karaggeorge / electron-builder-notarize Goto Github PK

View Code? Open in Web Editor NEW

79.0 79.0 20.0 41 KB

Notarize Electron applications using electron-builder

License: MIT License

JavaScript 100.00%

electron-builder-notarize's Introduction

electron-builder-notarize

Notarize Electron applications using electron-builder

For more details regarding the options and functionality: https://github.com/electron/electron-notarize

Install

# npm
npm i electron-builder-notarize --save-dev

# yarn
yarn add electron-builder-notarize --dev

Usage

In your electron-builder config:

{
	...
	"afterSign": "electron-builder-notarize",
	"mac": {
		...
		"hardenedRuntime": true,
		"entitlements": "./node_modules/electron-builder-notarize/entitlements.mac.inherit.plist",
	}
}

You can replace the entitlements file with your own, as long as those properties are included as well.

You will also need to authenticate yourself, either with your Apple ID or using an API key. This is done by setting the corresponding environment variables.

If for some reason the script can't locate your project's appId, you can specify it using the APP_ID environment variable.

Using `notarytool`

In order to use notarytool for notarization, XCode 13 or later is required

Authentication methods:

username and password
- APPLE_ID String - The username of your apple developer account
- APPLE_ID_PASSWORD String - The app-specific password (not your Apple ID password).
- APPLE_TEAM_ID String - The team ID you want to notarize under.
apiKey with apiIssuer:
- APPLE_API_KEY String - Required for JWT authentication. See Note on JWT authentication below.
- APPLE_API_KEY_ID String - Required for JWT authentication. See Note on JWT authentication below.
- APPLE_API_KEY_ISSUER String - Issuer ID. Required if APPLE_API_KEY is specified.
keychain with keychainProfile:
- APPLE_KEYCHAIN String - The name of the keychain or path to the keychain you stored notarization credentials in.
- APPLE_KEYCHAIN_PROFILE String - The name of the profile you provided when storing notarization credentials.

Using Legacy

General options:

TEAM_SHORT_NAME String - Your Team Short Name.

Authentication methods:

username and password
- APPLE_ID String - The username of your apple developer account
- APPLE_ID_PASSWORD String - The app-specific password (not your Apple ID password).
apiKey with apiIssuer
- APPLE_API_KEY String - Required for JWT authentication. See Note on JWT authentication below.
- APPLE_API_KEY_ISSUER String - Issuer ID. Required if APPLE_API_KEY is specified.

Multiple Teams

If your developer account is a member of multiple teams or organizations, you might see an error. In this case, you need to provide your Team Short Name as an environment variable:

export TEAM_SHORT_NAME=XXXXXXXXX

Credits

This package is inspired by this article

The library used for notarization: https://github.com/electron/electron-notarize

License

MIT

electron-builder-notarize's People

Contributors

Stargazers

Watchers

electron-builder-notarize's Issues

The "data" argument must be of type string or ...

This problem only shows up if I use GitHub Actions
I have now checked the build according to the instructions from this repository - everything works
Maybe the problem is not here - but I hope for help, because I can't find a solution yet. Thanks!

Start notarizing app.pocketnet.gui found at ...
  ⨯ The "data" argument must be of type string or an instance of Buffer, TypedArray, or DataView. Received an instance of Error  failedTask=build stackTrace=TypeError [ERR_INVALID_ARG_TYPE]: The "data" argument must be of type string or an instance of Buffer, TypedArray, or DataView. Received an instance of Error

I followed these instructions
https://github.com/samuelmeuli/action-electron-builder#notarization
https://samuelmeuli.com/blog/2019-12-28-notarizing-your-electron-app

My build.yml:

name: Build Desktop App

on:
  push:
    #tags: v*.*.*

jobs:
  release:
    runs-on: ${{ matrix.os }}

    strategy:
      matrix:
        os: [macos-latest] # , ubuntu-latest, windows-latest

    steps:
      - name: Check out Git repository
        uses: actions/checkout@v1

      - name: Install Node.js, NPM and Yarn
        uses: actions/setup-node@v1
        with:
          node-version: 14

      - name: Prepare for app notarization
        if: startsWith(matrix.os, 'macos')
        run: |
          mkdir -p ~/private_keys/
          echo '${{ secrets.APPLE_API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY_ID }}.p8

      - name: Build/release Electron app
        uses: samuelmeuli/action-electron-builder@v1
        with:
          github_token: ${{ secrets.release_token }}
          release: ${{ startsWith(github.ref, 'refs/tags/v') }}
          mac_certs: ${{ secrets.mac_certs }}
          mac_certs_password: ${{ secrets.mac_certs_password }}
        env:
          # TEAM_SHORT_NAME: ${{ secrets.apple_team_short_name }}
          # APPLE_ID: ${{ secrets.apple_id }}
          # APPLE_ID_PASSWORD: ${{ secrets.apple_id_password }}
          API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
          API_KEY_ISSUER_ID: ${{ secrets.APPLE_API_KEY_ISSUER_ID }}

is this possible to support .env as environment?

I want to add appid and appidpwd to my private repo by .env file.

# .env
APPLE_ID[email protected]
APPLE_ID_PASSWORD=xxxx-xxxx-xxxx-xxxx

So it can be shared between my devices.

But it seems that it don't recognize .env file.

Is it possible to support .env file as environment?

upgrade dependency to @electron/notarize

Fails to run when using an alpha version of electron-builder

Running yarn check returns 1 error:
error "electron-builder-notarize#electron-builder@>= 20.44.4" doesn't satisfy found match of "[email protected]"

It works for newer versions than v20.44.4, so it only doesn't work for alpha releases.

Update to support new Xcode 13 notarytool

[email protected]
feat: add support for the new Xcode 13 notarytool

Please update your dependencies

How to enable notarytool

Building packages works, but I get a "notarytool not found, trying legacy."

Notarytool is available: xcrun --find notarytool
/Applications/Xcode.app/Contents/Developer/usr/bin/notarytool

I call build via

API_KEY_ID="xxxx" API_KEY_ISSUER_ID="xxxxxx" npm run dist

And package.json has

"afterSign": "electron-builder-notarize",
"mac": {
  "hardenedRuntime": true,
  "target": "dmg",
  "category": "public.app-category.utilities",
  "icon": "allsizes.icns",
  "entitlements": "./build/entitlements.mac.plist",
  "entitlementsInherit": "./build/entitlements.mac.plist"
},

If you run electron-builder from the vue-cli notarizing fails

electron-builder-notarize looks for the appId in package.json/build/appId.

If you are running electron-builder via vue-cli-electron-builder, the configuration for the builder is instead stored in vue.config.js.

electron-builder-notarize should get the appId from electron-builder directly.

A workaround for now is to add the appId to build in package.json

Env variable name validation error

When following this project's readme on setting the environment variables, electron-builder would throwing the following error, and the whole build fails.

Env vars APPLE_API_KEY, APPLE_API_KEY_ID and APPLE_API_ISSUER need to be set

The root cause is the inconsistent env variable names. This project requires APPLE_API_KEY_ISSUER but electron-builder validate against APPLE_API_ISSUER. Either one of them need change.

https://github.com/karaggeorge/electron-builder-notarize/blame/4dde50bfd63b45157bf2058fc0366d8f59ce115f/validate.js#L13

https://github.com/electron-userland/electron-builder/blob/fa6fc16040a93c6ee751a7a27ab6eeb1dbdd31a7/packages/app-builder-lib/src/macPackager.ts#L537

Issue with notarizing mac app

I've followed the suggested https://samuelmeuli.com/blog/2019-12-28-notarizing-your-electron-app/ but i get this error message when i run the action

1 package(s) were not uploaded because they had problems:
/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/78531E4D-1455-4F9C-9521-317FDF135F4A/io.COMPNAME.APPNAME.itmsp - Error Messages:
Your Apple ID account is attached to other providers. You will need to specify which provider you intend to submit content to. Please contact us if you have questions or need help. (1627)
2021-09-16 12:59:23.519 altool[4569:16603] *** Error: Unable to notarize app.
2021-09-16 12:59:23.519 altool[4569:16603] *** Error: code 1627 (Your Apple ID account is attached to other providers. You will need to specify which provider you intend to submit content to. Please contact us if you have questions or need help. (1627))

Apple cannot check it for malicious software

Packages used:

    "electron-builder": "^22.9.1",
    "electron-builder-notarize": "^1.2.0",

Tested OS'es:
macOS 10.13.6 - fine, no issues
macOS 10.15.6 - fine, no issues
macOS 10.15.7 - warning of:

"app" can't be opened because Apple cannot check it for malicious software. 
This software needs to be updated. Contact the developer for more information.

Trying to figure out what has changed in 10.15.7 which breaks the process, but not sure at the moment. Anyone else experiencing same issue?

no such file or directory, open 'builder-effective-config.yaml'

I'm not totally sure if this is a bug or that I misconfigured something. Locally notarize runs fine but in github actions I'm experience an issue that results in a missing builder-effective-config.yaml.
See the full log here: https://github.com/ruudboon/tally-blaster/runs/854966767?check_suite_focus=true#step:8:170

API key support

Thank you for this library, @karaggeorge!

It would be nice if the tool would support the appleApiKey and appleApiIssuer parameters of the electron-notarize package, i.e. if their values could be provided as environment variables as an alternative to the Apple ID credentials.

Please let me know if you're open to this feature, I could work on a PR :)