feat: macos codesign

.github/workflows/release.yml

@@ -64,15 +64,43 @@ jobs:
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
       - run: npm run build
+
+      - name: Import Apple Developer Certificate
+        if: matrix.os == 'macos-latest'
+        env:
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
+          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          # Prevents keychain from locking automatically for 3600 seconds.
+          security set-keychain-settings -t 3600 -u build.keychain
+          security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
+          security find-identity -v -p codesigning build.keychain
+      - name: Verify Certificate
+        if: matrix.os == 'macos-latest'
+        run: |
+          CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application")
+          CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
+          echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
+          echo "Certificate imported."
+
       - name: Build Distribution Binaries
         uses: tauri-apps/tauri-action@v0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PKG_CONFIG_ALLOW_CROSS: 1
           CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
           APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
-          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+          APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
         with:
           args: ${{ matrix.args }}
 
@@ -148,7 +176,7 @@ jobs:
         if: steps.tag_release.outputs.successful == 'true'
         uses: ryand56/r2-upload-action@master
         with:
-          r2-account-id:  ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          r2-account-id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
           r2-access-key-id: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY_ID }}
           r2-secret-access-key: ${{ secrets.CLOUDFLARE_R2_SECRET_ACCESS_KEY }}
           r2-bucket: ${{ secrets.CLOUDFLARE_ARTIFACTS_R2 }}

scripts/build-pkg.sh

@@ -19,7 +19,7 @@ SIGN_INSTALL="3rd Party Mac Developer Installer: Lisheng Zi (Z44247ZSR9)"
 TARGET="universal-apple-darwin"
 
 
-npx tauri build --target "${TARGET}" --verbose
+DOCKIT_DISTRIBUTION="APP_STORE" npx tauri build --target "${TARGET}" --verbose
 
 # cargo tauri build --target "${target}" --verbose
 

src-tauri/src/dynamo_client.rs

@@ -6,7 +6,6 @@ use crate::dynamo::types::ApiResponse;
 use aws_config::meta::region::RegionProviderChain;
 use aws_config::Region;
 use aws_sdk_dynamodb::{config::Credentials, Client};
-use base64;
 use serde::Deserialize;
 
 #[derive(Debug, Deserialize)]
@@ -25,7 +24,6 @@ pub struct DynamoOptions {
 
 #[tauri::command]
 pub async fn dynamo_api(
-    window: tauri::Window,
     credentials: DynamoCredentials,
     options: DynamoOptions,
 ) -> Result<String, String> {

src-tauri/src/openai_client.rs

@@ -106,7 +106,7 @@ pub async fn create_openai_client(
         AI_CLIENT = Option::from(Client::with_config(config).with_http_client(http_client));
     }
 
-    return Ok(format!("{} client created", provider).to_string());
+    Ok(format!("{} client created", provider).to_string())
 }
 
 #[tauri::command]