-
-
Notifications
You must be signed in to change notification settings - Fork 111
Building Desktop Editors for Release
This build process uses electron-builder and uses code from a series of tutorials. We are not build experts, so here are the steps that we follow to package our applications. This process is confusing as heck, so don't be afraid to reach out for help.
We perform manual releases of the Wick Editor Desktop Applications.
Note: We have only run this build process on our Mac development machines, results will almost certainly be different on Windows and you will not be able to sign/notarize the mac builds described below on Windows.
You'll need to have XCode developer tools installer and have the ability to run the xcrun
command in your terminal.
a) Apple Ceritifcates:
Before starting the build process, the developer that is building the desktop applications needs to obtain the appropriate certificates for signing the apps. Contact Luca (Luxapodular) if you are on the Wicklets or Wick Editor team, you'll need to be added as a member of our organization on the Apple Developer Program.
b) Windows Certificates:
Contact [email protected] for info on Windows build certificates.
You'll need:
1) An API Key ID 2) An API Key Issuer ID 3) A Windows Code Signing certificate (.p12 file) saved to your ~/private_keys directory and password. 4) A Developer ID Application Certificate (Saved to your keychain). 5) A Developer ID Installer Certificate (Saved to your keychain).
b) Windows Code Signing Certificates
We obtained code signing certificates from SSL.com. Reach out to Luca to receive a certificate file if you are authorized to receive one.
2.1) Run API_KEY_ID="..." API_KEY_ISSUER_ID="..." WIN_CSC_LINK="~/PATH/TO/CERTIFICATE.p12" WIN_CSC_KEY_PASSWORD="PASSWORD" npm run build-packages
Ensure you provide the correct API key information as variables, or the Mac applications will not properly sign and notarize. If the certificates are installed correctly, they should automatically be used.
2.2) You should have several built installers and packages in the wick-editor/dist directory.
2.3) If a build error occurs, delete your /dist and /node_modules folders from the wick-editor directory.
Run npm install
and then repeat steps 2.1 and 2.2. If the failure persists, contact Luca!
3.1) The EXE and .dmg should be done! With a properly installed Code Signing Certificates, you should have to do nothing else.
3.2) The .pkg installer on the other hand will not be signed and notarized (Yes, the app inside the pkg is signed and notarized. If anyone know how to automate this process, please drop us a line!) Test this by uploading the .pkg to a service like Google Drive, then downloading and attempting to run the installer. You should receive a notice that says it is from an unidentified developer.
3.3) Ensure that the apps at least run in the .dmg/.app before continuing.
4.1) Sign the PKG.
You can find the name of your certificates in Keychain Access. Be careful to use the "Installer" certificate, not the "Application Certificate" for this step.
Run productsign --sign 'Developer ID Installer: NAME (1234ABCDEFG)' ./dist/NAME_OF_.pkg ./dist/NAME_OF_SIGNED.pkg
Note: If there are spaces in the file name (such as 'Wick Editor') you will need to escape the spaces with a backslash (Wick\ Editor).
4.2) Notarize your PKG.
Run xcrun altool --notarize-app --primary-bundle-id "com.wickeditor.wickeditorinstaller" --username "[email protected]" --password "app-pass-word-abcd" --file "~/FULL/PATH/TO/SIGNED/PKG/Installer.pkg"
This command will take time! When the file has been uploaded, you should receive an ID that looks like this.
RequestUUID = 181638fb-a618-2298-bff0-47fa79f01326
Keep track of that ID.
4.3) Check that the status of notarization.
This will take some time as you are sending the .pkg to apple to be notarized (often 3-10 minutes). You will not receive feedback unless you ping apple's servers.
Run xcrun altool --notarization-info REQUEST_UUID "[email protected]" --password "app-pass-word-abcd"
And you will receive either an 'in-progress' or 'success' message.
If you see a success message, you're done! Ping again in a minute or two if you get an 'in-progress' message.
You should also receive an email to the developer email account stating the package has been notarized.
4.4) Stapling the ticket to the file.
This step will add the notarization info to the file, so an online check of the notarization is unnecessary.
Run xcrun stapler staple PATH_TO_SIGNED_INSTALLER.pkg
5.1) Before uploading the release you must test the .pkg, .dmg, and .exe files on machines. Upload the signed versions of these files to place where they can be downloaded such as Google Drive. Download these files, and then run the installers. Ensure that all parts of the installers are functioning, and the applications install and open correctly. If you see a white screen, or a crash is registered to the console, you may need to rebuild the editor (Step 2.3) and repeat this guide.
6.1) Head to The Wick Editor Releases Page and create a new release.
6.2) Tag the release vM.nn.pp (i.e v1.17.0). Name it M.NN.PP (1.17.0).
6.3) Add a description that shortly describes the additions made in the release, then point the description to a forum.wickeditor.com post that describes all of the changes.
6.4) Attach all binaries that have appropriate license files.
6.5) Save the release as a draft and test that all applications can successfully download.
6.6) Publish the release!
References for Mac Signing and Notarization (Genuinely, without these resources I would have been lost.)
- Samuel Meuli - "Notarizing your Electron App"
- Samuel Meuli - "Packaging and Publishing your Electron App"
- Davide Barranca - "Notarizing Installers for MacOS Catalina"
References for bundling the app (This mentions electron-packager, although we use electron-builder, much of the set up crosses over.)