diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml index 507bb7b4e4..11c81b436f 100644 --- a/.github/workflows/release-tag.yml +++ b/.github/workflows/release-tag.yml @@ -199,7 +199,18 @@ jobs: # Codesign the app bundle /usr/bin/codesign --verbose -f -s "$MACOS_CERTIFICATE_NAME" -o runtime --entitlements "macos/Ghostty.entitlements" macos/build/Release/Ghostty.app - - name: "Notarize app bundle" + - name: Create DMG + env: + MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} + run: | + npm install --global create-dmg + create-dmg \ + --identity="$MACOS_CERTIFICATE_NAME" \ + ./macos/build/Release/Ghostty.app \ + ./ + mv ./Ghostty*.dmg ./Ghostty.dmg + + - name: "Notarize DMG" env: PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} @@ -210,22 +221,18 @@ jobs: echo "Create keychain profile" xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" - # We can't notarize an app bundle directly, but we need to compress it as an archive. - # Therefore, we create a zip file containing our app bundle, so that we can send it to the - # notarization service - echo "Creating temp notarization archive" - ditto -c -k --keepParent "macos/build/Release/Ghostty.app" "notarization.zip" - # Here we send the notarization request to the Apple's Notarization service, waiting for the result. # This typically takes a few seconds inside a CI environment, but it might take more depending on the App # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if # you're curious - echo "Notarize app" - xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait + echo "Notarize dmg" + xcrun notarytool submit "Ghostty.dmg" --keychain-profile "notarytool-profile" --wait # Finally, we need to "attach the staple" to our executable, which will allow our app to be - # validated by macOS even when an internet connection is not available. + # validated by macOS even when an internet connection is not available. We do this to + # both the app and the dmg echo "Attach staple" + xcrun stapler staple "Ghostty.dmg" xcrun stapler staple "macos/build/Release/Ghostty.app" # Zip up the app and symbols @@ -240,6 +247,7 @@ jobs: with: name: macos path: |- + Ghostty.dmg ghostty-macos-universal.zip ghostty-macos-universal-dsym.zip @@ -299,7 +307,7 @@ jobs: echo "GHOSTTY_COMMIT_LONG=$GHOSTTY_COMMIT_LONG" echo $SPARKLE_KEY > signing.key - sign_update -f signing.key ghostty-macos-universal.zip > sign_update.txt + sign_update -f signing.key Ghostty.dmg > sign_update.txt curl -L https://release.files.ghostty.org/appcast.xml > appcast.xml python3 ./dist/macos/update_appcast_tag.py test -f appcast_new.xml @@ -348,6 +356,7 @@ jobs: mv ghostty-source.tar.gz.minisig blob/${GHOSTTY_VERSION}/ghostty-source.tar.gz.minisig mv ghostty-macos-universal.zip blob/${GHOSTTY_VERSION}/ghostty-macos-universal.zip mv ghostty-macos-universal-dsym.zip blob/${GHOSTTY_VERSION}/ghostty-macos-universal-dsym.zip + mv Ghostty.dmg blob/${GHOSTTY_VERSION}/Ghostty.dmg - name: Upload to R2 uses: ryand56/r2-upload-action@latest with: diff --git a/.github/workflows/release-tip.yml b/.github/workflows/release-tip.yml index d4524d1dfd..a6caa64cee 100644 --- a/.github/workflows/release-tip.yml +++ b/.github/workflows/release-tip.yml @@ -239,7 +239,18 @@ jobs: # Codesign the app bundle /usr/bin/codesign --verbose -f -s "$MACOS_CERTIFICATE_NAME" -o runtime --entitlements "macos/Ghostty.entitlements" macos/build/Release/Ghostty.app - - name: "Notarize app bundle" + - name: Create DMG + env: + MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }} + run: | + npm install --global create-dmg + create-dmg \ + --identity="$MACOS_CERTIFICATE_NAME" \ + ./macos/build/Release/Ghostty.app \ + ./ + mv ./Ghostty*.dmg ./Ghostty.dmg + + - name: "Notarize DMG" env: PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }} PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }} @@ -250,22 +261,18 @@ jobs: echo "Create keychain profile" xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD" - # We can't notarize an app bundle directly, but we need to compress it as an archive. - # Therefore, we create a zip file containing our app bundle, so that we can send it to the - # notarization service - echo "Creating temp notarization archive" - ditto -c -k --keepParent "macos/build/Release/Ghostty.app" "notarization.zip" - # Here we send the notarization request to the Apple's Notarization service, waiting for the result. # This typically takes a few seconds inside a CI environment, but it might take more depending on the App # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if # you're curious - echo "Notarize app" - xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait + echo "Notarize dmg" + xcrun notarytool submit "Ghostty.dmg" --keychain-profile "notarytool-profile" --wait # Finally, we need to "attach the staple" to our executable, which will allow our app to be - # validated by macOS even when an internet connection is not available. + # validated by macOS even when an internet connection is not available. We do this to + # both the app and the dmg echo "Attach staple" + xcrun stapler staple "Ghostty.dmg" xcrun stapler staple "macos/build/Release/Ghostty.app" # Zip up the app and symbols @@ -283,7 +290,9 @@ jobs: prerelease: true tag_name: tip target_commitish: ${{ github.sha }} - files: ghostty-macos-universal.zip + files: | + ghostty-macos-universal.zip + Ghostty.dmg token: ${{ secrets.GH_RELEASE_TOKEN }} # Create our appcast for Sparkle @@ -292,7 +301,7 @@ jobs: SPARKLE_KEY: ${{ secrets.PROD_MACOS_SPARKLE_KEY }} run: | echo $SPARKLE_KEY > signing.key - sign_update -f signing.key ghostty-macos-universal.zip > sign_update.txt + sign_update -f signing.key Ghostty.dmg > sign_update.txt curl -L https://tip.files.ghostty.org/appcast.xml > appcast.xml python3 ./dist/macos/update_appcast_tip.py test -f appcast_new.xml @@ -304,6 +313,7 @@ jobs: mkdir -p blob/${GHOSTTY_COMMIT_LONG} cp ghostty-macos-universal.zip blob/${GHOSTTY_COMMIT_LONG}/ghostty-macos-universal.zip cp ghostty-macos-universal-dsym.zip blob/${GHOSTTY_COMMIT_LONG}/ghostty-macos-universal-dsym.zip + cp Ghostty.dmg blob/${GHOSTTY_COMMIT_LONG}/Ghostty.dmg - name: Upload to R2 uses: ryand56/r2-upload-action@latest diff --git a/dist/macos/update_appcast_tag.py b/dist/macos/update_appcast_tag.py index edda6d7ca0..4ef526019d 100644 --- a/dist/macos/update_appcast_tag.py +++ b/dist/macos/update_appcast_tag.py @@ -96,7 +96,7 @@

""" elem = ET.SubElement(item, "enclosure") -elem.set("url", f"https://release.files.ghostty.org/{version}/ghostty-macos-universal.zip") +elem.set("url", f"https://release.files.ghostty.org/{version}/Ghostty.dmg") elem.set("type", "application/octet-stream") for key, value in attrs.items(): elem.set(key, value) diff --git a/dist/macos/update_appcast_tip.py b/dist/macos/update_appcast_tip.py index 1465e8ca6b..ff1fb4be5d 100644 --- a/dist/macos/update_appcast_tip.py +++ b/dist/macos/update_appcast_tip.py @@ -94,7 +94,7 @@

""" elem = ET.SubElement(item, "enclosure") -elem.set("url", f"https://tip.files.ghostty.org/{commit_long}/ghostty-macos-universal.zip") +elem.set("url", f"https://tip.files.ghostty.org/{commit_long}/Ghostty.dmg") elem.set("type", "application/octet-stream") for key, value in attrs.items(): elem.set(key, value)