name: Build macOS on: push: branches: [main] pull_request: branches: [main] jobs: build: runs-on: macos-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: 22 - name: Clean up caches run: | npm cache clean --force rm -rf ~/Library/Caches/electron-builder working-directory: simpliplay - name: Install dependencies run: npm install working-directory: simpliplay # This step creates the DMG with the UI, and the app bundle inside is unsigned. # This is the single, simple step that handles the complex parts for you. - name: Create unsigned DMGs with UI run: npx electron-builder --mac working-directory: simpliplay # A more robust step to find, sign, and convert all DMGs. - name: Sign and finalize DMGs run: | # Find all DMG files created by Electron Builder. DMGS=$(find dist/mac -name "*.dmg" -print) # Loop through each DMG file. for DMG_PATH in $DMGS; do echo "Processing DMG: $DMG_PATH" MOUNT_PATH="/Volumes/electron-builder-dmg" # Attach the DMG as a read/write volume. hdiutil attach "$DMG_PATH" -mountpoint "$MOUNT_PATH" # The app bundle path inside the mounted DMG. APP_PATH="$MOUNT_PATH/SimpliPlay.app" # Ad-hoc sign the app bundle. echo "Signing app at $APP_PATH" codesign --force --deep --sign - "$APP_PATH" # Unmount the DMG. hdiutil detach "$MOUNT_PATH" # Get the output filename for the finalized DMG. FINAL_DMG_NAME=$(basename "$DMG_PATH" .dmg) FINAL_DMG_PATH="dist/${FINAL_DMG_NAME}-signed.dmg" # Convert the read/write DMG to a read-only, compressed DMG. echo "Converting to compressed, read-only DMG: $FINAL_DMG_PATH" hdiutil convert "$DMG_PATH" -format UDZO -o "$FINAL_DMG_PATH" done working-directory: simpliplay - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: builds path: simpliplay/dist/*-signed.dmg