Publish triggers afterAllArtifactBuild hook too late #3908
Comments
|
I think you want this to be done not for the dmg, but for the app, in the In addition, if you have a console.log in your afterSign function, then you see it appear before the signing console output. This has also been mentioned in #3504. |
|
I believe that the right call is to notarize and staple the dmg, see https://forums.developer.apple.com/thread/115670 |
|
@raymondjacobson That does not work unfortunately and you get scary warnings like these when opening the dmg: #3870 (comment). What ended up working is to sign+notarize the app and package it into a non-signed/non-notarized dmg. See #3870 (comment) |
|
Ah, looks like I missed the point about not signing the dmg in b3acc81 Thanks! Will give this a go :) |
|
Yup, definitely still an issue :( |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This is actually still an issue if you build a .pkg file, because you need to notarize the pkg file itself (for all the scripts it contains etc). You can notarize the pkg in afterAllArtifactBuild, but publish will have already attempted to upload this file before notarization is finished. You have to upload it again yourself afterwards. |
|
Updated to add, you can work around this by setting pkg:
publish: null # This will be published by the afterAllArtifactBuild hook/**
* Notarize .pkg
*/
const fs = require('fs');
const notarize = require('electron-notarize');
module.exports = async function (context) {
if (process.platform !== 'darwin') {
console.log(`afterAllArtifactBuild: nothing to do on ${process.platform}`);
return [];
}
const appBundleId = context.configuration.appId;
const paths = await Promise.all(context.artifactPaths.map(async appPath => {
if (!appPath.endsWith('.pkg')) return null;
if (process.env.APPLE_ID === undefined) {
console.warn("APPLE_ID not set, skipping notarization");
return appPath;
}
console.log(`afterAllArtifactBuild: Notarizing ${appBundleId} at ${appPath}`);
// Test we can access the file
await fs.promises.access(appPath)
await notarize.notarize({
appBundleId,
appPath,
appleId: process.env.APPLE_ID,
appleIdPassword: '@keychain:AC_PASSWORD',
});
return appPath;
}));
return paths.filter(appPath => appPath !== null);
} |
|
Electron newbie here. Dani's tip helped here for notarizing a .pkg. When using it, I didn't seem to need to set the afterSign hook (which seems to be for notarizing e.g. a .zip file, not the .pkg). |
|
"Ideally the publish command should wait for the afterAllArtifactBuild hook to finish running !" |
20.41.0
Mac
I'm writing an
afterAllArtifactBuildhook where the produced dmg on Mac is notarized usingelectron-notarize. This works fine when building (i.e.electron-builder build --mac): the hook triggers after all targets are built and the dmg is notarized.When building and publishing to github by running
electron-builder build --mac -p alwayshowever,electron-builderstarts uploading the dmg to github even before theafterAllArtifactBuildhook is triggered.When simply publishing without building, the
afterAllArtifactBuildis not triggered at all!Ideally the publish command should wait for the
afterAllArtifactBuildhook to finish running, or not rebuild the targets at all. If publish did not rebuild the targets, one could notarize/generate checksums using theafterAllArtifactBuildhook then have thepublishcommand only pickup the generated binaries; Now it overrides anything generated before!The text was updated successfully, but these errors were encountered: