try tag

.github/workflows/macOSBuild.yml

@@ -13,7 +13,7 @@ jobs:
      name: MacOS Build
      strategy:
        matrix:
-         os: [macos-12, macos-13]
+         os: [macos-13]
 
      runs-on: ${{ matrix.os }}
 
@@ -48,24 +48,132 @@ jobs:
          cd build
          qmake -config release ..
          make -j4
-     - name: Build dmg
+     - name: Build app
        run: |
          cd build
-         macdeployqt qlog.app
+         macdeployqt qlog.app -executable=./qlog.app/Contents/MacOS/qlog
          cp `brew --prefix`/lib/libhamlib.dylib qlog.app/Contents/Frameworks/libhamlib.dylib
          cp `brew --prefix`/lib/libqt6keychain.dylib qlog.app/Contents/Frameworks/libqt6keychain.dylib
          cp `brew --prefix`/lib/libdbus-1.dylib qlog.app/Contents/Frameworks/libdbus-1.dylib
-         cp `brew --prefix brotli`/lib/libbrotlicommon.1.dylib qlog.app/Contents/Frameworks/libbrotlicommon.1.dylib
+         cp `brew --prefix`/lib/libbrotlicommon.1.dylib qlog.app/Contents/Frameworks/libbrotlicommon.1.dylib
          cp `brew --prefix`/opt/icu4c/lib/libicui18n.74.dylib qlog.app/Contents/Frameworks/libicui18n.74.dylib
+         cp `brew --prefix`/lib/libglib-2.0.0.dylib qlog.app/Contents/Frameworks/libglib-2.0.0.dylib
+         cp `brew --prefix`/lib/libbrotlidec.1.dylib qlog.app/Contents/Frameworks/libbrotlidec.1.dylib
+         install_name_tool -change `brew --prefix`/lib/libglib-2.0.0.dylib @executable_path/../Frameworks/libglib-2.0.0.dylib qlog.app/Contents/MacOS/qlog
+         install_name_tool -change `brew --prefix`/lib/libbrotlidec.1.dylib @executable_path/../Frameworks/libbrotlidec.1.dylib qlog.app/Contents/MacOS/qlog
+         install_name_tool -change `brew --prefix`/lib/libbrotlicommon.1.dylib @executable_path/../Frameworks/libbrotlicommon.1.dylib qlog.app/Contents/MacOS/qlog
          install_name_tool -change `brew --prefix`/lib/libhamlib.dylib @executable_path/../Frameworks/libhamlib.dylib qlog.app/Contents/MacOS/qlog
          install_name_tool -change `brew --prefix`/lib/libqt6keychain.dylib @executable_path/../Frameworks/libqt6keychain.dylib qlog.app/Contents/MacOS/qlog
-         install_name_tool -change @loader_path/libbrotlicommon.1.dylib @executable_path/../Frameworks/libbrotlicommon.1.dylib qlog.app/Contents/MacOS/qlog 
-         install_name_tool -change /usr/local/opt/icu4c/lib/libicui18n.74.dylib @executable_path/../Frameworks/libicui18n.74.dylib qlog.app/Contents/MacOS/qlog
+         install_name_tool -change `brew --prefix`/lib/libbrotlicommon.1.dylib @executable_path/../Frameworks/libbrotlicommon.1.dylib qlog.app/Contents/MacOS/qlog 
+         install_name_tool -change `brew --prefix`/opt/icu4c/lib/libicui18n.74.dylib @executable_path/../Frameworks/libicui18n.74.dylib qlog.app/Contents/MacOS/qlog
          otool -L qlog.app/Contents/MacOS/qlog
-         macdeployqt qlog.app -dmg
+         macdeployqt qlog.app -executable=./qlog.app/Contents/MacOS/qlog
+     - name: Codesign app bundle
+         # Extract the secrets we defined earlier as environment variables
+       env: 
+           MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
+           MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
+           MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
+           MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
+       run: |
+           # Turn our base64-encoded certificate back to a regular .p12 file
+           echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
+           # We need to create a new keychain, otherwise using the certificate will prompt
+           # with a UI dialog asking for the certificate password, which we can't
+           # use in a headless CI environment
+           security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain 
+           security default-keychain -s build.keychain
+           security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+           security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
+           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+           # We finally codesign our app bundle, specifying the Hardened runtime option
+           /usr/bin/codesign --timestamp -s "$MACOS_CERTIFICATE_NAME" --options runtime --deep -f /Users/runner/work/QLog/QLog/build/qlog.app
+     - name: "Notarize app bundle"
+         # Extract the secrets we defined earlier as environment variables
+       env:
+           PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
+           PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
+           PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
+       run: |
+           # Store the notarization credentials so that we can prevent a UI password dialog
+           # from blocking the CI
+
+           echo "Create keychain profile"
+           xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
+           
+           echo "Creating temp notarization archive"
+           ditto -c -k --keepParent "/Users/runner/work/QLog/QLog/build/qlog.app" "notarization.zip"
+
+           # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
+           # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
+           # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
+           # you're curious
+
+           echo "Notarize app"
+           xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
+
+           echo "Attach staple"
+           xcrun stapler staple "/Users/runner/work/QLog/QLog/build/qlog.app"   
+     - name: make dmg
+       run: |
+         mkdir out
+         cp -R "/Users/runner/work/QLog/QLog/build/qlog.app" out
+         cd out
+         ln -s /Applications/ Applications
+         cd ..
+         hdiutil create -volname "QLog Installer" -srcfolder out -ov -format UDZO "/Users/runner/work/QLog/QLog/build/qlog.dmg"
+     - name: Codesign dmg bundle
+         # Extract the secrets we defined earlier as environment variables
+       env: 
+           MACOS_CERTIFICATE: ${{ secrets.PROD_MACOS_CERTIFICATE }}
+           MACOS_CERTIFICATE_PWD: ${{ secrets.PROD_MACOS_CERTIFICATE_PWD }}
+           MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
+           MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
+       run: |
+           # Turn our base64-encoded certificate back to a regular .p12 file
+           ##echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
+           # We need to create a new keychain, otherwise using the certificate will prompt
+           # with a UI dialog asking for the certificate password, which we can't
+           # use in a headless CI environment
+           ##security create-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain 
+           ##security default-keychain -s build.keychain
+           ##security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+           ##security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
+           ##security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
+           # We finally codesign our app bundle, specifying the Hardened runtime option
+           /usr/bin/codesign --timestamp -s "$MACOS_CERTIFICATE_NAME" --options runtime --deep -f /Users/runner/work/QLog/QLog/build/qlog.dmg
+     - name: "Notarize app bundle"
+         # Extract the secrets we defined earlier as environment variables
+       env:
+           PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
+           PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
+           PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
+       run: |
+           # Store the notarization credentials so that we can prevent a UI password dialog
+           # from blocking the CI
+
+           echo "Create keychain profile"
+           xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
+           
+           echo "Creating temp notarization archive"
+           ditto -c -k --keepParent "/Users/runner/work/QLog/QLog/build/qlog.dmg" "notarization.zip"
+
+           # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
+           # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
+           # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
+           # you're curious
+
+           echo "Notarize app"
+           xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
+
+           echo "Attach staple"
+           xcrun stapler staple "/Users/runner/work/QLog/QLog/build/qlog.dmg"           
      - name: Copy artifact
        uses: actions/upload-artifact@v4
        with:
          name: QLog-${{ env.TAGVERSION }}-${{ matrix.os }}
          path: /Users/runner/work/QLog/QLog/build/qlog.dmg
 
+
+
+

.gitignore

@@ -49,3 +49,4 @@ compile_commands.json
 
 # QtCreator local machine specific files for imported projects
 *creator.user*
+/build

entitlements.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+<key>com.apple.security.cs.disable-executable-page-protection</key>
+<true/>
+</dict>
+</plist>