Notarize macOS builds

1.0.10

Fix build variables

1.0.11

Remove teamID to fix notarization

1.0.12

Fix notarization option again

Sorry folks, this isn't well documented.

1.0.13

Add hardenedRuntime option to macOS

1.0.14

Fix patch app-builder-lib with a working API notarization path

Author: bcomnes

.github/workflows/release.yml

@@ -4,11 +4,11 @@ on:
   workflow_dispatch:
     inputs:
       newversion:
-        description: 'npm version {major,minor,patch}'
+        description: "npm version {major,minor,patch}"
         required: true
 
 env:
-  node_version: 'lts/*'
+  node_version: "lts/*"
   FORCE_COLOR: 1
 
 concurrency: # prevent concurrent releases
@@ -75,13 +75,22 @@ jobs:
       if: matrix.os != 'macos-latest'
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # built in actions token.  Passed tp gh-release if in use.
+    - name: Prep signing files
+      if: matrix.os == 'macos-latest'
+      run: |
+        echo "$APPLE_API_KEY_B64" | base64 -d > /tmp/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8
+      env:
+        APPLE_API_KEY_B64: ${{ secrets.APPLE_API_KEY_B64 }}
     - name: Build signed
       run: npm run pkg
       if: matrix.os == 'macos-latest'
       env:
         CSC_LINK: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION }}
         CSC_KEY_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APPLICATION_PASSWORD }}
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # built in actions token.  Passed tp gh-release if in use.
+        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+        APPLE_API_KEY: "/tmp/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8"
     - name: Archive lockfile
       uses: actions/upload-artifact@v4
       with:

.npmrc

@@ -0,0 +1 @@
+package-lock=true

CHANGELOG.md

@@ -7,7 +7,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
-## [v1.0.9](https://github.com/hypermodules/hyperamp/compare/v1.0.8...v1.0.9)
+## [v1.0.14](https://github.com/hypermodules/hyperamp/compare/v1.0.13...v1.0.14)
+
+### Commits
+
+- Add hardenedRuntime option to macOS [`9d45ba6`](https://github.com/hypermodules/hyperamp/commit/9d45ba649c8f62807bb7bbe8db150fcf3d2ef1b9)
+
+## [v1.0.13](https://github.com/hypermodules/hyperamp/compare/v1.0.12...v1.0.13) - 2023-12-19
+
+### Commits
+
+- Fix notarization option again [`cf30c80`](https://github.com/hypermodules/hyperamp/commit/cf30c80c539a2739dde68c0bdff5f014b5b82668)
+
+## [v1.0.12](https://github.com/hypermodules/hyperamp/compare/v1.0.11...v1.0.12) - 2023-12-19
+
+### Commits
+
+- Remove teamID to fix notarization [`277b598`](https://github.com/hypermodules/hyperamp/commit/277b5988adfb39b4deb413c40a818336588ee081)
+
+## [v1.0.11](https://github.com/hypermodules/hyperamp/compare/v1.0.10...v1.0.11) - 2023-12-19
+
+### Commits
+
+- Fix build variables [`acaac28`](https://github.com/hypermodules/hyperamp/commit/acaac28b28a599fcfec2d0fb372dbce9dd784075)
+
+## [v1.0.10](https://github.com/hypermodules/hyperamp/compare/v1.0.9...v1.0.10) - 2023-12-18
+
+### Commits
+
+- Notarize macOS builds [`ce59f1a`](https://github.com/hypermodules/hyperamp/commit/ce59f1a983f5d777b5e0113e9cafc28a951c5716)
+
+## [v1.0.9](https://github.com/hypermodules/hyperamp/compare/v1.0.8...v1.0.9) - 2023-12-17
 
 ### Merged
 

package.json

@@ -27,6 +27,9 @@
     ],
     "mac": {
       "category": "public.app-category.music",
+      "appId": "com.hypermodules.hyperamp",
+      "notarize": true,
+      "hardenedRuntime": true,
       "target": [
         {
           "target": "dmg",
@@ -95,6 +98,7 @@
     "nanobus": "^4.4.0",
     "nanocomponent": "^6.5.2",
     "nanologger": "^2.0.0",
+    "patch-package": "^8.0.0",
     "pump": "^3.0.0",
     "through2-filter": "^3.0.0",
     "xtend": "^4.0.2"
@@ -108,7 +112,6 @@
     "bundle-collapser": "^1.3.0",
     "common-shakeify": "^1.1.2",
     "concat-stream": "^2.0.0",
-    "dependency-check": "^4.1.0",
     "electron": "^28.0.0",
     "electron-builder": "^24.4.0",
     "electron-renderify": "0.0.2",
@@ -158,7 +161,6 @@
     "start": "run-s watch",
     "test": "run-s test:*",
     "test-skip:tape": "xvfb-maybe tape test/* | tap-format-spec",
-    "test:deps": "dependency-check ./package.json renderer/player/index.js renderer/audio/index.js --no-dev --ignore-module electron",
     "test:lint": "standard | snazzy",
     "test:main": "tape main/lib/**/test.js | tap-format-spec",
     "test:renderer": "tape renderer/**/test.js | tap-format-spec",
@@ -168,6 +170,7 @@
     "version": "run-s version:*",
     "version:changelog": "auto-changelog -p --template keepachangelog auto-changelog --breaking-pattern 'BREAKING CHANGE:'",
     "version:git": "git add CHANGELOG.md",
-    "release": "git push --follow-tags && gh-release -y"
+    "release": "git push --follow-tags && gh-release -y",
+    "postinstall": "patch-package"
   }
 }

patches/app-builder-lib+24.9.1.patch

@@ -0,0 +1,13 @@
+diff --git a/node_modules/app-builder-lib/out/macPackager.js b/node_modules/app-builder-lib/out/macPackager.js
+index 98ca598..107a786 100644
+--- a/node_modules/app-builder-lib/out/macPackager.js
++++ b/node_modules/app-builder-lib/out/macPackager.js
+@@ -459,7 +459,7 @@ class MacPackager extends platformPackager_1.PlatformPackager {
+             return proj;
+         }
+         const { teamId } = options;
+-        if (teamId && (legacyLogin || notaryToolLogin)) {
++        if ((teamId || options === true) && (legacyLogin || notaryToolLogin)) {
+             const proj = {
+                 appPath,
+                 ...(legacyLogin !== null && legacyLogin !== void 0 ? legacyLogin : notaryToolLogin),