diff --git a/.env.example b/.env.example index ea127aaf..9f778853 100644 --- a/.env.example +++ b/.env.example @@ -4,3 +4,10 @@ IS_DEV_ENV=0 IS_AUTO_UPDATE_DISABLED=0 EP_GH_IGNORE_TIME=true GH_TOKEN= + +NOTARIZE=0 +APPLE_TEAM_ID= +APPLE_ID= +APPLE_APP_SPECIFIC_PASSWORD= +CSC_LINK= +CSC_KEY_PASSWORD= diff --git a/.github/workflows/build-electron-app.yml b/.github/workflows/build-electron-app.yml index 0f07009b..7e6b09ff 100644 --- a/.github/workflows/build-electron-app.yml +++ b/.github/workflows/build-electron-app.yml @@ -19,6 +19,9 @@ on: isBfxApiStaging: description: 'Is it necessary to use BFX API Staging? (true / 1)?' required: false + isNotarizeDisabled: + description: 'Is notarize disabled (true / 1)?' + required: false env: DOCKER_BUILDKIT: 1 @@ -96,13 +99,17 @@ jobs: sudo chown -R $(id -u):$(id -g) ~/.cache/electron-builder mac-builder: - timeout-minutes: 90 + timeout-minutes: 150 runs-on: macos-12 steps: - name: Checkout uses: actions/checkout@v4 with: submodules: recursive + - name: Replace macOS’s sed with GNU’s sed + run: | + brew install gnu-sed + echo "$(brew --prefix)/opt/gnu-sed/libexec/gnubin" >> $GITHUB_PATH - name: Set repo owner run: | sed -i -e \ @@ -118,6 +125,10 @@ jobs: name: Turn off auto-update run: | echo "IS_AUTO_UPDATE_DISABLED=1" >> $GITHUB_ENV + - if: ${{ !contains(fromJson('["true", "1", true, 1]'), github.event.inputs.isNotarizeDisabled) }} + name: Turn on notarize + run: | + echo "NOTARIZE=1" >> $GITHUB_ENV - if: contains(fromJson('["true", "1", true, 1]'), github.event.inputs.isBfxApiStaging) name: Use BFX API Staging for queries run: | @@ -132,7 +143,7 @@ jobs: cache-name: electron-cache-v1 with: path: | - ~/Library/Caches/electron + ${{ runner.temp }}/.cache/electron key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('package.json') }} restore-keys: | ${{ runner.os }}-build-${{ env.cache-name }}- @@ -141,14 +152,26 @@ jobs: uses: nick-fields/retry@v2 continue-on-error: false env: + APPLE_TEAM_ID: ${{ secrets.BFX_APPLE_TEAM_ID }} + APPLE_ID: ${{ secrets.BFX_APPLE_ID_USERNAME }} + APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.BFX_APPLE_ID_REPORT_PASSWORD }} + CSC_LINK: ${{ secrets.BFX_APPLE_BUILD_CERTIFICATE_B64 }} + CSC_KEY_PASSWORD: ${{ secrets.BFX_APPLE_BUILD_CERTIFICATE_PASSWORD }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - ELECTRON_CACHE: ~/Library/Caches/electron + ELECTRON_CACHE: ${{ runner.temp }}/.cache/electron with: - timeout_minutes: 20 + timeout_minutes: 40 retry_wait_seconds: 10 max_attempts: 3 retry_on: any - command: ./scripts/build-release.sh -mp + command: | + if [[ -z "${APPLE_TEAM_ID}" ]]; then unset NOTARIZE; fi + if [[ -z "${APPLE_TEAM_ID}" ]]; then unset APPLE_TEAM_ID; fi + if [[ -z "${APPLE_ID}" ]]; then unset APPLE_ID; fi + if [[ -z "${APPLE_APP_SPECIFIC_PASSWORD}" ]]; then unset APPLE_APP_SPECIFIC_PASSWORD; fi + if [[ -z "${CSC_LINK}" ]]; then unset CSC_LINK; fi + if [[ -z "${CSC_KEY_PASSWORD}" ]]; then unset CSC_KEY_PASSWORD; fi + ./scripts/build-release.sh -mp - name: Zip Mac Unpacked build run: zip -r dist/mac.zip dist/mac - name: Upload Mac Unpacked build diff --git a/CHANGELOG.md b/CHANGELOG.md index d5e813f9..b48da19b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [4.18.0] - 2024-01-31 + +### Added + +- Added Apple signing and notarization workflow. PR: [bfx-report-electron#299](https://github.com/bitfinexcom/bfx-report-electron/pull/299) +- Implemented users informing about the [platform maintenance](https://bitfinex.statuspage.io/) mode. PR: [bfx-report-ui#756](https://github.com/bitfinexcom/bfx-report-ui/pull/756) +- Implemented configurable balances representation `Filter` for the `Summary by Asset` section. PR: [bfx-report-ui#753](https://github.com/bitfinexcom/bfx-report-ui/pull/753) +- Implemented `Google Tag Manager` support for the `Reports` and events tracking. PR: [bfx-report-ui#762](https://github.com/bitfinexcom/bfx-report-ui/pull/762) + +### Changed + +- Improved user informing about the initial synchronization. PR: [bfx-report-ui#760](https://github.com/bitfinexcom/bfx-report-ui/pull/760) +- Improved login to sign in when `otp` length is `6`. PR: [bfx-report-ui#758](https://github.com/bitfinexcom/bfx-report-ui/pull/758) + +### Fixed + +- Fixed lint error. PR: [bfx-report-ui#763](https://github.com/bitfinexcom/bfx-report-ui/pull/763) + +### Security + +- Resolved `dependabot` dependency updates, bumped `follow-redirects` from `1.15.3` to `1.15.4`. PR: [bfx-report-ui#755](https://github.com/bitfinexcom/bfx-report-ui/pull/755) +- Replaced `Lodash` `_isObject` helper usage with the corresponding one from the internal library for security reasons. PR: [bfx-report-ui#761](https://github.com/bitfinexcom/bfx-report-ui/pull/761) + ## [4.17.0] - 2024-01-10 ### Added diff --git a/bfx-report-ui b/bfx-report-ui index 471d8d1c..1236f970 160000 --- a/bfx-report-ui +++ b/bfx-report-ui @@ -1 +1 @@ -Subproject commit 471d8d1cf15d057d310fae991da335d0d01eaf38 +Subproject commit 1236f970ba0b1c4c9b5274dd1049ade7814febf9 diff --git a/bfx-reports-framework b/bfx-reports-framework index 1fc8ca69..bd237349 160000 --- a/bfx-reports-framework +++ b/bfx-reports-framework @@ -1 +1 @@ -Subproject commit 1fc8ca6911e9382d193fc8b97ad734d7fcb6a42c +Subproject commit bd2373497d981c13ee59f53242b601cbb14ddfca diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist index 34d93599..b64de357 100644 --- a/build/entitlements.mac.plist +++ b/build/entitlements.mac.plist @@ -2,7 +2,7 @@ - com.apple.security.app-sandbox + com.apple.security.inherit com.apple.security.network.client @@ -22,5 +22,13 @@ com.apple.security.cs.disable-library-validation + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-dyld-environment-variables + + com.apple.security.cs.debugger + + com.apple.security.automation.apple-events + diff --git a/build/entitlements.mas.inherit.plist b/build/entitlements.mas.inherit.plist index 4b8d65fa..b64de357 100644 --- a/build/entitlements.mas.inherit.plist +++ b/build/entitlements.mas.inherit.plist @@ -2,8 +2,6 @@ - com.apple.security.app-sandbox - com.apple.security.inherit com.apple.security.network.client @@ -24,5 +22,13 @@ com.apple.security.cs.disable-library-validation + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-dyld-environment-variables + + com.apple.security.cs.debugger + + com.apple.security.automation.apple-events + diff --git a/electron-builder-config.js b/electron-builder-config.js index 64d7ae71..0938f268 100644 --- a/electron-builder-config.js +++ b/electron-builder-config.js @@ -1,5 +1,6 @@ 'use strict' +require('dotenv').config() const fs = require('fs') const path = require('path') const zlib = require('zlib') @@ -7,10 +8,32 @@ const { promisify } = require('util') const archiver = require('archiver') const exec = promisify(require('child_process').exec) +const parseEnvValToBool = require( + './src/helpers/parse-env-val-to-bool' +) + let version let zippedAppImageArtifactPath let zippedMacArtifactPath const appOutDirs = new Map() +const isNotarize = parseEnvValToBool(process.env.NOTARIZE) +const arch = process.env.ARCH ?? 'x64' + +// Notarize can be done only on MacOS +const macNotarize = ( + process.platform === 'darwin' && + isNotarize +) + ? { + notarize: { + teamId: process.env.APPLE_TEAM_ID + } + } + : {} +// DMG can be built only on MacOS +const macSpecificTargets = process.platform === 'darwin' + ? ['dmg', 'zip'] + : [] /* eslint-disable no-template-curly-in-string */ @@ -60,7 +83,7 @@ module.exports = { extends: null, asar: false, productName: 'Bitfinex Report', - artifactName: 'BitfinexReport-${version}-x64-${os}.${ext}', + artifactName: 'BitfinexReport-${version}-' + arch + '-${os}.${ext}', appId: 'com.bitfinex.report', publish: { provider: 'github', @@ -92,14 +115,18 @@ module.exports = { verifyUpdateCodeSignature: false }, mac: { - type: 'development', + type: 'distribution', hardenedRuntime: true, gatekeeperAssess: false, entitlements: 'build/entitlements.mac.plist', entitlementsInherit: 'build/entitlements.mas.inherit.plist', category: 'public.app-category.finance', + minimumSystemVersion: '11', + darkModeSupport: true, + ...macNotarize, target: [ - 'dir' + 'dir', + ...macSpecificTargets ] }, files: [ @@ -213,14 +240,16 @@ module.exports = { ? 'exe' : targetName const foundAppFilePath = artifactPaths.find((path) => ( - new RegExp(`${targetPlatform}.*${ext}$`, 'i').test(path) + new RegExp(`${arch}.*${targetPlatform}.*${ext}$`, 'i').test(path) )) const appFilePath = foundAppFilePath ?? path.join( outDir, - `BitfinexReport-${version}-x64-${targetPlatform}.${ext}` + `BitfinexReport-${version}-${arch}-${targetPlatform}.${ext}` ) if ( + // Outside darwin zip release can't be built successfully + process.platform !== 'darwin' && targetPlatform === 'mac' && targetName === 'zip' ) { @@ -261,7 +290,7 @@ module.exports = { ) { zippedAppImageArtifactPath = path.join( outDir, - `BitfinexReport-${version}-x64-${targetPlatform}.AppImage.zip` + `BitfinexReport-${version}-${arch}-${targetPlatform}.AppImage.zip` ) await new Promise((resolve, reject) => { try { diff --git a/package.json b/package.json index 84509832..8ef86696 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "bfx-report-electron", - "version": "4.17.0", + "version": "4.18.0", "repository": "https://github.com/bitfinexcom/bfx-report-electron", "description": "Reporting tool", "author": "bitfinex.com", @@ -42,6 +42,7 @@ "@wdio/spec-reporter": "8.21.0", "app-builder-bin": "4.2.0", "cross-env": "7.0.3", + "dotenv": "16.3.1", "electron": "27.2.0", "electron-builder": "24.10.0", "mocha": "10.2.0", diff --git a/scripts/build-release.sh b/scripts/build-release.sh index 601317d5..3862083b 100755 --- a/scripts/build-release.sh +++ b/scripts/build-release.sh @@ -17,7 +17,7 @@ COLOR_YELLOW=${COLOR_YELLOW:-"\033[33m"} COLOR_BLUE=${COLOR_BLUE:-"\033[34m"} COLOR_NORMAL=${COLOR_NORMAL:-"\033[39m"} -ARCH="x64" +export ARCH=${ARCH:-"x64"} BFX_API_URL="https://api-pub.bitfinex.com" STAGING_BFX_API_URL="https://api.staging.bitfinex.com" @@ -230,7 +230,7 @@ fi rm -rf "$DIST_FOLDER/"*"$targetPlatform"* node "$ROOT/node_modules/.bin/electron-builder" \ - "build" "--$targetPlatform" \ + "build" "--$targetPlatform" "--$ARCH" \ "--config" "$ELECTRON_BUILDER_CONFIG_FILE_PATH" \ $publishOption diff --git a/scripts/node/generate-mac-zipand-blockmap.js b/scripts/node/generate-mac-zipand-blockmap.js index 6af9fd6c..d1966259 100644 --- a/scripts/node/generate-mac-zipand-blockmap.js +++ b/scripts/node/generate-mac-zipand-blockmap.js @@ -2,6 +2,7 @@ 'use strict' +require('dotenv').config() const path = require('path') const { chmodSync } = require('fs') const { @@ -24,7 +25,7 @@ const { version: APP_VERSION } = require(packageJsonPath) -const ARCH = 'x64' +const ARCH = process.env.ARCH ?? 'x64' const APP_NAME = productName.replace(/\s/g, '') const APP_DIST_PATH = path.join(cwd, 'dist') const appReleaseFileName = `${APP_NAME}-${APP_VERSION}-${ARCH}-mac.zip` diff --git a/src/helpers/parse-env-val-to-bool.js b/src/helpers/parse-env-val-to-bool.js index 2b2f4359..f0d3c663 100644 --- a/src/helpers/parse-env-val-to-bool.js +++ b/src/helpers/parse-env-val-to-bool.js @@ -4,6 +4,9 @@ module.exports = (value) => { if (typeof value === 'boolean') { return value } + if (!value) { + return false + } const normalizedValue = value.toString() .trim()