fix: remove invalid CLI option from electron-builder command #11
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| # os: [ubuntu-latest, windows-latest, macos-latest] | |
| os: [macos-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Install native dependencies (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libnss3-dev libatk-bridge2.0-dev libdrm2 libxcomposite1 libxdamage1 libxrandr2 libgbm1 libxss1 libasound2-dev | |
| - name: Rebuild native dependencies | |
| run: npx electron-rebuild | |
| - name: Build application | |
| run: npm run dist | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CSC_IDENTITY_AUTO_DISCOVERY: false | |
| - name: Ad-hoc sign macOS app | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| # Process each architecture separately | |
| for ARCH_DIR in dist/mac dist/mac-arm64; do | |
| if [ -d "$ARCH_DIR" ]; then | |
| APP_PATH="$ARCH_DIR/Git Diff Viewer.app" | |
| if [ -d "$APP_PATH" ]; then | |
| echo "Processing app at: $APP_PATH" | |
| # Remove extended attributes | |
| xattr -cr "$APP_PATH" | |
| # Remove all existing signatures | |
| find "$APP_PATH" -type f -perm +111 -exec codesign --remove-signature {} \; 2>/dev/null || true | |
| find "$APP_PATH" -name "*.dylib" -exec codesign --remove-signature {} \; 2>/dev/null || true | |
| find "$APP_PATH" -name "*.framework" -exec codesign --remove-signature {} \; 2>/dev/null || true | |
| find "$APP_PATH" -name "*.app" -exec codesign --remove-signature {} \; 2>/dev/null || true | |
| # Sign in correct order: frameworks first | |
| if [ -d "$APP_PATH/Contents/Frameworks" ]; then | |
| find "$APP_PATH/Contents/Frameworks" -name "*.framework" -type d | while read -r framework; do | |
| echo "Signing framework: $framework" | |
| codesign --force --deep --sign - "$framework" | |
| done | |
| fi | |
| # Sign helper apps (they are inside Frameworks directory) | |
| if [ -d "$APP_PATH/Contents/Frameworks" ]; then | |
| find "$APP_PATH/Contents/Frameworks" -name "*.app" -type d | while read -r helper; do | |
| echo "Signing helper app: $helper" | |
| codesign --force --deep --sign - "$helper" | |
| done | |
| fi | |
| # Sign all libraries | |
| find "$APP_PATH" -name "*.dylib" -o -name "*.so" | while read -r lib; do | |
| echo "Signing library: $lib" | |
| codesign --force --sign - "$lib" | |
| done | |
| # Sign main executable | |
| MAIN_EXEC="$APP_PATH/Contents/MacOS/Git Diff Viewer" | |
| if [ -f "$MAIN_EXEC" ]; then | |
| echo "Signing main executable: $MAIN_EXEC" | |
| codesign --force --sign - "$MAIN_EXEC" | |
| fi | |
| # Finally sign the main app bundle | |
| echo "Signing main app bundle: $APP_PATH" | |
| codesign --force --deep --sign - "$APP_PATH" | |
| # Verify | |
| echo "Verifying signature..." | |
| codesign --verify --deep --verbose "$APP_PATH" | |
| # Additional verification | |
| spctl -a -t open --context context:primary-signature -v "$APP_PATH" 2>&1 || echo "Gatekeeper check failed (expected for ad-hoc signing)" | |
| fi | |
| fi | |
| done | |
| - name: Upload artifacts (macOS) | |
| if: matrix.os == 'macos-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: macos-build | |
| path: | | |
| dist/*.dmg | |
| dist/*.zip | |
| dist/*-mac.zip | |
| dist/*-mac-*.zip | |
| - name: Upload artifacts (Windows) | |
| if: matrix.os == 'windows-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-build | |
| path: | | |
| dist/*.exe | |
| dist/*.msi | |
| - name: Upload artifacts (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: linux-build | |
| path: | | |
| dist/*.AppImage | |
| dist/*.deb | |
| dist/*.rpm | |
| dist/*.snap | |
| release: | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ./artifacts | |
| - name: Display structure of downloaded files | |
| run: ls -la artifacts/*/ | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| artifacts/**/*.dmg | |
| artifacts/**/*.zip | |
| artifacts/**/*.exe | |
| artifacts/**/*.msi | |
| artifacts/**/*.AppImage | |
| artifacts/**/*.deb | |
| artifacts/**/*.rpm | |
| artifacts/**/*.snap | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |