ci: release workflows build a dmg for macOS

We've used a zip for the duration of the private beta but macOS users expect a dmg. This commit changes both of our release workflows to begin building a dmg instead of a zip.
ghostty-org · Dec 21, 2024 · 97b420b · 97b420b
1 parent d3de22c
commit 97b420b
Showing 1 changed file with 18 additions and 11 deletions.
diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
@@ -142,7 +142,6 @@ jobs:
         run: |
           nix develop -c \
             zig build \
-            -Doptimize=ReleaseFast \
             -Dversion-string=${GHOSTTY_VERSION}
 
       # The native app is built with native XCode tooling. This also does
@@ -199,7 +198,18 @@ jobs:
           # Codesign the app bundle
           /usr/bin/codesign --verbose -f -s "$MACOS_CERTIFICATE_NAME" -o runtime --entitlements "macos/Ghostty.entitlements" macos/build/Release/Ghostty.app
 
-      - name: "Notarize app bundle"
+      - name: Create DMG
+        env:
+          MACOS_CERTIFICATE_NAME: ${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}
+        run: |
+          npm install --global create-dmg
+          create-dmg \
+            --identity="$MACOS_CERTIFICATE_NAME" \
+            ./macos/build/Release/Ghostty.app \
+            ./
+          mv ./Ghostty*.dmg ./Ghostty.dmg
+
+      - name: "Notarize DMG"
         env:
           PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
           PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
@@ -210,22 +220,18 @@ jobs:
           echo "Create keychain profile"
           xcrun notarytool store-credentials "notarytool-profile" --apple-id "$PROD_MACOS_NOTARIZATION_APPLE_ID" --team-id "$PROD_MACOS_NOTARIZATION_TEAM_ID" --password "$PROD_MACOS_NOTARIZATION_PWD"
 
-          # We can't notarize an app bundle directly, but we need to compress it as an archive.
-          # Therefore, we create a zip file containing our app bundle, so that we can send it to the
-          # notarization service
-          echo "Creating temp notarization archive"
-          ditto -c -k --keepParent "macos/build/Release/Ghostty.app" "notarization.zip"
-
           # Here we send the notarization request to the Apple's Notarization service, waiting for the result.
           # This typically takes a few seconds inside a CI environment, but it might take more depending on the App
           # characteristics. Visit the Notarization docs for more information and strategies on how to optimize it if
           # you're curious
-          echo "Notarize app"
-          xcrun notarytool submit "notarization.zip" --keychain-profile "notarytool-profile" --wait
+          echo "Notarize dmg"
+          xcrun notarytool submit "Ghostty.dmg" --keychain-profile "notarytool-profile" --wait
 
           # Finally, we need to "attach the staple" to our executable, which will allow our app to be
-          # validated by macOS even when an internet connection is not available.
+          # validated by macOS even when an internet connection is not available. We do this to
+          # both the app and the dmg
           echo "Attach staple"
+          xcrun stapler staple "Ghostty.dmg"
           xcrun stapler staple "macos/build/Release/Ghostty.app"
 
       # Zip up the app and symbols
@@ -240,6 +246,7 @@ jobs:
         with:
           name: macos
           path: |-
+            Ghostty.dmg
             ghostty-macos-universal.zip
             ghostty-macos-universal-dsym.zip