ci(lite): add signing and notarizing to macOS distribution#13490
Merged
ci(lite): add signing and notarizing to macOS distribution#13490
Conversation
slarse
requested review from
Byron,
Caleb-T-Owens,
estib-vega,
krlvi,
mtsgrd and
schacon
as code owners
slarse
force-pushed
the
add-macos-signing-to-lite-packaging
branch
from
9f5ba91 to
229473a
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds macOS code signing and notarization support to the Lite Electron distribution to make macOS installs smoother (Gatekeeper/notarization compliant).
Changes:
- Add an
afterSignhook that runs@electron/notarizeon macOS builds. - Enable hardened runtime and add macOS entitlements in the electron-builder config.
- Provide signing/notarization secrets to the Lite GitHub Actions workflow and add the notarization dependency.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
pnpm-lock.yaml |
Locks @electron/notarize dependency and related resolution changes. |
apps/lite/scripts/after-sign.js |
Implements the macOS notarization hook executed after signing. |
apps/lite/resources/entitlements.mac.plist |
Adds hardened runtime entitlements used when signing the main app. |
apps/lite/resources/entitlements.mac.inherit.plist |
Adds entitlements inherited by child processes/bundled components. |
apps/lite/package.json |
Wires afterSign hook and sets macOS signing/hardened runtime options for electron-builder. |
.github/workflows/lite.yml |
Supplies signing + notarization environment variables/secrets for macOS CI builds. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
krlvi
approved these changes
Apr 23, 2026
slarse
force-pushed
the
add-macos-signing-to-lite-packaging
branch
from
229473a to
51b6ecb
Compare
slarse
force-pushed
the
add-macos-signing-to-lite-packaging
branch
from
f4df948 to
1141e2e
Compare
slarse
force-pushed
the
add-macos-signing-to-lite-packaging
branch
from
129401b to
bbd4148
Compare
slarse
force-pushed
the
add-macos-signing-to-lite-packaging
branch
from
bbd4148 to
8c0ae80
Compare
slarse
force-pushed
the
add-macos-signing-to-lite-packaging
branch
from
8c0ae80 to
f8df5b1
Compare
slarse
force-pushed
the
add-macos-signing-to-lite-packaging
branch
from
75acd6f to
35c1aa9
Compare
Contributor
Author
|
Appears to be working as intended so this is going in! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🧢 Changes
Adds in signing and notarizing to the macOS distribution so we can more easily install it.