fix: resolve electron-builder signing error on GitHub Actions #14
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 30 | |
| strategy: | |
| matrix: | |
| # os: [ubuntu-latest, windows-latest, macos-latest] | |
| os: [macos-latest] | |
| env: | |
| CSC_IDENTITY_AUTO_DISCOVERY: "false" | |
| CSC_FOR_PULL_REQUEST: "true" | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Install native dependencies (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libnss3-dev libatk-bridge2.0-dev libdrm2 libxcomposite1 libxdamage1 libxrandr2 libgbm1 libxss1 libasound2-dev | |
| - name: Rebuild native dependencies | |
| run: npx electron-rebuild | |
| - name: Build application | |
| run: npm run dist | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Fix code signing (macOS) | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| # Re-sign all apps with consistent ad-hoc signature | |
| for APP in dist/mac*/Git\ Diff\ Viewer.app; do | |
| if [ -d "$APP" ]; then | |
| echo "Re-signing $APP with ad-hoc signature..." | |
| # Remove all existing signatures | |
| find "$APP" -type f -perm +111 -exec codesign --remove-signature {} \; 2>/dev/null || true | |
| # Sign with ad-hoc | |
| codesign --force --deep --sign - "$APP" | |
| # Verify | |
| codesign --verify --deep --verbose "$APP" | |
| fi | |
| done | |
| - name: Upload artifacts (macOS) | |
| if: matrix.os == 'macos-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: macos-build | |
| path: | | |
| dist/*.dmg | |
| dist/*.zip | |
| dist/*-mac.zip | |
| dist/*-mac-*.zip | |
| - name: Upload artifacts (Windows) | |
| if: matrix.os == 'windows-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-build | |
| path: | | |
| dist/*.exe | |
| dist/*.msi | |
| - name: Upload artifacts (Linux) | |
| if: matrix.os == 'ubuntu-latest' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: linux-build | |
| path: | | |
| dist/*.AppImage | |
| dist/*.deb | |
| dist/*.rpm | |
| dist/*.snap | |
| release: | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ./artifacts | |
| - name: Display structure of downloaded files | |
| run: ls -la artifacts/*/ | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| artifacts/**/*.dmg | |
| artifacts/**/*.zip | |
| artifacts/**/*.exe | |
| artifacts/**/*.msi | |
| artifacts/**/*.AppImage | |
| artifacts/**/*.deb | |
| artifacts/**/*.rpm | |
| artifacts/**/*.snap | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |