diff --git a/.github/workflows/macos_ci.yml b/.github/workflows/macos_ci.yml
--- a/.github/workflows/macos_ci.yml
+++ b/.github/workflows/macos_ci.yml
@@ -24,11 +24,13 @@
env:
MACOS_BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_BUILD_CERTIFICATE_BASE64 }}
MACOS_BUILD_P12_PASSWORD: ${{ secrets.MACOS_BUILD_P12_PASSWORD }}
+ MACOS_PROVISIONPROFILE_BASE64: ${{ secrets.MACOS_PROVISIONPROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+ PROVISIONPROFILE_PATH=$GITHUB_WORKSPACE/desktop/macOS_App_Provisioning_Profile.provisionprofile
# import certificate from secrets
echo -n "$MACOS_BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
@@ -42,6 +44,8 @@
security import $CERTIFICATE_PATH -P "$MACOS_BUILD_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
+ # import provisioning profile from secrets
+ echo -n "$MACOS_PROVISIONPROFILE_BASE64" | base64 --decode --output $PROVISIONPROFILE_PATH
- name: sudo ./install_protobuf.sh
working-directory: ./scripts
run: sudo ./install_protobuf.sh
diff --git a/.gitignore b/.gitignore
--- a/.gitignore
+++ b/.gitignore
@@ -44,3 +44,4 @@
desktop/out/
desktop/assets/
desktop/dist/
+desktop/*.provisionprofile
diff --git a/desktop/entitlements-dev.plist b/desktop/entitlements-dev.plist
new file mode 100644
--- /dev/null
+++ b/desktop/entitlements-dev.plist
@@ -0,0 +1,24 @@
+
+
+
+
+ com.apple.application-identifier
+ H98Y8MH53M.app.comm.macos
+ com.apple.developer.aps-environment
+ development
+ com.apple.security.cs.allow-jit
+
+ com.apple.security.device.audio-input
+
+ com.apple.security.device.bluetooth
+
+ com.apple.security.device.camera
+
+ com.apple.security.device.print
+
+ com.apple.security.device.usb
+
+ com.apple.security.personal-information.location
+
+
+
diff --git a/desktop/entitlements.plist b/desktop/entitlements.plist
new file mode 100644
--- /dev/null
+++ b/desktop/entitlements.plist
@@ -0,0 +1,24 @@
+
+
+
+
+ com.apple.application-identifier
+ H98Y8MH53M.app.comm.macos
+ com.apple.developer.aps-environment
+ production
+ com.apple.security.cs.allow-jit
+
+ com.apple.security.device.audio-input
+
+ com.apple.security.device.bluetooth
+
+ com.apple.security.device.camera
+
+ com.apple.security.device.print
+
+ com.apple.security.device.usb
+
+ com.apple.security.personal-information.location
+
+
+
diff --git a/desktop/forge.config.cjs b/desktop/forge.config.cjs
--- a/desktop/forge.config.cjs
+++ b/desktop/forge.config.cjs
@@ -57,14 +57,44 @@
}
}
+const optionsForFile = filePath => {
+ const entitlements =
+ process.env?.ENV === 'dev'
+ ? 'entitlements-dev.plist'
+ : 'entitlements.plist';
+
+ const basename = path.basename(filePath);
+ if (basename === 'Comm' || basename === 'Comm.app') {
+ return { entitlements };
+ }
+
+ return {};
+};
+
const signingOptions = {
packagerMacos: {},
makerMacos: {},
makerWindows: {},
};
-if (process.env?.ENV !== 'dev') {
+if (process.env?.ENV === 'dev') {
+ if (fs.existsSync('macOS_App_Development_Profile.provisionprofile')) {
+ signingOptions.packagerMacos = {
+ osxSign: {
+ identity: 'Development',
+ preEmbedProvisioningProfile: true,
+ provisioningProfile: 'macOS_App_Development_Profile.provisionprofile',
+ optionsForFile,
+ },
+ };
+ }
+} else {
signingOptions.packagerMacos = {
- osxSign: { identity: 'Developer ID Application' },
+ osxSign: {
+ identity: 'Developer ID Application',
+ preEmbedProvisioningProfile: true,
+ provisioningProfile: 'macOS_App_Provisioning_Profile.provisionprofile',
+ optionsForFile,
+ },
osxNotarize: {
tool: 'notarytool',
appleId: process.env?.APPLE_USER_NAME,