fix: macos builds

.github/workflows/deploy.yml

@@ -2,16 +2,13 @@ name: 'deploy'
 
 on:
   workflow_dispatch:
-  push:
-    branches:
-      - feat/macos-deployment
 
 jobs:
   deploy-macos-app:
     runs-on: macos-latest
     env:
-      VITE_MOCK_DATA: false
-      VITE_FREECODECAMP_API: https://test-api.freecodecamp.dev
+      VITE_MOCK_DATA: ${{ vars.VITE_MOCK_DATA }}
+      VITE_FREECODECAMP_API: ${{ vars.VITE_FREECODECAMP_API }}
       SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
     steps:
       - uses: actions/checkout@v4
@@ -29,6 +26,9 @@ jobs:
       - name: install Rust stable
         uses: dtolnay/rust-toolchain@stable
 
+      - name: Install Rust targets
+        run: rustup target add aarch64-apple-darwin x86_64-apple-darwin
+
       - name: install codemagic cli tools
         run: pip3 install codemagic-cli-tools --break-system-packages
 
@@ -37,7 +37,7 @@ jobs:
           KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
           APPLE_DISTRIBUTION_CERT: ${{ secrets.APPLE_DISTRIBUTION_CERT }}
           MAC_INSTALLER_DISTRIBUTION_CERT: ${{ secrets.MAC_INSTALLER_DISTRIBUTION_CERT }}
-          PROVISIONING_PROFILE: ${{ secrets.PROVISIONING_PROFILE }}
+          MAC_APP_STORE_PROVISIONING_PROFILE: ${{ secrets.MAC_APP_STORE_PROVISIONING_PROFILE }}
           APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
           APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
         run: |
@@ -54,32 +54,46 @@ jobs:
           # import certificate and provisioning profile from secrets
           echo -n "$APPLE_DISTRIBUTION_CERT" | base64 --decode -o $DISTRIBUTION_CERT_PATH
           echo -n "$MAC_INSTALLER_DISTRIBUTION_CERT" | base64 --decode -o $MAC_INSTALLER_DISTRIBUTION_CERT_PATH
-          echo -n "$PROVISIONING_PROFILE" | base64 --decode -o $PP_PATH
+          echo -n "$MAC_APP_STORE_PROVISIONING_PROFILE" | base64 --decode -o $PP_PATH
           echo -n "$APPLE_API_KEY" | base64 --decode -o $APPLE_API_KEY_PATH
 
           # create temporary keychain
           keychain initialize --password $KEYCHAIN_PASSWORD --path $KEYCHAIN_PATH --timeout 21600
 
           # import certificate to keychain
-          keychain add-certificates
-          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          keychain add-certificates -A
+          security set-key-partition-list -S apple-tool:,apple:, -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
           security find-identity -v
 
       - name: install frontend dependencies
         run: pnpm install && pnpm run prisma-generate
 
+      # The rust build requires the `.env` file to exist, even if none of the variables are used
+      - name: prep env
+        run: cp sample.env .env
+
       - uses: tauri-apps/tauri-action@v0
         env:
           TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
           TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
+          APPLE_SIGNING_IDENTITY: 'Apple Distribution: Free Code Camp, Inc. (L33K9LWVP9)'
+
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+          VITE_FREECODECAMP_API: ${{ vars.VITE_FREECODECAMP_API }}
+          VITE_MOCK_DATA: ${{ vars.VITE_MOCK_DATA }}
         with:
-          args: "--target universal-apple-darwin"
-          # includeUpdaterJson: true
+          args: '--target universal-apple-darwin --verbose'
+          includeDebug: false
+          includeRelease: true
+          includeUpdaterJson: true
 
-      - name: generate and upload installer package
+      - name: generate installer package
+        run: |
+          xcrun productbuild --sign "3rd Party Mac Developer Installer: Free Code Camp, Inc. (L33K9LWVP9)" --component "./src-tauri/target/universal-apple-darwin/release/bundle/macos/Exam Environment.app" /Applications "Exam Environment.pkg"
+
+      - name: upload installer package
         env:
           APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
           APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
         run: |
-          xcrun productbuild --sign "3rd Party Mac Developer Installer: Free Code Camp, Inc. (L33K9LWVP9)" --component "./src-tauri/target/universal-apple-darwin/release/bundle/macos/Exam Environment.app" /Applications "Exam Environment.pkg"
           xcrun altool --upload-app --type macos --file "Exam Environment.pkg" --apiKey $APPLE_API_KEY_ID --apiIssuer $APPLE_API_ISSUER

.github/workflows/publish.yml

@@ -47,9 +47,9 @@ jobs:
       matrix:
         include:
           - platform: "macos-latest"
-            args: "--target aarch64-apple-darwin"
+            args: "--target aarch64-apple-darwin --bundles dmg"
           - platform: "macos-latest"
-            args: "--target x86_64-apple-darwin"
+            args: "--target x86_64-apple-darwin --bundles dmg"
           - platform: "ubuntu-22.04"
             args: ""
           - platform: "windows-latest"
@@ -118,19 +118,24 @@ jobs:
         if: matrix.platform == 'macos-latest'
         env:
           KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-          APPLE_DISTRIBUTION_CERT: ${{ secrets.APPLE_DISTRIBUTION_CERT }}
-          PROVISIONING_PROFILE: ${{ secrets.PROVISIONING_PROFILE }}
+          APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }}
+          PROVISIONING_PROFILE: ${{ secrets.MAC_APP_DIRECT_PROVISIONING_PROFILE }}
+          APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
         run: |
           # create variables
+          mkdir -p ~/.appstoreconnect/private_keys
           CERT_BASE_PATH=/Users/runner/Library/MobileDevice/Certificates
           mkdir -p $CERT_BASE_PATH
-          DISTRIBUTION_CERT_PATH=$CERT_BASE_PATH/distribution_certificate.p12
+          DEVELOPER_ID_CERT_PATH=$CERT_BASE_PATH/developer_id_certificate.p12
           PP_PATH=./src-tauri/embedded.provisionprofile
           KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          APPLE_API_KEY_PATH=~/.appstoreconnect/private_keys/AuthKey_$APPLE_API_KEY_ID.p8
 
           # import certificate and provisioning profile from secrets
-          echo -n "$APPLE_DISTRIBUTION_CERT" | base64 --decode -o $DISTRIBUTION_CERT_PATH
+          echo -n "$APPLE_DEVELOPER_ID_CERT" | base64 --decode -o $DEVELOPER_ID_CERT_PATH
           echo -n "$PROVISIONING_PROFILE" | base64 --decode -o $PP_PATH
+          echo -n "$APPLE_API_KEY" | base64 --decode -o $APPLE_API_KEY_PATH
 
           # create temporary keychain
           keychain initialize --password $KEYCHAIN_PASSWORD --path $KEYCHAIN_PATH --timeout 21600
@@ -150,6 +155,11 @@ jobs:
           AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
           AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
 
+          # MacOS specific
+          APPLE_SIGNING_IDENTITY: "Developer ID Application: Free Code Camp, Inc. (L33K9LWVP9)"
+          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_ID }}
+
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           VITE_FREECODECAMP_API: ${{ env.VITE_FREECODECAMP_API }}
           VITE_MOCK_DATA: ${{ env.VITE_MOCK_DATA }}

src-tauri/tauri.conf.json

@@ -34,12 +34,12 @@
       "icons/icon.ico"
     ],
     "macOS": {
-      "entitlements": "Release.entitlements",
+      "entitlements": "./Entitlements.plist",
       "exceptionDomain": "",
       "frameworks": [],
-      "signingIdentity": "Apple Distribution: Free Code Camp, Inc. (L33K9LWVP9)",
+      "signingIdentity": "Developer ID Application: Free Code Camp, Inc. (L33K9LWVP9)",
       "files": {
-        "embedded.provisionprofile": "embedded.provisionprofile"
+        "embedded.provisionprofile": "./embedded.provisionprofile"
       }
     },
     "publisher": "Free Code Camp, Inc.",