Add apple signing and notarization workflow

.dockerignore

@@ -19,3 +19,5 @@ bfx-report-ui/build
 bfx-report-ui/bfx-report-express/logs/*.log
 bfx-report-ui/bfx-report-express/config/*.json
 stub.AppImage
+e2e-test-report.xml
+test-report.json

.env.example

@@ -4,3 +4,10 @@ IS_DEV_ENV=0
 IS_AUTO_UPDATE_DISABLED=0
 EP_GH_IGNORE_TIME=true
 GH_TOKEN=
+
+NOTARIZE=0
+APPLE_TEAM_ID=
+APPLE_ID=
+APPLE_APP_SPECIFIC_PASSWORD=
+CSC_LINK=
+CSC_KEY_PASSWORD=

.github/actions/prepare-mac-runner/action.yml

@@ -0,0 +1,7 @@
+name: 'Prepare Mac runner'
+description: 'Turn uninterrupted testing on mac'
+runs:
+ using: composite
+ steps:
+ - run: ${{ github.action_path }}/prepare-mac-runner.sh
+ shell: bash

.github/actions/prepare-mac-runner/prepare-mac-runner.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# Turn uninterrupted testing on mac
+
+# Change Local name to avoid name clash causing alert
+uniqueComputerName="mac-e2e-test-runner-$RANDOM"
+sudo scutil --set LocalHostName "$uniqueComputerName"
+sudo scutil --set ComputerName "$uniqueComputerName"
+
+# Close Notification window
+sudo killall UserNotificationCenter || true
+
+# Do not disturb
+defaults -currentHost write com.apple.notificationcenterui doNotDisturb -boolean true
+defaults -currentHost write com.apple.notificationcenterui doNotDisturbDate -date "`date -u +\"%Y-%m-%d %H:%M:%S +0000\"`"
+sudo killall NotificationCenter
+
+# Disable firewall
+sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
+sudo /usr/libexec/ApplicationFirewall/socketfilterfw -k
+
+# Close Finder Windows using Apple Script
+sudo osascript -e 'tell application "Finder" to close windows'

.github/workflows/build-electron-app.yml

@@ -19,6 +19,9 @@ on:
  isBfxApiStaging:
  description: 'Is it necessary to use BFX API Staging? (true / 1)?'
  required: false
+ isNotarizeDisabled:
+ description: 'Is notarize disabled (true / 1)?'
+ required: false
 
 env:
  DOCKER_BUILDKIT: 1
@@ -30,7 +33,7 @@ jobs:
  runs-on: ubuntu-22.04
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  with:
  submodules: recursive
  - name: Set repo owner
@@ -76,17 +79,31 @@ jobs:
  max_attempts: 3
  retry_on: any
  command: ./scripts/launch.sh -lwp
+ - name: Zip Linux Unpacked build
+ run: zip -r dist/linux-unpacked.zip dist/linux-unpacked
+ - name: Upload Linux Unpacked build
+ uses: actions/upload-artifact@v3
+ with:
+ name: linux-unpacked
+ path: dist/linux-unpacked.zip
+ - name: Zip Win Unpacked build
+ run: zip -r dist/win-unpacked.zip dist/win-unpacked
+ - name: Upload Win Unpacked build
+ uses: actions/upload-artifact@v3
+ with:
+ name: win-unpacked
+ path: dist/win-unpacked.zip
  - name: Prepare cache folders
  run: |
  sudo chown -R $(id -u):$(id -g) ~/.cache/electron
  sudo chown -R $(id -u):$(id -g) ~/.cache/electron-builder
 
  mac-builder:
  timeout-minutes: 90
- runs-on: macos-11
+ runs-on: macos-12
  steps:
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  with:
  submodules: recursive
  - name: Set repo owner
@@ -104,6 +121,10 @@ jobs:
  name: Turn off auto-update
  run: |
  echo "IS_AUTO_UPDATE_DISABLED=1" >> $GITHUB_ENV
+ - if: ${{ !contains(fromJson('["true", "1", true, 1]'), github.event.inputs.isNotarizeDisabled) }}
+ name: Turn on notarize
+ run: |
+ echo "NOTARIZE=1" >> $GITHUB_ENV
  - if: contains(fromJson('["true", "1", true, 1]'), github.event.inputs.isBfxApiStaging)
  name: Use BFX API Staging for queries
  run: |
@@ -127,6 +148,12 @@ jobs:
  uses: nick-fields/retry@v2
  continue-on-error: false
  env:
+ NOTARIZE: true
+ APPLE_TEAM_ID: ${{ secrets.BFX_APPLE_TEAM_ID }}
+ APPLE_ID: ${{ secrets.BFX_APPLE_ID_USERNAME }}
+ APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.BFX_APPLE_ID_REPORT_PASSWORD }}
+ CSC_LINK: ${{ secrets.BFX_APPLE_BUILD_CERTIFICATE_B64 }}
+ CSC_KEY_PASSWORD: ${{ secrets.BFX_APPLE_BUILD_CERTIFICATE_PASSWORD }}
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  ELECTRON_CACHE: ~/Library/Caches/electron
  with:
@@ -135,3 +162,108 @@ jobs:
  max_attempts: 3
  retry_on: any
  command: ./scripts/build-release.sh -mp
+ - name: Zip Mac Unpacked build
+ run: zip -r dist/mac.zip dist/mac
+ - name: Upload Mac Unpacked build
+ uses: actions/upload-artifact@v3
+ with:
+ name: mac-unpacked
+ path: dist/mac.zip
+
+ linux-e2e-test-runner:
+ name: Linux E2E Test Runner
+ timeout-minutes: 30
+ runs-on: ubuntu-22.04
+ needs: [linux-win-docker-builder]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 18.17.1
+ - name: Install main dev deps
+ run: npm i --development --no-audit --progress=false --force
+ - name: Download Linux Unpacked build
+ uses: actions/download-artifact@v3
+ with:
+ name: linux-unpacked
+ path: dist
+ - name: Unzip Linux Unpacked build
+ run: unzip dist/linux-unpacked.zip
+ - name: Run tests
+ uses: coactions/[email protected]
+ with:
+ run: npm run e2e
+ - name: Normalize E2E test report
+ run: node ./scripts/node/normalize-e2e-test-report e2e-test-report.xml
+ - name: Upload Linux E2E test results
+ uses: actions/upload-artifact@v3
+ with:
+ name: linux-e2e-test-results
+ path: e2e-test-report.xml
+
+ win-e2e-test-runner:
+ name: Win E2E Test Runner
+ timeout-minutes: 30
+ runs-on: windows-2022
+ needs: [linux-win-docker-builder]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 18.17.1
+ - name: Install main dev deps
+ run: npm i --development --no-audit --progress=false --force
+ - name: Download Linux Unpacked build
+ uses: actions/download-artifact@v3
+ with:
+ name: win-unpacked
+ path: dist
+ - name: Unzip Win Unpacked build
+ run: 7z -y x dist/win-unpacked.zip
+ - name: Run tests
+ uses: coactions/[email protected]
+ with:
+ run: npm run e2e
+ - name: Normalize E2E test report
+ run: node ./scripts/node/normalize-e2e-test-report e2e-test-report.xml
+ - name: Upload Win E2E test results
+ uses: actions/upload-artifact@v3
+ with:
+ name: win-e2e-test-results
+ path: e2e-test-report.xml
+
+ mac-e2e-test-runner:
+ name: Mac E2E Test Runner
+ timeout-minutes: 30
+ runs-on: macos-12
+ needs: [mac-builder]
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Prepare Mac runner
+ uses: ./.github/actions/prepare-mac-runner
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 18.17.1
+ - name: Install main dev deps
+ run: npm i --development --no-audit --progress=false --force
+ - name: Download Mac Unpacked build
+ uses: actions/download-artifact@v3
+ with:
+ name: mac-unpacked
+ path: dist
+ - name: Unzip Mac Unpacked build
+ run: unzip dist/mac.zip
+ - name: Run tests
+ uses: coactions/[email protected]
+ with:
+ run: npm run e2e
+ - name: Normalize E2E test report
+ run: node ./scripts/node/normalize-e2e-test-report e2e-test-report.xml
+ - name: Upload Mac E2E test results
+ uses: actions/upload-artifact@v3
+ with:
+ name: mac-e2e-test-results
+ path: e2e-test-report.xml

.github/workflows/e2e-test-report.yml

@@ -0,0 +1,47 @@
+name: 'E2E Test Report'
+run-name: 'E2E Test Report: Commit ${{ github.sha }}'
+
+on:
+ workflow_run:
+ workflows: ['Build release']
+ types:
+ - completed
+
+permissions:
+ contents: read
+ actions: read
+ checks: write
+
+jobs:
+ e2e-web-page-report:
+ name: E2E Web Page Report
+ runs-on: ubuntu-22.04
+ steps:
+ - uses: dorny/test-reporter@v1
+ id: linux-e2e-test-results
+ with:
+ artifact: linux-e2e-test-results
+ name: Linux E2E Tests
+ path: e2e-test-report.xml
+ reporter: jest-junit
+ - uses: dorny/test-reporter@v1
+ id: win-e2e-test-results
+ with:
+ artifact: win-e2e-test-results
+ name: Win E2E Tests
+ path: e2e-test-report.xml
+ reporter: jest-junit
+ - uses: dorny/test-reporter@v1
+ id: mac-e2e-test-results
+ with:
+ artifact: mac-e2e-test-results
+ name: Mac E2E Tests
+ path: e2e-test-report.xml
+ reporter: jest-junit
+ - name: E2E Test Report Summary
+ run: |
+ echo "### E2E Test Report page is ready! :rocket:" >> $GITHUB_STEP_SUMMARY
+ echo "And available at the following links for applicable OSs:" >> $GITHUB_STEP_SUMMARY
+ echo "- [Linux](${{ steps.linux-e2e-test-results.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
+ echo "- [Win](${{ steps.win-e2e-test-results.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY
+ echo "- [Mac](${{ steps.mac-e2e-test-results.outputs.url_html }})" >> $GITHUB_STEP_SUMMARY

.gitignore

@@ -13,3 +13,5 @@ package-lock.json
 lastCommit.json
 electronEnv.json
 stub.AppImage
+e2e-test-report.xml
+test-report.json

build/entitlements.mac.plist

@@ -4,6 +4,8 @@
  <dict>
  <key>com.apple.security.app-sandbox</key>
  <true/>
+ <key>com.apple.security.inherit</key>
+ <true/>
  <key>com.apple.security.network.client</key>
  <true/>
  <key>com.apple.security.network.server</key>
@@ -22,5 +24,13 @@
  <true/>
  <key>com.apple.security.cs.disable-library-validation</key>
  <true/>
+ <key>com.apple.security.cs.allow-jit</key>
+ <true/>
+ <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+ <true/>
+ <key>com.apple.security.cs.debugger</key>
+ <true/>
+ <key>com.apple.security.automation.apple-events</key>
+ <true/>
  </dict>
 </plist>

build/entitlements.mas.inherit.plist

@@ -24,5 +24,13 @@
  <true/>
  <key>com.apple.security.cs.disable-library-validation</key>
  <true/>
+ <key>com.apple.security.cs.allow-jit</key>
+ <true/>
+ <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+ <true/>
+ <key>com.apple.security.cs.debugger</key>
+ <true/>
+ <key>com.apple.security.automation.apple-events</key>
+ <true/>
  </dict>
 </plist>

docker-compose.yaml

@@ -74,6 +74,12 @@ services:
  IS_DEV_ENV: ${IS_DEV_ENV:-0}
  IS_AUTO_UPDATE_DISABLED: ${IS_AUTO_UPDATE_DISABLED:-0}
  IS_PUBLISHED: ${IS_PUBLISHED:-0}
+ NOTARIZE: ${NOTARIZE:-}
+ APPLE_TEAM_ID: ${APPLE_TEAM_ID:-}
+ APPLE_ID: ${APPLE_ID:-}
+ APPLE_APP_SPECIFIC_PASSWORD: ${APPLE_APP_SPECIFIC_PASSWORD:-}
+ CSC_LINK: ${CSC_LINK:-}
+ CSC_KEY_PASSWORD: ${CSC_KEY_PASSWORD:-}
  GH_TOKEN: ${GH_TOKEN:-}
  GITHUB_TOKEN: ${GITHUB_TOKEN:-}
  EP_GH_IGNORE_TIME: ${EP_GH_IGNORE_TIME:-true}