 15:04:13 +01:00 · 2026-01-28 15:01:57 +01:00 · 2026-01-28 14:48:40 +01:00 · 2026-01-28 03:14:05 +01:00
5 changed files with 153 additions and 20 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
          node-version: '22'
          cache: 'npm'
      - run: npm ci
-      
+
      - name: Build Windows Packages
        run: npx electron-builder --win --publish never
      - uses: actions/upload-artifact@v4
@@ -40,6 +40,14 @@ jobs:
      - run: npm ci
      - name: Build macOS Packages
        env:
          # Code signing
          CSC_LINK: ${{ secrets.CSC_LINK }}
          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
          # Notarization
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
        run: npx electron-builder --mac --publish never
      - uses: actions/upload-artifact@v4
        with:
@@ -57,7 +65,7 @@ jobs:
        run: |
          sudo apt-get update
          sudo apt-get install -y libarchive-tools
-          
+
      - uses: actions/setup-node@v4
        with:
          node-version: '22'
@@ -86,7 +94,7 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-          
+
      - name: Install base packages
        run: |
          pacman -Syu --noconfirm
@@ -123,26 +131,39 @@ jobs:
            *.src.tar.zst
            .SRCINFO
  # Create release with Windows, Linux, Arch (fast builds)
  release:
-    needs: [build-windows, build-macos, build-linux, build-arch]
+    needs: [build-windows, build-linux, build-arch]
    runs-on: ubuntu-latest
    if: |
-      startsWith(github.ref, 'refs/tags/v') || 
+      startsWith(github.ref, 'refs/tags/v') ||
-      github.ref == 'refs/heads/main' || 
+      github.ref == 'refs/heads/main' ||
      github.event_name == 'workflow_dispatch'
    permissions:
      contents: write
    steps:
      # FIX: './package.json' Module Not Found in `Get version` step
      - name: Checkout code
        uses: actions/checkout@v4
-      - name: Download all artifacts
+      - name: Download Windows artifacts
        uses: actions/download-artifact@v4
        with:
-          path: artifacts
+          name: windows-builds
          path: artifacts/windows-builds
      - name: Download Linux artifacts
        uses: actions/download-artifact@v4
        with:
          name: linux-builds
          path: artifacts/linux-builds
      - name: Download Arch artifacts
        uses: actions/download-artifact@v4
        with:
          name: arch-package
          path: artifacts/arch-package
      - name: Display structure of downloaded files
        run: ls -R artifacts
@@ -155,18 +176,43 @@ jobs:
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.ref_name }}
          # If it's a tag, use the tag. 
          # tag_name: ${{ github.ref_type == 'tag' && github.ref_name || format('v{0}.r{1}', steps.pkg_version.outputs.VERSION, github.run_number) }}
          # If it's the 'release' branch, use 'v2.0.2-beta.r42'
          # name: ${{ github.ref_type == 'tag' && github.ref_name || format('v{0}-beta.r{1}', steps.pkg_version.outputs.VERSION, github.run_number) }}
          files: |
            artifacts/arch-package/*.pkg.tar.zst
            artifacts/arch-package/*.src.tar.zst
            artifacts/arch-package/.SRCINFO
-            artifacts/linux-builds/**/*
+            artifacts/linux-builds/*
-            artifacts/windows-builds/**/*
+            artifacts/windows-builds/*
            artifacts/macos-builds/**/*
          generate_release_notes: true
          draft: true
          prerelease: false
-          
+
  # Upload macOS builds separately (slow due to notarization)
  release-macos:
    needs: [build-macos, release]
    runs-on: ubuntu-latest
    if: |
      startsWith(github.ref, 'refs/tags/v') ||
      github.ref == 'refs/heads/main' ||
      github.event_name == 'workflow_dispatch'
    permissions:
      contents: write
    steps:
      - name: Download macOS artifacts
        uses: actions/download-artifact@v4
        with:
          name: macos-builds
          path: artifacts/macos-builds
      - name: Display macOS files
        run: ls -R artifacts
      - name: Upload macOS to Release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.ref_name }}
          files: |
            artifacts/macos-builds/*
          draft: true
          prerelease: false
--- a/build/entitlements.mac.plist
+++ b/build/entitlements.mac.plist
@@ -0,0 +1,18 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-write</key>
    <true/>
 </dict>
 </plist>
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "hytale-f2p-launcher",
-  "version": "2.1.1",
+  "version": "2.1.2",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "hytale-f2p-launcher",
-      "version": "2.1.1",
+      "version": "2.1.2",
      "license": "MIT",
      "dependencies": {
        "adm-zip": "^0.5.10",
@@ -19,6 +19,7 @@
        "uuid": "^9.0.1"
      },
      "devDependencies": {
        "@electron/notarize": "^2.5.0",
        "electron": "^40.0.0",
        "electron-builder": "^26.4.0"
      }
--- a/package.json
+++ b/package.json
@@ -45,6 +45,7 @@
  },
  "license": "MIT",
  "devDependencies": {
    "@electron/notarize": "^2.5.0",
    "electron": "^40.0.0",
    "electron-builder": "^26.4.0"
  },
@@ -131,8 +132,13 @@
        }
      ],
      "icon": "build/icon.icns",
-      "category": "public.app-category.games"
+      "category": "public.app-category.games",
      "hardenedRuntime": true,
      "gatekeeperAssess": false,
      "entitlements": "build/entitlements.mac.plist",
      "entitlementsInherit": "build/entitlements.mac.plist"
    },
    "afterSign": "scripts/notarize.js",
    "nsis": {
      "oneClick": false,
      "allowToChangeInstallationDirectory": true,
--- a/scripts/notarize.js
+++ b/scripts/notarize.js
@@ -0,0 +1,62 @@
 console.log('[Notarize] Script loaded');
 let notarize;
 try {
  notarize = require('@electron/notarize').notarize;
  console.log('[Notarize] @electron/notarize loaded successfully');
 } catch (err) {
  console.error('[Notarize] Failed to load @electron/notarize:', err.message);
  throw err;
 }
 const path = require('path');
 exports.default = async function notarizing(context) {
  console.log('[Notarize] afterSign hook called');
  console.log('[Notarize] Context:', JSON.stringify({
    platform: context.electronPlatformName,
    appOutDir: context.appOutDir,
    outDir: context.outDir
  }, null, 2));
  const { electronPlatformName, appOutDir } = context;
  // Only notarize macOS builds
  if (electronPlatformName !== 'darwin') {
    console.log('[Notarize] Skipping: not macOS');
    return;
  }
  // Check credentials
  const hasAppleId = !!process.env.APPLE_ID;
  const hasPassword = !!process.env.APPLE_APP_SPECIFIC_PASSWORD;
  const hasTeamId = !!process.env.APPLE_TEAM_ID;
  console.log('[Notarize] Credentials check:', { hasAppleId, hasPassword, hasTeamId });
  if (!hasAppleId || !hasPassword || !hasTeamId) {
    console.log('[Notarize] Skipping: missing credentials');
    return;
  }
  const appName = context.packager.appInfo.productFilename;
  const appPath = path.join(appOutDir, `${appName}.app`);
  console.log('[Notarize] Starting notarization...');
  console.log('[Notarize] App path:', appPath);
  console.log('[Notarize] Team ID:', process.env.APPLE_TEAM_ID);
  try {
    await notarize({
      appPath,
      appleId: process.env.APPLE_ID,
      appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD,
      teamId: process.env.APPLE_TEAM_ID,
    });
    console.log('[Notarize] Notarization complete!');
  } catch (error) {
    console.error('[Notarize] Notarization failed:', error.message);
    console.error('[Notarize] Full error:', error);
    throw error;
  }
 };
Author	SHA1	Message	Date
sanasol	0aaf74a3db	fix: add verbose logging to notarize script for debugging Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 15:14:59 +01:00
sanasol	be78f67439	chore: update package-lock.json Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 15:04:13 +01:00
sanasol	d0b9ae1da8	ci: separate macOS release from main release job macOS notarization is slow (5-10 min). Now release is created immediately when Windows/Linux/Arch complete, and macOS uploads to the same release when notarization finishes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 15:01:57 +01:00
sanasol	e8105cb30e	feat: add macOS code signing and notarization support - Add entitlements.mac.plist for hardened runtime - Add notarize.js post-sign hook for Apple notarization - Update package.json with signing config and @electron/notarize dep - Update GitHub Actions workflow with signing secrets Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 14:48:40 +01:00
AMIAY	79456e43a6	Merge pull request #213 from amiayweb/fix/update-system-improvements	2026-01-28 03:14:05 +01:00