@@ -38,52 +38,71 @@ jobs:
3838 run : npx electron-rebuild
3939
4040 - name : Build application
41- run : npm run dist
41+ run : npm run dist -- --mac.identity=null
4242 env :
4343 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
4444 CSC_IDENTITY_AUTO_DISCOVERY : false
4545
4646 - name : Ad-hoc sign macOS app
4747 if : matrix.os == 'macos-latest'
4848 run : |
49- # Find all .app bundles
50- find dist -name "*.app" -type d | while read -r APP_PATH; do
51- echo "Ad-hoc signing: $APP_PATH"
52-
53- # Remove extended attributes
54- xattr -cr "$APP_PATH"
55-
56- # Remove existing signatures
57- find "$APP_PATH" -type f -perm +111 -exec codesign --remove-signature {} \; 2>/dev/null || true
58- find "$APP_PATH" -name "*.dylib" -exec codesign --remove-signature {} \; 2>/dev/null || true
59- find "$APP_PATH" -name "*.framework" -exec codesign --remove-signature {} \; 2>/dev/null || true
60- find "$APP_PATH" -name "*.app" -exec codesign --remove-signature {} \; 2>/dev/null || true
61-
62- # Sign frameworks
63- find "$APP_PATH/Contents/Frameworks" -name "*.framework" -type d | while read -r framework; do
64- codesign --force --deep --sign - "$framework"
65- done
66-
67- # Sign helper apps
68- find "$APP_PATH/Contents" -name "*.app" -type d -not -path "$APP_PATH" | while read -r helper; do
69- codesign --force --deep --sign - "$helper"
70- done
71-
72- # Sign libraries
73- find "$APP_PATH" -name "*.dylib" -o -name "*.so" | while read -r lib; do
74- codesign --force --sign - "$lib"
75- done
76-
77- # Sign executables
78- find "$APP_PATH" -type f -perm +111 | while read -r exe; do
79- codesign --force --sign - "$exe" 2>/dev/null || true
80- done
81-
82- # Sign main app
83- codesign --force --deep --sign - "$APP_PATH"
84-
85- # Verify
86- codesign --verify --deep --verbose "$APP_PATH" || echo "Verification warning (expected for ad-hoc signing)"
49+ # Process each architecture separately
50+ for ARCH_DIR in dist/mac dist/mac-arm64; do
51+ if [ -d "$ARCH_DIR" ]; then
52+ APP_PATH="$ARCH_DIR/Git Diff Viewer.app"
53+ if [ -d "$APP_PATH" ]; then
54+ echo "Processing app at: $APP_PATH"
55+
56+ # Remove extended attributes
57+ xattr -cr "$APP_PATH"
58+
59+ # Remove all existing signatures
60+ find "$APP_PATH" -type f -perm +111 -exec codesign --remove-signature {} \; 2>/dev/null || true
61+ find "$APP_PATH" -name "*.dylib" -exec codesign --remove-signature {} \; 2>/dev/null || true
62+ find "$APP_PATH" -name "*.framework" -exec codesign --remove-signature {} \; 2>/dev/null || true
63+ find "$APP_PATH" -name "*.app" -exec codesign --remove-signature {} \; 2>/dev/null || true
64+
65+ # Sign in correct order: frameworks first
66+ if [ -d "$APP_PATH/Contents/Frameworks" ]; then
67+ find "$APP_PATH/Contents/Frameworks" -name "*.framework" -type d | while read -r framework; do
68+ echo "Signing framework: $framework"
69+ codesign --force --deep --sign - "$framework"
70+ done
71+ fi
72+
73+ # Sign helper apps (they are inside Frameworks directory)
74+ if [ -d "$APP_PATH/Contents/Frameworks" ]; then
75+ find "$APP_PATH/Contents/Frameworks" -name "*.app" -type d | while read -r helper; do
76+ echo "Signing helper app: $helper"
77+ codesign --force --deep --sign - "$helper"
78+ done
79+ fi
80+
81+ # Sign all libraries
82+ find "$APP_PATH" -name "*.dylib" -o -name "*.so" | while read -r lib; do
83+ echo "Signing library: $lib"
84+ codesign --force --sign - "$lib"
85+ done
86+
87+ # Sign main executable
88+ MAIN_EXEC="$APP_PATH/Contents/MacOS/Git Diff Viewer"
89+ if [ -f "$MAIN_EXEC" ]; then
90+ echo "Signing main executable: $MAIN_EXEC"
91+ codesign --force --sign - "$MAIN_EXEC"
92+ fi
93+
94+ # Finally sign the main app bundle
95+ echo "Signing main app bundle: $APP_PATH"
96+ codesign --force --deep --sign - "$APP_PATH"
97+
98+ # Verify
99+ echo "Verifying signature..."
100+ codesign --verify --deep --verbose "$APP_PATH"
101+
102+ # Additional verification
103+ spctl -a -t open --context context:primary-signature -v "$APP_PATH" 2>&1 || echo "Gatekeeper check failed (expected for ad-hoc signing)"
104+ fi
105+ fi
87106 done
88107
89108 - name : Upload artifacts (macOS)
0 commit comments