Skip to content

fix: resolve electron-builder signing error on GitHub Actions #14

fix: resolve electron-builder signing error on GitHub Actions

fix: resolve electron-builder signing error on GitHub Actions #14

name: Build and Release
on:
push:
tags:
- 'v*'
workflow_dispatch:
jobs:
build:
runs-on: ${{ matrix.os }}
timeout-minutes: 30
strategy:
matrix:
# os: [ubuntu-latest, windows-latest, macos-latest]
os: [macos-latest]
env:
CSC_IDENTITY_AUTO_DISCOVERY: "false"
CSC_FOR_PULL_REQUEST: "true"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Install native dependencies (Linux)
if: matrix.os == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install -y libnss3-dev libatk-bridge2.0-dev libdrm2 libxcomposite1 libxdamage1 libxrandr2 libgbm1 libxss1 libasound2-dev
- name: Rebuild native dependencies
run: npx electron-rebuild
- name: Build application
run: npm run dist
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Fix code signing (macOS)
if: matrix.os == 'macos-latest'
run: |
# Re-sign all apps with consistent ad-hoc signature
for APP in dist/mac*/Git\ Diff\ Viewer.app; do
if [ -d "$APP" ]; then
echo "Re-signing $APP with ad-hoc signature..."
# Remove all existing signatures
find "$APP" -type f -perm +111 -exec codesign --remove-signature {} \; 2>/dev/null || true
# Sign with ad-hoc
codesign --force --deep --sign - "$APP"
# Verify
codesign --verify --deep --verbose "$APP"
fi
done
- name: Upload artifacts (macOS)
if: matrix.os == 'macos-latest'
uses: actions/upload-artifact@v4
with:
name: macos-build
path: |
dist/*.dmg
dist/*.zip
dist/*-mac.zip
dist/*-mac-*.zip
- name: Upload artifacts (Windows)
if: matrix.os == 'windows-latest'
uses: actions/upload-artifact@v4
with:
name: windows-build
path: |
dist/*.exe
dist/*.msi
- name: Upload artifacts (Linux)
if: matrix.os == 'ubuntu-latest'
uses: actions/upload-artifact@v4
with:
name: linux-build
path: |
dist/*.AppImage
dist/*.deb
dist/*.rpm
dist/*.snap
release:
if: startsWith(github.ref, 'refs/tags/')
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: ./artifacts
- name: Display structure of downloaded files
run: ls -la artifacts/*/
- name: Create Release
uses: softprops/action-gh-release@v2
with:
files: |
artifacts/**/*.dmg
artifacts/**/*.zip
artifacts/**/*.exe
artifacts/**/*.msi
artifacts/**/*.AppImage
artifacts/**/*.deb
artifacts/**/*.rpm
artifacts/**/*.snap
draft: false
prerelease: false
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}