add mac notarization

.github/workflows/release.yml

@@ -54,4 +54,70 @@ jobs:
         asset_path: ./src/Aiplugs.PoshApp/bin/Desktop/latest.yml
         asset_name: latest.yml
         asset_content_type: text/yaml
-
+  mac:
+    runs-on: macos-latest
+    steps:
+    - name: Get plain tag name
+      id: gettagname
+      shell: pwsh
+      run: echo "::set-output name=tag_name::$("${{ github.event.release.tag_name }}".Substring(1))"
+    - uses: actions/checkout@v2
+    - name: Setup .NET Core
+      uses: actions/setup-dotnet@v1
+      with:
+        dotnet-version: 3.1.101
+        node-version: 14.x
+    - name: Build with dotnet
+      env:
+        APPLE_ID: ${{ secrets.APPLE_ID }}
+        APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+        CSC_LINK: ${{ secrets.CSC_LINK_MAC }}
+        CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD_MAC }}
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      working-directory: ./src/Aiplugs.PoshApp/
+      run: dotnet tool run electronize build /target osx
+    - name: Upload Release Asset1
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ github.event.release.upload_url }}
+        asset_path: ./src/Aiplugs.PoshApp/bin/Desktop/POSH App-${{ steps.gettagname.outputs.tag_name }}.dmg
+        asset_name: POSH-App-Setup-${{ steps.gettagname.outputs.tag_name }}.dmg
+        asset_content_type: application/octet-stream
+    - name: Upload Release Asset2
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ github.event.release.upload_url }}
+        asset_path: ./src/Aiplugs.PoshApp/bin/Desktop/POSH App-${{ steps.gettagname.outputs.tag_name }}.dmg.blockmap
+        asset_name: POSH-App-Setup-${{ steps.gettagname.outputs.tag_name }}.dmg.blockmap
+        asset_content_type: application/octet-stream
+    - name: Upload Release Asset3
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ github.event.release.upload_url }}
+        asset_path: ./src/Aiplugs.PoshApp/bin/Desktop/POSH App-${{ steps.gettagname.outputs.tag_name }}-mac.zip
+        asset_name: POSH-App-Setup-${{ steps.gettagname.outputs.tag_name }}-mac.zip
+        asset_content_type: application/octet-stream
+    - name: Upload Release Asset4
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ github.event.release.upload_url }}
+        asset_path: ./src/Aiplugs.PoshApp/bin/Desktop/POSH App-${{ steps.gettagname.outputs.tag_name }}-mac.zip.blockmap
+        asset_name: POSH-App-Setup-${{ steps.gettagname.outputs.tag_name }}-mac.zip.blockmap
+        asset_content_type: application/octet-stream
+    - name: Upload Release Asset5
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ github.event.release.upload_url }}
+        asset_path: ./src/Aiplugs.PoshApp/bin/Desktop/latest-mac.yml
+        asset_name: latest-mac.yml
+        asset_content_type: text/yaml

src/Aiplugs.PoshApp/ElectronHostHook/package.json

@@ -0,0 +1,12 @@
+{
+  "name": "electronhosthook",
+  "private": true,
+  "version": "1.0.0",
+  "description": "",
+  "scripts": {},
+  "author": "aiplugs",
+  "license": "ISC",
+  "devDependencies": {
+    "electron-notarize": "^0.3.0"
+  }
+}

src/Aiplugs.PoshApp/electron.manifest.json

@@ -8,16 +8,26 @@
     "appId": "com.aiplugs.poshapp",
     "productName": "POSH App",
     "copyright": "Copyright © 2019",
-    "buildVersion": "0.9.28",
+    "buildVersion": "0.9.29-beta",
     "compression": "maximum",
+    "generateUpdatesFilesForAllChannels": true,
     "directories": {
       "output": "../../../bin/Desktop"
     },
+    "afterSign": "../../../notarize.js",
     "win": {
       "icon": "./bin/wwwroot/icon/poshapp-icon-256x256.ico"
     },
     "mac": {
-      "icon": "./bin/wwwroot/icon/poshapp-icon-512x512.icns"
+      "icon": "./bin/wwwroot/icon/poshapp-icon-512x512.icns",
+      "hardenedRuntime" : true,
+      "gatekeeperAssess": false,
+      "entitlements": "../../../entitlements.mac.plist",
+      "entitlementsInherit": "../../../entitlements.mac.plist",
+      "binaries": ["../../../bin/Desktop/mac/POSH App.app/Contents/Resources/bin/Aiplugs.PoshApp"]
+    },
+    "dmg": {
+
     },
     "linux": {
       "icon": "./bin/wwwroot/icon/"

src/Aiplugs.PoshApp/entitlements.mac.plist

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+</dict>
+</plist>

src/Aiplugs.PoshApp/notarize.js

@@ -0,0 +1,34 @@
+const fs = require('fs');
+const path = require('path');
+var electron_notarize = require('./ElectronHostHook/node_modules/electron-notarize');
+
+module.exports = async function (params) {
+    // Only notarize the app on Mac OS only.
+    if (process.platform !== 'darwin') {
+        return;
+    }
+    console.log('afterSign hook triggered', params);
+
+    // Same appId in electron-builder.
+    let appId = 'com.aiplugs.poshapp'
+
+    let appPath = path.join(params.appOutDir, `${params.packager.appInfo.productFilename}.app`);
+    if (!fs.existsSync(appPath)) {
+        throw new Error(`Cannot find application at: ${appPath}`);
+    }
+
+    console.log(`Notarizing ${appId} found at ${appPath}`);
+
+    try {
+        await electron_notarize.notarize({
+            appBundleId: appId,
+            appPath: appPath,
+            appleId: process.env.APPLE_ID,
+            appleIdPassword: process.env.APPLE_ID_PASSWORD,
+        });
+    } catch (error) {
+        console.error(error);
+    }
+
+    console.log(`Done notarizing ${appId}`);
+};