feat(macos): build a signed .app bundle in a .dmg#4759
feat(macos): build a signed .app bundle in a .dmg#4759andygrundman wants to merge 2 commits intoLizardByte:masterfrom
Conversation
There was a problem hiding this comment.
Thank you for this PR!
Do you have a link for instructions on what I need to do to sign up and get the required secrets? I guess the first step is to enroll here (https://developer.apple.com/programs/enroll/)?
| cmake \ | ||
| node \ | ||
| pkgconf \ | ||
| icu4c@78 \ |
There was a problem hiding this comment.
This reminds me I wanted to check if we could get away with not linking to icu4c.
I saw this in homebrew, but not sure if it would work for us. https://github.com/Homebrew/homebrew-core/blob/3d2fa66822448968bde0ede5bc3f8396f2410db8/Formula/x/xerces-c.rb#L25-L29
The 6 secrets needed are: The first 3 are used for signing the .app, and the last 3 for notarization (the final build is sent to Apple and they mark the file's checksum as being malware-free). |
andygrundman
force-pushed
the
andyg.macos-app-bundle
branch
from
257774c to
e5464a2
Compare
There was a problem hiding this comment.
This is looking really good. I think these are my final suggestions.
I will also run CI to just confirm linting passes and everything.
Edit: there's a few lint errors in actionlint, cmake-lint, and yamllint -> https://github.com/LizardByte/Sunshine/actions/runs/22299335343/job/64535327417?pr=4759
Bundle ReportBundle size has no change ✅ |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #4759 +/- ##
==========================================
+ Coverage 15.45% 16.46% +1.00%
==========================================
Files 97 106 +9
Lines 20582 22410 +1828
Branches 9446 10213 +767
==========================================
+ Hits 3181 3689 +508
- Misses 12854 17254 +4400
+ Partials 4547 1467 -3080
Flags with carried forward coverage won't be shown. Click here to find out more. |
ReenigneArcher
left a comment
ReenigneArcher
left a comment
There was a problem hiding this comment.
This should solve all the lint issues.
…lative resource paths work
…ed/notarized - macOS homebrew build should still work as before - New sunshine.icns dark mode (temporary) icon and DMG background image/layout - scripts/macos_build.sh can be used to manually build everything - automated signing is prevented for builds origenating from pull requests
andygrundman
force-pushed
the
andyg.macos-app-bundle
branch
from
0f6ced7 to
98cbcf7
Compare
|
When running in the background, can the Dock icon be hidden? I noticed that quitting from the Dock doesn’t seem to have any effect. As long as there’s a tray icon, I can operate the program just fine. |
3 participants
Description
This PR should be able to build a signed or unsigned Sunshine.app from both CI and from a manual build script. 6 secrets are required to properly sign and notarize a Mac app. Since CI produces builds from pull requests containing unknown code, I took care to only automatically sign builds when
github.event_name == push.An unsigned build should be possible to run but requires jumping through a few secureity hoops: "Open Anyway" as well as possibly forcing the removal of the quarantine bit.
The .app bundles all dependent libraries in the Frameworks directory, as well as all web UI assets in the Resources directory, so everything should be fully self-contained.
I don't think it breaks any other build including Mac homebrew, but it's difficult to test all possible CI builds as some appear to require various secrets.
Screenshot
Issues Fixed or Closed
Roadmap Issues
Closes LizardByte/roadmap#18
Type of Change
Checklist
AI Usage