From f00889d13a0a92a4f9df70427dc1a436610b10db Mon Sep 17 00:00:00 2001
From: ali asaria <ali.asaria@gmail.com>
Date: Tue, 12 Mar 2024 06:51:19 -0400
Subject: [PATCH] update notarization method and keys

---
 .erb/scripts/notarize.js      | 13 ++++++-------
 .github/workflows/publish.yml | 12 ++++++++----
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/.erb/scripts/notarize.js b/.erb/scripts/notarize.js
index 3ede29a7..26ba8c14 100644
--- a/.erb/scripts/notarize.js
+++ b/.erb/scripts/notarize.js
@@ -12,9 +12,9 @@ exports.default = async function notarizeMacos(context) {
     return;
   }
 
-  if (!('APPLE_ID' in process.env && 'APPLE_ID_PASS' in process.env)) {
+  if (!('APPLE_API_KEY' in process.env && 'APPLE_API_KEY_ID' in process.env)) {
     console.warn(
-      'Skipping notarizing step. APPLE_ID and APPLE_ID_PASS env variables must be set'
+      'Skipping notarizing step. APPLE_API_KEY and APPLE_API_KEY_ID env variables must be set'
     );
     return;
   }
@@ -22,11 +22,10 @@ exports.default = async function notarizeMacos(context) {
   const appName = context.packager.appInfo.productFilename;
 
   await notarize({
-    appBundleId: build.appId,
     appPath: `${appOutDir}/${appName}.app`,
-    appleId: process.env.APPLE_ID,
-    appleIdPassword: process.env.APPLE_ID_PASS,
-    teamId: process.env.APPLE_TEAM_ID,
-    tool: 'legacy',
+    appleApiKey: process.env.APPLE_API_KEY,
+    appleApiKeyId: process.env.APPLE_API_KEY_ID,
+    appleApiIssuer: process.env.APPLE_API_ISSUER,
+    tool: 'notarytool',
   });
 };
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index e10028bf..4654a486 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -8,7 +8,6 @@ on:
 
 jobs:
   publish:
-
     runs-on: ${{ matrix.os }}
 
     strategy:
@@ -31,14 +30,19 @@ jobs:
           npm run postinstall
           npm run build
 
+      - name: copy p8 key to file
+        run: |
+          echo "${{ secrets.APPLE_API_KEY_P8_FILE }}" > api_key.p8
+
       - name: Publish releases
         env:
           # These values are used for auto updates signing
-          APPLE_ID: ${{ secrets.APPLE_ID }}
-          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASS }}
-          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
           CSC_LINK: ${{ secrets.CSC_LINK }}
           CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+          # Used for apple notarization
+          APPLE_API_KEY: 'api_key.p8'
+          APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
           # This is used for uploading release assets to github
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-- 
GitLab