diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b6a7a74..2648e63 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,6 +38,14 @@ jobs: - run: npm ci - name: Build macOS Packages + env: + # Code signing + CSC_LINK: ${{ secrets.CSC_LINK }} + CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} + # Notarization + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} + APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} run: npx electron-builder --mac --publish never - uses: actions/upload-artifact@v4 with: @@ -45,6 +53,7 @@ jobs: path: | dist/*.dmg dist/*.zip + dist/*.blockmap dist/latest-mac.yml build-linux: diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist new file mode 100644 index 0000000..e7b78d2 --- /dev/null +++ b/build/entitlements.mac.plist @@ -0,0 +1,18 @@ + + + + + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-unsigned-executable-memory + + com.apple.security.cs.disable-library-validation + + com.apple.security.network.client + + com.apple.security.network.server + + com.apple.security.files.user-selected.read-write + + + diff --git a/package.json b/package.json index 91ae8b5..a2a3d35 100644 --- a/package.json +++ b/package.json @@ -104,7 +104,12 @@ ], "icon": "build/icon.icns", "artifactName": "${name}_${version}_${arch}.${ext}", - "category": "public.app-category.games" + "category": "public.app-category.games", + "hardenedRuntime": true, + "gatekeeperAssess": false, + "entitlements": "build/entitlements.mac.plist", + "entitlementsInherit": "build/entitlements.mac.plist", + "notarize": true }, "nsis": { "oneClick": false,