89 sign marknote application on mac#92
Open
jib63 wants to merge 8 commits into
Open
Conversation
- Generate and commit marknote.icns (all required resolutions) so jpackage uses the MarkNote icon instead of the default Java icon on macOS - Override jpackage.icon in mac/mac-aarch64 pom.xml profiles to use .icns - Add mac-sign Maven profile: activate with -Ppackage,mac-sign and MAC_SIGNING_IDENTITY env var for Developer ID Application signing - Add signing + notarization steps to ./build package script: set MAC_SIGNING_IDENTITY and MAC_NOTARY_PROFILE env vars to enable Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… workflow - Import .p12 cert into a temporary keychain before jpackage - Pass -Pmac-sign profile and signing identity when MACOS_SIGNING_IDENTITY is set - Submit DMG to Apple notarytool via .p8 API key (no password) and staple ticket - All signing/notarization steps degrade gracefully when secrets are absent - Clean up temp keychain in always() post step Required GitHub Secrets (all optional – unsigned build if absent): MACOS_CERTIFICATE, MACOS_CERTIFICATE_PWD, MACOS_SIGNING_IDENTITY, NOTARIZATION_KEY_CONTENT, NOTARIZATION_KEY_ID, NOTARIZATION_ISSUER_ID Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace .p8 API key approach with apple-id + app-specific password (app-specific password generated at appleid.apple.com, not Apple ID password) - Update workflow comments with correct URLs: cert → developer.apple.com/account/resources/certificates/add (Developer ID Application) notarization password → appleid.apple.com → App-specific passwords - Update build script comments with same guidance for local notarization Required GitHub Secrets: MACOS_CERTIFICATE, MACOS_CERTIFICATE_PWD, MACOS_SIGNING_IDENTITY, APPLE_ID, APPLE_TEAM_ID, APPLE_APP_SPECIFIC_PWD Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… into build - Replace libs/mac/ JavaFX 24 x86_64 JARs with aarch64 variants to fix runtime crash on Apple Silicon (incompatible architecture for prism dylibs) - Remove empty JavaFX stub JARs from libs/common/ (caused duplicate module error during compilation once platform JARs were present in module path) - Add version adjustment for jpackage (0.x.y → 1.x.y, jpackage requires first digit >= 1) - Notarization is automated: set MAC_SIGNING_IDENTITY env var before ./build package to sign, notarize, and staple the DMG in one step - Add notarize-poll.sh and notarization-error.log to .gitignore Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
JGit and related SSH dependencies were present locally but never committed, causing CI builds to fail with missing org.eclipse.jgit.* packages. These JARs were introduced by the git-client-connector feature merged from main. - Add libs/common/org.eclipse.jgit-7.1.0.jar - Add libs/common/org.eclipse.jgit.ssh.apache-7.1.0.jar - Add libs/common/sshd-osgi-2.14.0.jar, sshd-sftp-2.14.0.jar - Add libs/common/eddsa-0.3.0.jar, slf4j-api-1.7.36.jar, jcl-over-slf4j-1.7.36.jar - Fix contributor email in pom.xml developers section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The signing identity "Developer ID Application: ..." contains spaces. Embedding it in a plain string variable and expanding it unquoted caused Maven to interpret "Application:" as a plugin prefix, failing with NoPluginFoundForPrefixException. Use a bash array so the value is passed as a single argument regardless of whitespace. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ler jitter Thread.sleep(50) on Apple Silicon GitHub Actions runners can take 100ms+ due to OS scheduling variance. With a 100ms debounce delay this caused the first task to fire before the second call cancelled it. Fix: raise debounce delay to 500ms and widen all sleep/wait values so the ratio between inter-call sleep and debounce delay is at least 5x, absorbing typical CI jitter without changing any production behaviour. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.