chore(ci): build for distribution

Author: ethanndickson

.github/workflows/ci.yml

@@ -17,6 +17,7 @@ jobs:
   test:
     name: test
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}}
+    if: false
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
@@ -43,6 +44,7 @@ jobs:
   format:
     name: fmt
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}}
+    if: false
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
@@ -69,6 +71,7 @@ jobs:
   lint:
     name: lint
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}}
+    if: false
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4

.github/workflows/release.yml

@@ -0,0 +1,62 @@
+name: release
+
+on:
+  # TODO: Switch to on `v*` tag push
+  pull_request:
+
+# permissions:
+#   # To upload assets to the release
+#   contents: write
+
+jobs:
+  build:
+    runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}}
+    if: ${{ github.repository_owner == 'coder' }}
+    env: 
+      CERT_PATH:       /tmp/apple_cert.p12
+      APP_PROF_PATH:   /tmp/app.provisionprofile
+      EXT_PROF_PATH:   /tmp/ext.provisionprofile
+      KEYCHAIN_PATH:   /tmp/app-signing.keychain-db"
+      RELEASE_BUILD:   true
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+      
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 1
+
+      - name: Switch XCode Version
+        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
+        with:
+          xcode-version: "16.0.0"
+      
+      # - name: Setup Nix
+      #   uses: ./.github/actions/nix-devshell
+
+      - name: Install Cert & Retrieve Provisioning Profiles
+        run: |
+          set -euxo pipefail
+          echo -n "${{ secrets.APPLE_DEVELOPER_ID_PKCS12_B64 }}" | base64 -d -o "$CERT_PATH"
+          security create-keychain -p "" "$KEYCHAIN_PATH"
+          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
+          security unlock-keychain -p "" "$KEYCHAIN_PATH"
+          security import "$CERT_PATH" -P "${{ secrets.APPLE_DEVELOPER_ID_PKCS12_PASSWORD }}" -A -t cert -f pkcs12 -k "$KEYCHAIN_PATH"
+          security list-keychain -d user -s "$KEYCHAIN_PATH"
+
+          echo -n "${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }}" | base64 -d -o "$APP_PROF_PATH"
+          echo -n "${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }}" | base64 -d -o "EXT_PROF_PATH"
+
+      - name: Build
+        run: |
+          make
+          ./scripts/build.sh
+
+      - name: Clean Up
+        if: always()
+        run: |
+          security delete-keychain "$KEYCHAIN_PATH"
+          rm -f /tmp/{apple_cert.p12,app.provisionprofile,ext.provisionprofile,app-signing.keychain-db}

Coder Desktop/Coder Desktop/Views/LoginForm.swift

@@ -194,7 +194,9 @@ enum LoginField: Hashable {
     case sessionToken
 }
 
-#Preview {
-    LoginForm<PreviewSession>()
-        .environmentObject(PreviewSession())
-}
+#if DEBUG
+    #Preview {
+        LoginForm<PreviewSession>()
+            .environmentObject(PreviewSession())
+    }
+#endif

Coder Desktop/Coder Desktop/Views/Settings/NetworkTab.swift

@@ -9,6 +9,8 @@ struct NetworkTab<VPN: VPNService>: View {
     }
 }
 
-#Preview {
-    NetworkTab<PreviewVPN>()
-}
+#if DEBUG
+    #Preview {
+        NetworkTab<PreviewVPN>()
+    }
+#endif

Coder Desktop/Coder Desktop/Views/VPNMenu.swift

@@ -88,8 +88,10 @@ struct VPNMenu<VPN: VPNService, S: Session>: View {
     }
 }
 
-#Preview {
-    VPNMenu<PreviewVPN, PreviewSession>().frame(width: 256)
-        .environmentObject(PreviewVPN())
-        .environmentObject(PreviewSession())
-}
+#if DEBUG
+    #Preview {
+        VPNMenu<PreviewVPN, PreviewSession>().frame(width: 256)
+            .environmentObject(PreviewVPN())
+            .environmentObject(PreviewSession())
+    }
+#endif

Coder Desktop/project.yml

@@ -2,7 +2,7 @@ name: "Coder Desktop"
 options:
   bundleIdPrefix: com.coder
   deploymentTarget:
-    macOS: "14.6"
+    macOS: "14.0"
   xcodeVersion: "1600"
   minimumXcodeGenVersion: "2.42.0"
 
@@ -114,7 +114,7 @@ targets:
       path: Coder Desktop/Coder_Desktop.entitlements
       properties:
         com.apple.developer.networking.networkextension:
-          - packet-tunnel-provider
+          - packet-tunnel-provider${PTP_SUFFIX}
         com.apple.developer.system-extension.install: true
         com.apple.security.app-sandbox: true
         com.apple.security.files.user-selected.read-only: true
@@ -135,6 +135,8 @@ targets:
         INFOPLIST_KEY_NSHumanReadableCopyright: ""
         SWIFT_EMIT_LOC_STRINGS: YES
         PRODUCT_BUNDLE_IDENTIFIER: "com.coder.Coder-Desktop"
+        # Populated from environment variables at `xcodebuild` time
+        PROVISIONING_PROFILE_SPECIFIER: $CODER_APP_PROFILE
 
         # (ThomasK33): Install the application into the /Applications folder
         # so that macOS stops complaining about the app being run from an
@@ -146,7 +148,7 @@ targets:
     dependencies:
       - target: CoderSDK
         embed: true
-      - target: VPNXPC
+      - target: VPNLib
         embed: true
       - target: VPN
         embed: without-signing # Embed without signing.
@@ -200,7 +202,8 @@ targets:
       path: VPN/VPN.entitlements
       properties:
         com.apple.developer.networking.networkextension:
-          - packet-tunnel-provider
+          # PTP_SUFFIX is populated at `xcodegen` time.
+          - packet-tunnel-provider${PTP_SUFFIX}
         com.apple.security.app-sandbox: true
         com.apple.security.application-groups:
           - $(TeamIdentifierPrefix)com.coder.Coder-Desktop
@@ -215,13 +218,13 @@ targets:
         PRODUCT_NAME: "$(PRODUCT_BUNDLE_IDENTIFIER)"
         SWIFT_EMIT_LOC_STRINGS: YES
         SWIFT_OBJC_BRIDGING_HEADER: "VPN/com_coder_Coder_Desktop_VPN-Bridging-Header.h"
+        # Populated from environment variables at `xcodebuild` time
+        PROVISIONING_PROFILE_SPECIFIER: $CODER_EXT_PROFILE
     dependencies:
       - target: VPNLib
         embed: true
       - target: CoderSDK
         embed: true
-      - target: VPNXPC
-        embed: true
       - sdk: NetworkExtension.framework
 
   VPNLib:
@@ -281,6 +284,8 @@ targets:
         DYLIB_COMPATIBILITY_VERSION: 1
         DYLIB_CURRENT_VERSION: 1
         DYLIB_INSTALL_NAME_BASE: "@rpath"
+        CODE_SIGN_IDENTITY: "Apple Development"
+        CODE_SIGN_STYLE: Automatic
     scheme:
       testTargets:
         - CoderSDKTests

Makefile

@@ -11,14 +11,22 @@ XCPROJECT := Coder\ Desktop/Coder\ Desktop.xcodeproj
 SCHEME := Coder\ Desktop
 SWIFT_VERSION := 6.0
 
+ifdef RELEASE_BUILD
+PTP_SUFFIX := -systemextension
+else
+PTP_SUFFIX := ""
+endif
+
 .PHONY: setup
 setup: \
 	$(XCPROJECT) \
 	$(PROJECT)/VPNLib/vpn.pb.swift
 
 $(XCPROJECT): $(PROJECT)/project.yml
 	cd $(PROJECT); \
-		SWIFT_VERSION=$(SWIFT_VERSION) xcodegen
+		SWIFT_VERSION=$(SWIFT_VERSION) \
+		PTP_SUFFIX=$(PTP_SUFFIX) \
+		xcodegen
 
 $(PROJECT)/VPNLib/vpn.pb.swift: $(PROJECT)/VPNLib/vpn.proto
 	protoc --swift_opt=Visibility=public --swift_out=. 'Coder Desktop/VPNLib/vpn.proto'

scripts/build.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+get_uuid() {
+    strings "$1" | grep -E -o '[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}'
+}
+
+# Build Documentatation @ https://developer.apple.com/forums/thread/737894
+
+XCODE_PROVISIONING_PROFILES_DIR="$HOME/Library/Developer/Xcode/UserData/Provisioning Profiles"
+CODE_SIGN_IDENTITY="Developer ID Application: Coder Technologies Inc (4399GN35BJ)"
+
+app_prof_id=$(get_uuid "$APP_PROF_PATH")
+ext_prof_id=$(get_uuid "$EXT_PROF_PATH")
+
+# Install Provisioning Profiles
+cp "$APP_PROF_PATH" "${XCODE_PROVISIONING_PROFILES_DIR}/${app_prof_id}.provisionprofile"
+cp "$EXT_PROF_PATH" "${XCODE_PROVISIONING_PROFILES_DIR}/${ext_prof_id}.provisionprofile"
+
+xcodebuild \
+    -project "Coder Desktop/Coder Desktop.xcodeproj" \
+    -scheme "Coder Desktop" \
+    -configuration "Release" \
+    CODE_SIGN_STYLE=Manual \
+    CODE_SIGN_IDENTITY="$CODE_SIGN_IDENTITY" \
+    CODER_APP_PROFILE="$app_prof_id" \
+    CODER_EXT_PROFILE="$ext_prof_id" | xcpretty