From 47ac18c81ea576785d084c472445e33ce3a2add1 Mon Sep 17 00:00:00 2001
From: Tom Moroney <moroneyt@tcd.ie>
Date: Sat, 7 Dec 2024 21:14:05 +0000
Subject: [PATCH 1/2] Update package-mac.yml

---
 .github/workflows/package-mac.yml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/package-mac.yml b/.github/workflows/package-mac.yml
index 8a39627..8e1e2cc 100644
--- a/.github/workflows/package-mac.yml
+++ b/.github/workflows/package-mac.yml
@@ -87,18 +87,26 @@ jobs:
             codesign --force --options runtime --timestamp --entitlements "$ENTITLEMENTS" --sign "$IDENTITY" "$file"
         }
 
-        export -f sign_file  # Export the function so it's available in subshells
+        export -f sign_file   # Export the function so it's available in subshells
         export IDENTITY       # Export IDENTITY so it's available in subshells
         export ENTITLEMENTS   # Export ENTITLEMENTS so it's available in subshells
 
         # Sign the main executable
         sign_file "$APP_DIR/transcription-server"
 
-        # Sign all embedded binaries and executables in the _internal directory
+        # Sign all embedded binaries and executables in the _internal directory based on known extensions
         find "$APP_DIR/_internal" -type f \( -name "*.dylib" -o -name "*.so" -o -name "*.exe" -o -name "*.bin" -o -name "ffmpeg*" \) -exec bash -c 'sign_file "$0"' {} \;
 
+        # Sign the entire Python framework directory (recursively) to ensure the actual binary is signed
+        FRAMEWORK_DIR="$APP_DIR/_internal/Python.framework"
+        if [ -d "$FRAMEWORK_DIR" ]; then
+            echo "Signing framework at $FRAMEWORK_DIR..."
+            codesign --force --deep --options runtime --timestamp --entitlements "$ENTITLEMENTS" --sign "$IDENTITY" "$FRAMEWORK_DIR"
+        fi
+
         # Sign any other executables in the main app directory
-        find "$APP_DIR" -type f -perm +111 -exec bash -c 'sign_file "$0"' {} \;
+        # Use -perm /111 to match executables on macOS/BSD
+        find "$APP_DIR" -type f -perm /111 -exec bash -c 'sign_file "$0"' {} \;
 
     - name: Move Python Server to resources folder
       run: |

From 155d49d8147a66dfc71080dcec404f3f18cdf91e Mon Sep 17 00:00:00 2001
From: Tom Moroney <moroneyt@tcd.ie>
Date: Sat, 7 Dec 2024 21:15:05 +0000
Subject: [PATCH 2/2] Update package-mac.yml

---
 .github/workflows/package-mac.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/package-mac.yml b/.github/workflows/package-mac.yml
index 8e1e2cc..d94860a 100644
--- a/.github/workflows/package-mac.yml
+++ b/.github/workflows/package-mac.yml
@@ -1,5 +1,8 @@
 name: Package AutoSubs for MacOS
 on:
+  pull_request:
+    branches:
+      - main
   push:
     branches:
       - main