From b24d80a2675d478004faecb2237cf35c08af707c Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Fri, 3 May 2024 12:59:59 +0530
Subject: [PATCH] Move to new notarization mechanism

Refs:
- https://www.electron.build/configuration/mac.html#NotarizeLegacyOptions
- https://github.com/electron-userland/electron-builder/blob/master/packages/app-builder-lib/src/macPackager.ts
- https://github.com/samuelmeuli/action-electron-builder/issues/101
---
 desktop/.github/workflows/desktop-release.yml | 14 ++++----------
 desktop/electron-builder.yml                  |  1 +
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/desktop/.github/workflows/desktop-release.yml b/desktop/.github/workflows/desktop-release.yml
index 7013d3e579..fc1464cd99 100644
--- a/desktop/.github/workflows/desktop-release.yml
+++ b/desktop/.github/workflows/desktop-release.yml
@@ -55,13 +55,6 @@ jobs:
             - name: Install dependencies
               run: yarn install
 
-            - name: Prepare for app notarization
-              if: startsWith(matrix.os, 'macos')
-              # Import Apple API key for app notarization on macOS
-              run: |
-                  mkdir -p ~/private_keys/
-                  echo '${{ secrets.API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.API_KEY_ID }}.p8
-
             - name: Install libarchive-tools for pacman build
               if: startsWith(matrix.os, 'ubuntu')
               # See:
@@ -84,7 +77,8 @@ jobs:
                   mac_certs: ${{ secrets.MAC_CERTS }}
                   mac_certs_password: ${{ secrets.MAC_CERTS_PASSWORD }}
               env:
-                  # macOS notarization API key details
-                  API_KEY_ID: ${{ secrets.API_KEY_ID }}
-                  API_KEY_ISSUER_ID: ${{ secrets.API_KEY_ISSUER_ID }}
+                  # macOS notarization credentials key details
+                  APPLE_ID: ${{ secrets.APPLE_ID }}
+                  APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+                  APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
                   USE_HARD_LINKS: false
diff --git a/desktop/electron-builder.yml b/desktop/electron-builder.yml
index 298b1c5f36..f62033fb9c 100644
--- a/desktop/electron-builder.yml
+++ b/desktop/electron-builder.yml
@@ -29,4 +29,5 @@ mac:
         arch: [universal]
     category: public.app-category.photography
     hardenedRuntime: true
+    notarize: true
 afterSign: electron-builder-notarize