diff --git a/.github/workflows/test-prod.yml b/.github/workflows/test-prod.yml new file mode 100644 index 0000000000..bc163592b7 --- /dev/null +++ b/.github/workflows/test-prod.yml @@ -0,0 +1,129 @@ +name: Test Mac Code Signing + +on: + push: + branches: + - "chore/sign-mac-ci" + +jobs: + build_yakit: + runs-on: macos-13 + env: + CI: "" + NODE_OPTIONS: --max_old_space_size=4096 + APPLE_ID: ${{ secrets.APPLE_ACCOUNT_EMAIL }} + TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + APPLE_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }} + CERT_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} + CERT_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 18.18.2 + + - run: echo ${{ github.ref }} + - run: cp buildutil/zip /usr/local/bin/zip + - run: chmod +x /usr/local/bin/zip + - run: zip -h + + - name: "Fetch Latest EngineVersion" + run: wget -O bins/engine-version.txt https://oss-qn.yaklang.com/yak/latest/version.txt + - run: | + cat bins/engine-version.txt + YAK_VERSION=$(cat bins/engine-version.txt | tr -d '\n') + echo "ENGINE_VERSION=$YAK_VERSION" >> $GITHUB_ENV + - name: "Download Yak Engine via wget(Linux)" + id: download-linux-engine + run: wget -O bins/yak_linux_amd64 https://oss-qn.yaklang.com/yak/${ENGINE_VERSION}/yak_linux_amd64 && zip ./bins/yak_linux_amd64.zip ./bins/yak_linux_amd64 && rm ./bins/yak_linux_amd64 + - name: "Download Yak Engine via wget(Linux-arm64)" + id: download-linux-engine-arm64 + run: wget -O bins/yak_linux_arm64 https://oss-qn.yaklang.com/yak/${ENGINE_VERSION}/yak_linux_arm64 && zip ./bins/yak_linux_arm64.zip ./bins/yak_linux_arm64 && rm ./bins/yak_linux_arm64 + + - name: "Download Yak Engine via wget(Windows)" + id: download-windows-engine + run: wget -O bins/yak_windows_amd64.exe https://oss-qn.yaklang.com/yak/${ENGINE_VERSION}/yak_windows_amd64.exe && zip ./bins/yak_windows_normal_amd64.zip ./bins/yak_windows_amd64.exe && rm ./bins/yak_windows_amd64.exe + - name: "Download Yak Legacy Engine via wget(Windows)" + id: download-windows-leagacy-engine + run: wget -O bins/yak_windows_amd64.exe https://oss-qn.yaklang.com/yak/${ENGINE_VERSION}/yak_windows_legacy_amd64.exe && zip ./bins/yak_windows_legacy_amd64.zip ./bins/yak_windows_amd64.exe && rm ./bins/yak_windows_amd64.exe + + - name: "Download Yak Engine via wget(MacOS)" + id: download-darwin-engine + run: wget -O bins/yak_darwin_amd64 https://oss-qn.yaklang.com/yak/${ENGINE_VERSION}/yak_darwin_amd64 + - name: "Download Yak Engine via wget(MacOS-arm64)" + id: download-darwin-engine-arm64 + run: wget -O bins/yak_darwin_arm64 https://oss-qn.yaklang.com/yak/${ENGINE_VERSION}/yak_darwin_arm64 + - name: Import Signing Certificate + run: chmod +x ./packageScript/script/signature.sh && ./packageScript/script/signature.sh + shell: bash + - name: "Fetch Mac-Amd Sha256" + run: wget -O bins/yak_darwin_amd64.sha256.txt https://oss-qn.yaklang.com/yak/${ENGINE_VERSION}/yak_darwin_amd64.sha256.txt + - name: "Fetch Mac-Arm Sha256" + run: wget -O bins/yak_darwin_arm64.sha256.txt https://oss-qn.yaklang.com/yak/${ENGINE_VERSION}/yak_darwin_arm64.sha256.txt + + - name: Extract Package.json Version + id: extract_version + uses: Saionaro/extract-package-version@v1.1.1 + - name: Crop Yakit-CE Package.json Version + uses: mad9000/actions-find-and-replace-string@5 + id: package_ce_version + with: + source: ${{ steps.extract_version.outputs.version }} + find: "-ce" + replace: "" + - name: Crop Yakit-EE Package.json Version + uses: mad9000/actions-find-and-replace-string@5 + id: package_version + with: + source: ${{ steps.package_ce_version.outputs.value }} + find: "-ee" + replace: "" + - name: Echo Yakit Package Version + run: echo "ENV_TAG=${{ steps.package_version.outputs.value }}" >> $GITHUB_ENV + + - run: yarn install + working-directory: ./ + name: "Install Dependencies" + + - name: Build Yakit Normal And Legacy (MultiPlatform) + env: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + working-directory: ./ + run: chmod +x ./packageScript/script/electron-builder.sh && ./packageScript/script/electron-builder.sh + shell: bash + + - name: View Published Content + run: + ls ./release + # EnpriTraceAgent -1.3.4-sp6-darwin-arm64(.dmg|.exe|.AppImage) + # EnpriTrace -1.3.4-sp6-darwin-arm64(.dmg|.exe|.AppImage) + # Yakit -1.3.4-sp6-darwin-arm64(.dmg|.exe|.AppImage) + + - name: Check Yakit if the output is correct + run: chmod +x ./scripts/check-build-package.sh && ./scripts/check-build-package.sh Yakit + shell: bash + - name: Upload Yakit(CE) Artifacts + uses: actions/upload-artifact@v4 + with: + name: Yakit-artifacts + path: | + ./release/Yakit-${{ env.ENV_TAG }}-*.exe + ./release/Yakit-${{ env.ENV_TAG }}-*.dmg + ./release/Yakit-${{ env.ENV_TAG }}-*.AppImage + if-no-files-found: error + retention-days: 1 + + - name: Check EnpriTrace if the output is correct + run: ./scripts/check-build-package.sh EnpriTrace + shell: bash + - name: Upload Yakit(EE) Artifacts + uses: actions/upload-artifact@v4 + with: + name: EnpriTrace-artifacts + path: | + ./release/EnpriTrace-${{ env.ENV_TAG }}-*.exe + ./release/EnpriTrace-${{ env.ENV_TAG }}-*.dmg + ./release/EnpriTrace-${{ env.ENV_TAG }}-*.AppImage + if-no-files-found: error + retention-days: 1 diff --git a/package.json b/package.json index f7e9d26890..97fcbc2ada 100644 --- a/package.json +++ b/package.json @@ -18,24 +18,28 @@ "build-render-test-simple-enterprise": "cd app/renderer/src/main && yarn build-test-simple-enterprise", "dev": "concurrently -k \"yarn start-render\" \"wait-on tcp:3000 && yarn start-electron \" ", "postinstall": "electron-builder install-app-deps", - "pack-win": "electron-builder build --win", - "pack-win-legacy": "electron-builder build --win --config ./multibuilder/electron-builder-legacy.yaml", - "pack-win-ee": "electron-builder build --win --config ./multibuilder/electron-builder-ee.yaml", - "pack-win-ee-legacy": "electron-builder build --win --config ./multibuilder/electron-builder-ee-legacy.yaml", + "pack-win": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false electron-builder build --win", + "pack-win-legacy": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false THE_LEGACY=true electron-builder build --win --config ./multibuilder/electron-builder-legacy.yaml", + "pack-win-ee": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false electron-builder build --win --config ./multibuilder/electron-builder-ee.yaml", + "pack-win-ee-legacy": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false THE_LEGACY=true electron-builder build --win --config ./multibuilder/electron-builder-ee-legacy.yaml", "pack-win-se": "electron-builder build --win --config ./multibuilder/electron-builder-se.yaml", - "pack-win-se-legacy": "electron-builder build --win --config ./multibuilder/electron-builder-se-legacy.yaml", + "pack-win-se-legacy": "cross-env THE_LEGACY=true electron-builder build --win --config ./multibuilder/electron-builder-se-legacy.yaml", "pack-mac": "electron-builder build --mac", + "pack-sign-mac": "electron-builder build --mac --config ./packageScript/electron-builder-mac.yaml", "pack-mac-legacy": "electron-builder build --mac --config ./multibuilder/electron-builder-legacy.yaml", + "pack-sign-mac-legacy": "cross-env THE_LEGACY=true electron-builder build --mac --config ./packageScript/electron-builder-mac-legacy.yaml", "pack-mac-ee": "electron-builder build --mac --config ./multibuilder/electron-builder-ee.yaml", + "pack-sign-mac-ee": "electron-builder build --mac --config ./packageScript/electron-builder-mac-ee.yaml", "pack-mac-ee-legacy": "electron-builder build --mac --config ./multibuilder/electron-builder-ee-legacy.yaml", + "pack-sign-mac-ee-legacy": "cross-env THE_LEGACY=true electron-builder build --mac --config ./packageScript/electron-builder-mac-ee-legacy.yaml", "pack-mac-se": "electron-builder build --mac --config ./multibuilder/electron-builder-se.yaml", "pack-mac-se-legacy": "electron-builder build --mac --config ./multibuilder/electron-builder-se-legacy.yaml", - "pack-linux": "electron-builder build --linux", - "pack-linux-legacy": "electron-builder build --linux --config ./multibuilder/electron-builder-legacy.yaml", - "pack-linux-ee": "electron-builder build --linux --config ./multibuilder/electron-builder-ee.yaml", - "pack-linux-ee-legacy": "electron-builder build --linux --config ./multibuilder/electron-builder-ee-legacy.yaml", + "pack-linux": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false electron-builder build --linux", + "pack-linux-legacy": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false THE_LEGACY=true electron-builder build --linux --config ./multibuilder/electron-builder-legacy.yaml", + "pack-linux-ee": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false electron-builder build --linux --config ./multibuilder/electron-builder-ee.yaml", + "pack-linux-ee-legacy": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false THE_LEGACY=true electron-builder build --linux --config ./multibuilder/electron-builder-ee-legacy.yaml", "pack-linux-se": "electron-builder build --linux --config ./multibuilder/electron-builder-se.yaml", - "pack-linux-se-legacy": "electron-builder build --linux --config ./multibuilder/electron-builder-se-legacy.yaml", + "pack-linux-se-legacy": "cross-env THE_LEGACY=true electron-builder build --linux --config ./multibuilder/electron-builder-se-legacy.yaml", "electron-publish": "electron-builder --publish always -mwl", "electron-publish-legacy": "electron-builder --publish always -mwl --config ./multibuilder/electron-builder-legacy.yaml", "electron-publish-ee": "electron-builder --publish always -mwl --config ./multibuilder/electron-builder-ee.yaml", @@ -49,6 +53,7 @@ "author": "", "license": "ISC", "devDependencies": { + "@electron/notarize": "^2.5.0", "concurrently": "^6.2.0", "electron": "27.0.0", "electron-builder": "23.6.0", @@ -63,6 +68,7 @@ "axios": "^0.26.1", "chrome-launcher": "^0.15.0", "compressing": "^1.8.0", + "cross-env": "^7.0.3", "dompurify": "^3.0.5", "electron-is-dev": "^2.0.0", "electron-updater": "^4.3.9", diff --git a/packageScript/buildHook/after-sign.js b/packageScript/buildHook/after-sign.js new file mode 100644 index 0000000000..c712e5341d --- /dev/null +++ b/packageScript/buildHook/after-sign.js @@ -0,0 +1,20 @@ +const { notarize } = require("@electron/notarize"); + +module.exports = async function afterSign(context) { + const { appOutDir, packager, electronPlatformName } = context; + if (electronPlatformName !== "darwin") { + return; + } + const appName = packager.appInfo.productFilename; + const appBundleId = packager.appInfo.id; + + console.log(`开始对 ${appName} 进行公证,输出目录:${appOutDir}`, `app 所处路径: ${appOutDir}/${appName}.app`); + + return await notarize({ + appBundleId: appBundleId, + appPath: `${appOutDir}/${appName}.app`, + appleId: process.env.APPLE_ID, + appleIdPassword: process.env.APPLE_PASSWORD, + teamId: process.env.TEAM_ID, // 可选,根据需要配置 + }); +}; diff --git a/packageScript/buildHook/before-pack.js b/packageScript/buildHook/before-pack.js new file mode 100644 index 0000000000..c71606808c --- /dev/null +++ b/packageScript/buildHook/before-pack.js @@ -0,0 +1,128 @@ +const packageJson = require("../../package.json"); + +module.exports = async function (context) { + const isLegacy = process.env.THE_LEGACY == "true"; + const archMap = { + 1: "x64", + 3: "arm64", + }; + const arch = archMap[context.arch]; + const baseInfo = context.packager.appInfo; + let productVersion = packageJson.version || baseInfo.version; + // CE + if (productVersion.endsWith("-ce")) { + productVersion = productVersion.replace("-ce", ""); + } + // EE + if (productVersion.endsWith("-ee")) { + productVersion = productVersion.replace("-ee", ""); + } + + /** win32 */ + const win32Config = context.electronPlatformName === "win32" ? context.packager.config.win : null; + if (win32Config) { + win32Config.extraFiles = [ + { + from: "bins/flag.windows.txt", + to: "bins/flag.windows.txt", + }, + { + from: "bins/yak_windows_amd64.zip", + to: "bins/yak.zip", + }, + ]; + win32Config.artifactName = `${"${productName}"}-${productVersion}-windows${ + isLegacy ? "-legacy" : "" + }-amd64.${"${ext}"}`; + context.packager.config.win = win32Config; + } + + /**linux */ + /** 1:x64 3:arm64 */ + const linuxConfig = context.electronPlatformName === "linux" ? context.packager.config.linux : null; + if (linuxConfig) { + const linuxExtraFiles = [ + { + from: "bins/flag.linux.txt", + to: "bins/flag.linux.txt", + }, + ]; + switch (arch) { + case "arm64": + linuxConfig.artifactName = `${"${productName}"}-${productVersion}-linux${ + isLegacy ? "-legacy" : "" + }-arm64.${"${ext}"}`; + linuxConfig.extraFiles = [ + ...linuxExtraFiles, + { + from: "bins/yak_linux_arm64.zip", + to: "bins/yak.zip", + }, + ]; + break; + case "x64": + linuxConfig.artifactName = `${"${productName}"}-${productVersion}-linux${ + isLegacy ? "-legacy" : "" + }-amd64.${"${ext}"}`; + linuxConfig.extraFiles = [ + ...linuxExtraFiles, + { + from: "bins/yak_linux_amd64.zip", + to: "bins/yak.zip", + }, + ]; + break; + + default: + break; + } + context.packager.config.linux = linuxConfig; + } + + /**mac */ + /** 1:x64 3:arm64 */ + const macConfig = context.electronPlatformName === "darwin" ? context.packager.config.mac : null; + if (macConfig) { + const darwinExtraFiles = [ + { + from: "bins/flag.darwin.txt", + to: "bins/flag.darwin.txt", + }, + ]; + macConfig.artifactName = `${"${productName}"}-${productVersion}-darwin${ + isLegacy ? "-legacy" : "" + }-${"${arch}"}.${"${ext}"}`; + switch (arch) { + case "arm64": + macConfig.extraFiles = [ + ...darwinExtraFiles, + { + from: "bins/yak_darwin_arm64.zip", + to: "bins/yak.zip", + }, + { + from: "bins/yak_darwin_arm64.sha256.txt", + to: "bins/engine-sha256.txt", + }, + ]; + break; + case "x64": + macConfig.extraFiles = [ + ...darwinExtraFiles, + { + from: "bins/yak_darwin_amd64.zip", + to: "bins/yak.zip", + }, + { + from: "bins/yak_darwin_amd64.sha256.txt", + to: "bins/engine-sha256.txt", + }, + ]; + break; + + default: + break; + } + context.packager.config.mac = macConfig; + } +}; diff --git a/packageScript/electron-builder-mac-ee-legacy.yaml b/packageScript/electron-builder-mac-ee-legacy.yaml new file mode 100644 index 0000000000..fb993afa5f --- /dev/null +++ b/packageScript/electron-builder-mac-ee-legacy.yaml @@ -0,0 +1,75 @@ +appId: "io.yaklang.enpritrace" +extraMetadata: + name: enpritrace +productName: "EnpriTrace" +copyright: Copyright © 2021 v1ll4n + +extraFiles: + - from: "bins/scripts/auto-install-cert.zip" + to: "bins/scripts/auto-install-cert.zip" + - from: "bins/scripts/start-engine.zip" + to: "bins/scripts/start-engine.zip" + - from: "bins/scripts/google-chrome-plugin.zip" + to: "bins/scripts/google-chrome-plugin.zip" + - from: "bins/flag.txt" + to: "bins/flag.txt" + - from: "bins/engine-version.txt" + to: "bins/engine-version.txt" + - from: "bins/yakit-system-mode.txt" + to: "bins/yakit-system-mode.txt" + - from: "bins/resources" + to: "bins/resources" + filter: + - "**/*" + - "*.txt" + - from: "bins/database/" + to: "bins/database/" + filter: + - "**/*" + - "*.txt" + - "*.gzip" + - "!*.db" + - from: "report/template.zip" + to: "report/template.zip" + +directories: + buildResources: resources + output: release/ + app: . + +files: + - "**/*" + - "!bins/**/*" + - "!.github/**/*" + - "!multibuilder/**/*" + - "!scripts/**/*" + - "!buildutil/**/*" + - "!buildHooks/**/*" + - "!build/**/*" + - "!backups/**/*" + - "!app/renderer/src/**/*" + +asar: true + +publish: + - provider: "generic" + url: https://yaklang.oss-cn-beijing.aliyuncs.com/yak/latest/ + +mac: + hardenedRuntime: true + gatekeeperAssess: false + entitlements: "packageScript/plist/entitlements.mac.plist" + entitlementsInherit: "packageScript/plist/entitlements.mac.plist" + target: + - target: dmg + arch: + - x64 + - arm64 + icon: "app/assets/yakiteelogo.icns" + +beforePack: "packageScript/buildHook/before-pack.js" +afterSign: "packageScript/buildHook/after-sign.js" + +releaseInfo: + releaseName: ${version} + releaseNotes: "view github release: /~https://github.com/yaklang/yakit/releases" diff --git a/packageScript/electron-builder-mac-ee.yaml b/packageScript/electron-builder-mac-ee.yaml new file mode 100644 index 0000000000..8fdb05c30a --- /dev/null +++ b/packageScript/electron-builder-mac-ee.yaml @@ -0,0 +1,73 @@ +appId: "io.yaklang.enpritrace" +extraMetadata: + name: enpritrace +productName: "EnpriTrace" +copyright: Copyright © 2021 v1ll4n + +extraFiles: + - from: "bins/scripts/auto-install-cert.zip" + to: "bins/scripts/auto-install-cert.zip" + - from: "bins/scripts/start-engine.zip" + to: "bins/scripts/start-engine.zip" + - from: "bins/scripts/google-chrome-plugin.zip" + to: "bins/scripts/google-chrome-plugin.zip" + - from: "bins/flag.txt" + to: "bins/flag.txt" + - from: "bins/engine-version.txt" + to: "bins/engine-version.txt" + - from: "bins/resources" + to: "bins/resources" + filter: + - "**/*" + - "*.txt" + - from: "bins/database/" + to: "bins/database/" + filter: + - "**/*" + - "*.txt" + - "*.gzip" + - "!*.db" + - from: "report/template.zip" + to: "report/template.zip" + +directories: + buildResources: resources + output: release/ + app: . + +files: + - "**/*" + - "!bins/**/*" + - "!.github/**/*" + - "!multibuilder/**/*" + - "!scripts/**/*" + - "!buildutil/**/*" + - "!buildHooks/**/*" + - "!build/**/*" + - "!backups/**/*" + - "!app/renderer/src/**/*" + +asar: true + +publish: + - provider: "generic" + url: https://yaklang.oss-cn-beijing.aliyuncs.com/yak/latest/ + +mac: + hardenedRuntime: true + gatekeeperAssess: false + entitlements: "packageScript/plist/entitlements.mac.plist" + entitlementsInherit: "packageScript/plist/entitlements.mac.plist" + target: + - target: dmg + arch: + - x64 + - arm64 + icon: "app/assets/yakiteelogo.icns" + +beforePack: "packageScript/buildHook/before-pack.js" +afterSign: "packageScript/buildHook/after-sign.js" + +releaseInfo: + releaseName: ${version} + releaseNotes: "view github release: /~https://github.com/yaklang/yakit/releases" diff --git a/packageScript/electron-builder-mac-legacy.yaml b/packageScript/electron-builder-mac-legacy.yaml new file mode 100644 index 0000000000..77c858af20 --- /dev/null +++ b/packageScript/electron-builder-mac-legacy.yaml @@ -0,0 +1,73 @@ +appId: "io.yaklang.yakit" +productName: "Yakit" +copyright: Copyright © 2024 yaklang.io + +extraFiles: + - from: "bins/scripts/auto-install-cert.zip" + to: "bins/scripts/auto-install-cert.zip" + - from: "bins/scripts/start-engine.zip" + to: "bins/scripts/start-engine.zip" + - from: "bins/scripts/google-chrome-plugin.zip" + to: "bins/scripts/google-chrome-plugin.zip" + - from: "bins/flag.txt" + to: "bins/flag.txt" + - from: "bins/engine-version.txt" + to: "bins/engine-version.txt" + - from: "bins/yakit-system-mode.txt" + to: "bins/yakit-system-mode.txt" + - from: "bins/resources" + to: "bins/resources" + filter: + - "**/*" + - "*.txt" + - from: "bins/database/" + to: "bins/database/" + filter: + - "**/*" + - "*.txt" + - "*.gzip" + - "!*.db" + - from: "report/template.zip" + to: "report/template.zip" + +directories: + buildResources: resources + output: release/ + app: . + +files: + - "**/*" + - "!bins/**/*" + - "!.github/**/*" + - "!multibuilder/**/*" + - "!scripts/**/*" + - "!buildutil/**/*" + - "!buildHooks/**/*" + - "!build/**/*" + - "!backups/**/*" + - "!app/renderer/src/**/*" + +asar: true + +publish: + - provider: "generic" + url: https://yaklang.oss-cn-beijing.aliyuncs.com/yak/latest/ + +mac: + hardenedRuntime: true + gatekeeperAssess: false + entitlements: "packageScript/plist/entitlements.mac.plist" + entitlementsInherit: "packageScript/plist/entitlements.mac.plist" + target: + - target: dmg + arch: + - x64 + - arm64 + icon: "app/assets/yakitlogo.icns" + +beforePack: "packageScript/buildHook/before-pack.js" +afterSign: "packageScript/buildHook/after-sign.js" + +releaseInfo: + releaseName: ${version} + releaseNotes: "view github release: /~https://github.com/yaklang/yakit/releases" diff --git a/packageScript/electron-builder-mac.yaml b/packageScript/electron-builder-mac.yaml new file mode 100644 index 0000000000..5a2e252c56 --- /dev/null +++ b/packageScript/electron-builder-mac.yaml @@ -0,0 +1,71 @@ +appId: "io.yaklang.yakit" +productName: "Yakit" +copyright: Copyright © 2024 yaklang.io + +extraFiles: + - from: "bins/scripts/auto-install-cert.zip" + to: "bins/scripts/auto-install-cert.zip" + - from: "bins/scripts/start-engine.zip" + to: "bins/scripts/start-engine.zip" + - from: "bins/scripts/google-chrome-plugin.zip" + to: "bins/scripts/google-chrome-plugin.zip" + - from: "bins/flag.txt" + to: "bins/flag.txt" + - from: "bins/engine-version.txt" + to: "bins/engine-version.txt" + - from: "bins/resources" + to: "bins/resources" + filter: + - "**/*" + - "*.txt" + - from: "bins/database/" + to: "bins/database/" + filter: + - "**/*" + - "*.txt" + - "*.gzip" + - "!*.db" + - from: "report/template.zip" + to: "report/template.zip" + +directories: + buildResources: resources + output: release/ + app: . + +files: + - "**/*" + - "!bins/**/*" + - "!.github/**/*" + - "!multibuilder/**/*" + - "!scripts/**/*" + - "!buildutil/**/*" + - "!buildHooks/**/*" + - "!build/**/*" + - "!backups/**/*" + - "!app/renderer/src/**/*" + +asar: true + +publish: + - provider: "generic" + url: https://yaklang.oss-cn-beijing.aliyuncs.com/yak/latest/ + +mac: + hardenedRuntime: true + gatekeeperAssess: false + entitlements: "packageScript/plist/entitlements.mac.plist" + entitlementsInherit: "packageScript/plist/entitlements.mac.plist" + target: + - target: dmg + arch: + - x64 + - arm64 + icon: "app/assets/yakitlogo.icns" + +beforePack: "packageScript/buildHook/before-pack.js" +afterSign: "packageScript/buildHook/after-sign.js" + +releaseInfo: + releaseName: ${version} + releaseNotes: "view github release: /~https://github.com/yaklang/yakit/releases" diff --git a/packageScript/incomplete-electron-builder.config.js b/packageScript/incomplete-electron-builder.config.js new file mode 100644 index 0000000000..b74dfad8cc --- /dev/null +++ b/packageScript/incomplete-electron-builder.config.js @@ -0,0 +1,100 @@ +module.exports = { + appId: "io.yaklang.yakit", + productName: "Yakit", + copyright: "Copyright © 2024 yaklang.io", + extraFiles: [ + { from: "bins/scripts/auto-install-cert.zip", to: "bins/scripts/auto-install-cert.zip" }, + { from: "bins/scripts/start-engine.zip", to: "bins/scripts/start-engine.zip" }, + { from: "bins/scripts/google-chrome-plugin.zip", to: "bins/scripts/google-chrome-plugin.zip" }, + { from: "bins/flag.txt", to: "bins/flag.txt" }, + { from: "bins/engine-version.txt", to: "bins/engine-version.txt" }, + { + from: "bins/resources", + to: "bins/resources", + filter: ["**/*", "*.txt"] + }, + { + from: "bins/database/", + to: "bins/database/", + filter: ["**/*", "*.txt", "*.gzip", "!*.db"] + }, + { + from: "LICENSE.md", + to: "LICENSE.md", + filter: ["!darwin"] + }, + { + from: "report/template.zip", + to: "report/template.zip" + } + ], + directories: { + buildResources: "resources", + output: "release/", + app: "." + }, + files: [ + "**/*", + "!bins/**/*", + "!.github/**/*", + "!multibuilder/**/*", + "!scripts/**/*", + "!buildutil/**/*", + "!buildHooks/**/*", + "!build/**/*", + "!backups/**/*", + "!app/renderer/src/**/*" + ], + asar: true, + publish: [ + { + provider: "generic", + url: "https://yaklang.oss-cn-beijing.aliyuncs.com/yak/latest/" + } + ], + mac: { + // category: "public.app-category.developer-tools", + hardenedRuntime: true, + gatekeeperAssess: false, + entitlements: "build/entitlements.mac.plist", + entitlementsInherit: "build/entitlements.mac.plist", + target: [ + { target: "dmg", arch: ["x64", "arm64"] } + ], + icon: "app/assets/yakitlogo.icns" + }, + linux: { + target: [ + { target: "AppImage", arch: ["x64", "arm64"] } + ], + icon: "app/assets/yakitlogo.icns" + }, + win: { + // requestedExecutionLevel: "requireAdministrator", + target: [ + { target: "nsis", arch: ["x64"] } + ], + icon: "app/assets/yakitlogo.ico" + }, + nsis: { + oneClick: false, + perMachine: false, + deleteAppDataOnUninstall: true, + allowToChangeInstallationDirectory: true, + installerIcon: "app/assets/yakitlogo.ico", + uninstallerIcon: "app/assets/yakitlogo.ico", + unicode: true, + include: "build/yakit_build.nsh", + license: "LICENSE.md", + warningsAsErrors: false, + createDesktopShortcut: false, + createStartMenuShortcut: true + }, + beforePack: "buildHooks/before_pack.js", + // afterSign: "buildHooks/afterSign.js", + releaseInfo: { + releaseName: "${version}", + releaseNotes: "view github release: /~https://github.com/yaklang/yakit/releases" + } + }; + \ No newline at end of file diff --git a/packageScript/plist/entitlements.mac.plist b/packageScript/plist/entitlements.mac.plist new file mode 100644 index 0000000000..0b2a95cb87 --- /dev/null +++ b/packageScript/plist/entitlements.mac.plist @@ -0,0 +1,25 @@ + + + + + + com.apple.security.cs.allow-jit + + + + com.apple.security.cs.allow-unsigned-executable-memory + + + + com.apple.security.network.client + + + + + + + + + \ No newline at end of file diff --git a/packageScript/script/electron-builder.sh b/packageScript/script/electron-builder.sh new file mode 100644 index 0000000000..af06ab33c6 --- /dev/null +++ b/packageScript/script/electron-builder.sh @@ -0,0 +1,38 @@ +yarn add -D dmg-license + +render_path="./app/renderer/pages" + +versions=("ce" "ee") # 打包的版本集合 +for item in "${versions[@]}"; do + file_name="${item}.zip" + echo "Start to download ${file_name}" + rm -rf ${render_path} + wget -O ${file_name} https://oss-qn.yaklang.com/yak/render/${file_name} + unzip -n ${file_name} -d ./app/renderer + rm ./${file_name} + echo "End to install ${file_name}" + + yarn remove electron && yarn add electron@27.0.0 --dev + cp ./bins/yak_windows_normal_amd64.zip ./bins/yak_windows_amd64.zip + if [ "${item}" = "ce" ]; then + yarn pack-win && yarn pack-linux && yarn pack-sign-mac + elif [ "${item}" = "ee" ]; then + yarn pack-win-ee && yarn pack-linux-ee && yarn pack-sign-mac-ee + else + echo "Unknown packaged version: ${item}" >&2 + exit 1 + fi + + yarn remove electron && yarn add electron@22.3.27 --dev + cp ./bins/yak_windows_legacy_amd64.zip ./bins/yak_windows_amd64.zip + if [ "${item}" = "ce" ]; then + yarn pack-win-legacy && yarn pack-linux-legacy && yarn pack-sign-mac-legacy + elif [ "${item}" = "ee" ]; then + yarn pack-win-ee-legacy && yarn pack-linux-ee-legacy && yarn pack-sign-mac-ee-legacy + else + echo "Unknown packaged version: ${item}" >&2 + exit 1 + fi +done + +exit 0 # 打包完全成功后退出 diff --git a/packageScript/script/signature.sh b/packageScript/script/signature.sh new file mode 100644 index 0000000000..bd5277f2fb --- /dev/null +++ b/packageScript/script/signature.sh @@ -0,0 +1,30 @@ +# 解码 p12 文件 +echo "$CERT_BASE64" | base64 --decode >cert.p12 + +# 将证书路径和密码设置为环境变量, 供打包使用 +# echo "CSC_LINK=$(pwd)/cert.p12" >>$GITHUB_ENV +# echo "CSC_KEY_PASSWORD=$CERT_PASSWORD" >>$GITHUB_ENV + +ls -la cert.p12 + +# 创建一个临时钥匙串,并导入证书(这里不设置密码) +security create-keychain -p "" build.keychain +security default-keychain -s build.keychain +security unlock-keychain -p "" build.keychain +security import cert.p12 -k build.keychain -P $CERT_PASSWORD -T /usr/bin/codesign + +# 设置钥匙链分区列表; 允许这些工具访问: apple-tool:,apple:,codesign: +security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "" build.keychain +# 是否能找到你的 Developer ID Application 证书 +security find-identity -v -p codesigning + +# 从钥匙串中查找包含 TEAM_ID 的签名证书标识 +CERT_ID=$(security find-identity -v -p codesigning | grep "$TEAM_ID" | head -n1 | awk -F\" '{print $2}') +echo "Using certificate: $CERT_ID" + +# 对 yak 可执行文件进行签名(请替换为你的可执行文件路径) +codesign --timestamp --options runtime --sign "$CERT_ID" ./bins/yak_darwin_amd64 +zip ./bins/yak_darwin_amd64.zip ./bins/yak_darwin_amd64 && rm ./bins/yak_darwin_amd64 + +codesign --timestamp --options runtime --sign "$CERT_ID" ./bins/yak_darwin_arm64 +zip ./bins/yak_darwin_arm64.zip ./bins/yak_darwin_arm64 && rm ./bins/yak_darwin_arm64 diff --git a/yarn.lock b/yarn.lock index 0387ccd9f6..132faf4191 100644 --- a/yarn.lock +++ b/yarn.lock @@ -38,6 +38,15 @@ optionalDependencies: global-agent "^3.0.0" +"@electron/notarize@^2.5.0": + version "2.5.0" + resolved "https://registry.yarnpkg.com/@electron/notarize/-/notarize-2.5.0.tgz#d4d25356adfa29df4a76bd64a8bd347237cd251e" + integrity sha512-jNT8nwH1f9X5GEITXaQ8IF/KdskvIkOFfB2CvwumsveVidzpSc+mvhhTMdAGSYF3O+Nq49lJ7y+ssODRXu06+A== + dependencies: + debug "^4.1.1" + fs-extra "^9.0.1" + promise-retry "^2.0.1" + "@electron/universal@1.2.1": version "1.2.1" resolved "https://registry.yarnpkg.com/@electron/universal/-/universal-1.2.1.tgz#3c2c4ff37063a4e9ab1e6ff57db0bc619bc82339" @@ -822,6 +831,13 @@ crc@^3.8.0: dependencies: buffer "^5.1.0" +cross-env@^7.0.3: + version "7.0.3" + resolved "https://registry.yarnpkg.com/cross-env/-/cross-env-7.0.3.tgz#865264b29677dc015ba8418918965dd232fc54cf" + integrity sha512-+/HKd6EgcQCJGh2PSjZuUitQBQynKor4wrFbRg4DtAgS1aWO+gU52xpH7M9ScGgXSYmAVS9bIJ8EzuaGw0oNAw== + dependencies: + cross-spawn "^7.0.1" + cross-spawn@^7.0.1, cross-spawn@^7.0.3: version "7.0.3" resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6" @@ -1061,6 +1077,11 @@ env-paths@^2.2.0: resolved "https://registry.yarnpkg.com/env-paths/-/env-paths-2.2.1.tgz#420399d416ce1fbe9bc0a07c62fa68d67fd0f8f2" integrity sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A== +err-code@^2.0.2: + version "2.0.3" + resolved "https://registry.yarnpkg.com/err-code/-/err-code-2.0.3.tgz#23c2f3b756ffdfc608d30e27c9a941024807e7f9" + integrity sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA== + es6-error@^4.1.1: version "4.1.1" resolved "https://registry.yarnpkg.com/es6-error/-/es6-error-4.1.1.tgz#9e3af407459deed47e9a91f9b885a84eb05c561d" @@ -1874,6 +1895,14 @@ progress@^2.0.3: resolved "https://registry.yarnpkg.com/progress/-/progress-2.0.3.tgz#7e8cf8d8f5b8f239c1bc68beb4eb78567d572ef8" integrity sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA== +promise-retry@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/promise-retry/-/promise-retry-2.0.1.tgz#ff747a13620ab57ba688f5fc67855410c370da22" + integrity sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g== + dependencies: + err-code "^2.0.2" + retry "^0.12.0" + protobufjs@^6.11.3: version "6.11.3" resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-6.11.3.tgz#637a527205a35caa4f3e2a9a4a13ddffe0e7af74" @@ -2018,6 +2047,11 @@ responselike@^2.0.0: dependencies: lowercase-keys "^2.0.0" +retry@^0.12.0: + version "0.12.0" + resolved "https://registry.yarnpkg.com/retry/-/retry-0.12.0.tgz#1b42a6266a21f07421d1b0b54b7dc167b01c013b" + integrity sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow== + rimraf@^3.0.0: version "3.0.2" resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-3.0.2.tgz#f1a5402ba6220ad52cc1282bac1ae3aa49fd061a"