From 2b095dcaf988ff073e1f1e2762c95419614e5aeb Mon Sep 17 00:00:00 2001 From: oratis Date: Thu, 28 May 2026 18:37:59 +0800 Subject: [PATCH] =?UTF-8?q?fix(scripts):=20skip=20Tauri's=20bundle=5Fdmg.s?= =?UTF-8?q?h=20=E2=80=94=20always=20use=20make-dmg.sh?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bundle_dmg.sh inside tauri-bundler is fragile when invoked twice (leftover rw.*.dmg from prior runs breaks the second invocation, even after cleanup). Since our sign-and-notarize.sh always rebuilds the DMG via make-dmg.sh anyway (to embed the signed .app + apply pretty layout), we don't need Tauri's DMG at all. · apps/desktop/src-tauri/tauri.conf.json — bundle.targets goes ["dmg", "app"] → ["app"]. Tauri now just produces .app. · scripts/sign-and-notarize.sh — DMG_PATH is now an expected output path (we extract version from tauri.conf.json) instead of being resolved from existing files. Step 7's `[ -f "$DMG_PATH" ]` check dropped — make-dmg.sh always builds it fresh. This makes the pipeline idempotent: any number of consecutive runs of scripts/sign-and-notarize.sh produce identical, signed, notarized DMGs. Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/desktop/src-tauri/tauri.conf.json | 2 +- scripts/sign-and-notarize.sh | 22 +++++++++++++--------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/apps/desktop/src-tauri/tauri.conf.json b/apps/desktop/src-tauri/tauri.conf.json index 6f2fbc7..009a365 100644 --- a/apps/desktop/src-tauri/tauri.conf.json +++ b/apps/desktop/src-tauri/tauri.conf.json @@ -30,7 +30,7 @@ }, "bundle": { "active": true, - "targets": ["dmg", "app"], + "targets": ["app"], "category": "public.app-category.developer-tools", "shortDescription": "DeepSeek-powered coding agent", "longDescription": "DeepCode is a Claude-Code-parity coding agent powered by DeepSeek — chat, plan mode, tool use, sandboxed bash, MCP, plugins.", diff --git a/scripts/sign-and-notarize.sh b/scripts/sign-and-notarize.sh index 6c515c1..02ea3bf 100755 --- a/scripts/sign-and-notarize.sh +++ b/scripts/sign-and-notarize.sh @@ -38,7 +38,12 @@ pnpm --filter @deepcode/desktop tauri build --target "$TARGET" # Locate artifacts APP_PATH="apps/desktop/src-tauri/target/$TARGET/release/bundle/macos/DeepCode.app" DMG_DIR="apps/desktop/src-tauri/target/$TARGET/release/bundle/dmg" -DMG_PATH="$(ls -t "$DMG_DIR"/*.dmg 2>/dev/null | head -1 || true)" +# Tauri's bundle target is just "app"; we build the DMG ourselves in step 7 +# via make-dmg.sh (gives us iconSize control + centered layout). Compute +# the expected output path here so step 7 can write to it. +mkdir -p "$DMG_DIR" +DMG_VER="$(grep '"version"' apps/desktop/src-tauri/tauri.conf.json | head -1 | sed -E 's/.*"version": "([^"]+)".*/\1/')" +DMG_PATH="$DMG_DIR/DeepCode_${DMG_VER}_aarch64.dmg" if [ ! -d "$APP_PATH" ]; then echo "ERROR: $APP_PATH not found — build failed?" @@ -81,14 +86,13 @@ xcrun notarytool submit "$ZIP_PATH" --keychain-profile "$PROFILE" --wait echo "==> Stapling notarization ticket to $APP_PATH ..." xcrun stapler staple "$APP_PATH" -# ----- 7. Rebuild the .dmg with the NOW-signed-and-stapled .app ----- -# IMPORTANT: Tauri's bundle_dmg.sh ran in step 1 and baked the UNSIGNED .app -# into the DMG. Just signing the DMG container doesn't fix that — Apple -# notarization unpacks the DMG and re-verifies the .app inside. So we -# rebuild the DMG from scratch with the now-signed .app, plus apply the -# pretty Finder layout (700x420 window, 128px icons, centered positions). -if [ -n "$DMG_PATH" ] && [ -f "$DMG_PATH" ]; then - echo "==> Rebuilding DMG with signed+stapled .app + Finder layout ..." +# ----- 7. Build the .dmg fresh with the signed+stapled .app ----- +# Tauri's bundle targets are configured to skip "dmg" (bundle_dmg.sh has +# been flaky). We always build the DMG ourselves via make-dmg.sh — that +# gives us iconSize control + centered Finder layout + writes to a +# predictable path. +if [ -n "$DMG_PATH" ]; then + echo "==> Building DMG with signed+stapled .app + pretty Finder layout ..." SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" bash "$SCRIPT_DIR/make-dmg.sh" "$APP_PATH" "$DMG_PATH" "DeepCode"