From b1a6dec9b5f22faca52996a11042c01c5b520b12 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Sat, 26 Aug 2023 16:32:03 +0100 Subject: [PATCH] desktop (mac): signing and notarization (#2981) * mac: signing and notarization * updated example * updated action * update build script * move mac CI script to file --------- Co-authored-by: Avently <7953703+avently@users.noreply.github.com> --- .github/workflows/build.yml | 4 +--- apps/multiplatform/build.gradle.kts | 14 ++++++++++++-- apps/multiplatform/desktop/build.gradle.kts | 17 +++++++++++++++++ apps/multiplatform/local.properties.example | 10 ++++++++++ scripts/desktop/build-desktop-mac-ci.sh | 16 ++++++++++++++++ 5 files changed, 56 insertions(+), 5 deletions(-) create mode 100644 apps/multiplatform/local.properties.example create mode 100755 scripts/desktop/build-desktop-mac-ci.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1ac690d22..09412eee5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -167,9 +167,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') && matrix.os == 'macos-latest' shell: bash run: | - scripts/desktop/build-lib-mac.sh - cd apps/multiplatform - ./gradlew packageDmg + scripts/desktop/build-desktop-mac-ci.sh echo "::set-output name=package_path::$(echo $PWD/release/main/dmg/SimpleX-*.dmg)" - name: Linux upload desktop package to release diff --git a/apps/multiplatform/build.gradle.kts b/apps/multiplatform/build.gradle.kts index bd5da47a1..5e0ae5eb4 100644 --- a/apps/multiplatform/build.gradle.kts +++ b/apps/multiplatform/build.gradle.kts @@ -1,6 +1,5 @@ -import org.gradle.initialization.Environment.Properties import java.io.File -import java.io.FileInputStream +import java.util.* buildscript { val prop = java.util.Properties().apply { @@ -26,6 +25,17 @@ buildscript { extra.set("compression.level", (prop["compression.level"] as String?)?.toIntOrNull() ?: 0) // NOTE: If you need a different version of something, provide it in `local.properties` // like so: compose.version=123, or gradle.plugin.version=1.2.3, etc + + + /** Mac signing and notarization */ + // You can specify `compose.desktop.mac.*` keys and values from the right side of the command in `$HOME/.gradle/gradle.properties`. + // This will be project-independent setup without requiring to have `local.properties` file + extra.set("desktop.mac.signing.identity", prop["desktop.mac.signing.identity"] ?: extra["compose.desktop.mac.signing.identity"]) + extra.set("desktop.mac.signing.keychain", prop["desktop.mac.signing.keychain"] ?: extra["compose.desktop.mac.signing.keychain"]) + extra.set("desktop.mac.notarization.apple_id", prop["desktop.mac.notarization.apple_id"] ?: extra["compose.desktop.mac.notarization.appleID"]) + extra.set("desktop.mac.notarization.password", prop["desktop.mac.notarization.password"] ?: extra["compose.desktop.mac.notarization.password"]) + extra.set("desktop.mac.notarization.team_id", prop["desktop.mac.notarization.team_id"] ?: extra["compose.desktop.mac.notarization.ascProvider"]) + repositories { google() mavenCentral() diff --git a/apps/multiplatform/desktop/build.gradle.kts b/apps/multiplatform/desktop/build.gradle.kts index 1d463a9de..dc4aa89fb 100644 --- a/apps/multiplatform/desktop/build.gradle.kts +++ b/apps/multiplatform/desktop/build.gradle.kts @@ -65,6 +65,23 @@ compose { iconFile.set(project.file("src/jvmMain/resources/distribute/simplex.icns")) appCategory = "public.app-category.social-networking" bundleID = "chat.simplex.app" + val identity = rootProject.extra["desktop.mac.signing.identity"] as String? + val keychain = rootProject.extra["desktop.mac.signing.keychain"] as String? + val appleId = rootProject.extra["desktop.mac.notarization.apple_id"] as String? + val password = rootProject.extra["desktop.mac.notarization.password"] as String? + val teamId = rootProject.extra["desktop.mac.notarization.team_id"] as String? + if (identity != null && keychain != null && appleId != null && password != null) { + signing { + sign.set(true) + this.identity.set(identity) + this.keychain.set(keychain) + } + notarization { + this.appleID.set(appleId) + this.password.set(password) + this.ascProvider.set(teamId) + } + } } val os = System.getProperty("os.name", "generic").toLowerCaseAsciiOnly() if (os.contains("mac") || os.contains("win")) { diff --git a/apps/multiplatform/local.properties.example b/apps/multiplatform/local.properties.example new file mode 100644 index 000000000..8fa9a4796 --- /dev/null +++ b/apps/multiplatform/local.properties.example @@ -0,0 +1,10 @@ +compression.level=0 +enable_debuggable=true +application_id.suffix=.debug +app.name=SimpleX Debug + +#desktop.mac.signing.identity=SimpleX Chat Ltd +#desktop.mac.signing.keychain=/path/to/simplex.keychain +#desktop.mac.notarization.apple_id=example@example.com +#desktop.mac.notarization.password=12345678 +#desktop.mac.notarization.team_id=XXXXXXXXXX diff --git a/scripts/desktop/build-desktop-mac-ci.sh b/scripts/desktop/build-desktop-mac-ci.sh new file mode 100755 index 000000000..d11dfccb5 --- /dev/null +++ b/scripts/desktop/build-desktop-mac-ci.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -e + +trap "rm apps/multiplatform/local.properties; rm /tmp/simplex.keychain" EXIT +echo "desktop.mac.signing.identity=Developer ID Application: SimpleX Chat Ltd (5NN7GUYB6T)" >> apps/multiplatform/local.properties +echo "desktop.mac.signing.keychain=/tmp/simplex.keychain" >> apps/multiplatform/local.properties +echo "desktop.mac.notarization.apple_id=$APPLE_SIMPLEX_NOTARIZATION_APPLE_ID" >> apps/multiplatform/local.properties +echo "desktop.mac.notarization.password=$APPLE_SIMPLEX_NOTARIZATION_PASSWORD" >> apps/multiplatform/local.properties +echo "desktop.mac.notarization.team_id=5NN7GUYB6T" >> apps/multiplatform/local.properties +echo "$APPLE_SIMPLEX_SIGNING_KEYCHAIN" | base64 --decode - > /tmp/simplex.keychain + +scripts/desktop/build-lib-mac.sh +cd apps/multiplatform +./gradlew packageDmg +./gradlew notarizeDmg