Bump to electron v40 and other electron-related packages

.github/workflows/build-apps.yml

@@ -1,4 +1,4 @@
 name: build-apps
 
 on:
   pull_request:
@@ -9,7 +9,8 @@
       - 'v[0-9]+.[0-9]+.[0-9]+'
 
 env:
-  IS_RELEASE: ${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}
+  # IS_RELEASE: ${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}
+  IS_RELEASE: true
   IS_STAGING: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
 
 concurrency:
@@ -17,15 +18,15 @@
   cancel-in-progress: true
 
 jobs:
   prepare-files:
     runs-on: namespace-profile-ubuntu-8-cores
     outputs:
       version: ${{ steps.export_version.outputs.version }}
       notes: ${{ steps.export_notes.outputs.notes }}
     steps:
       - uses: actions/checkout@v6
 
       - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'
@@ -58,7 +59,7 @@
           set -euox pipefail
           # Build wasm if this is a push to main or tag, there are Rust changes, or
           # downloading from the wasm cache failed.
           if [[ ${{github.event_name}} == 'push' || ${{steps.filter.outputs.rust}} == 'true' || ${{steps.download-wasm.outcome}} == 'failure' ]]; then
             echo "should-build-wasm=true" >> $GITHUB_OUTPUT
           else
             echo "should-build-wasm=false" >> $GITHUB_OUTPUT
@@ -84,7 +85,7 @@
 
       - name: Rust Cache
         if: ${{ steps.wasm.outputs.should-build-wasm == 'true' }}
         uses: Swatinem/rust-cache@v2
         with:
           workspaces: rust
 
@@ -109,8 +110,8 @@
         env:
           WINDOWS_CERTIFICATE_THUMBPRINT: ${{ secrets.WINDOWS_CERTIFICATE_ZOO_THUMBPRINT }}
         run: |
-          export VERSION=${GITHUB_REF_NAME#v}
-          npm run files:set-version
+          # export VERSION=${GITHUB_REF_NAME#v}
+          # npm run files:set-version
           npm run files:set-windows-codesign-config
 
       - uses: actions/upload-artifact@v6
@@ -131,7 +132,7 @@
         run: echo "notes=`cat release-notes.md`" >> "$GITHUB_OUTPUT"
 
 
   build-apps:
     needs: [prepare-files]
     strategy:
       fail-fast: false
@@ -148,7 +149,7 @@
     env:
       VERSION_NO_V: ${{ needs.prepare-files.outputs.version }}
     steps:
       - uses: actions/checkout@v6
 
       - uses: actions/download-artifact@v4
         name: prepared-files
@@ -166,7 +167,7 @@
           cp prepared-files/assets/icon.png assets/icon.png
 
       - name: Sync node version and setup cache
         uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: 'npm' # Set this to npm, npm or pnpm.
@@ -222,6 +223,7 @@
           CSC_LINK: ${{ secrets.APPLE_CERTIFICATE }}
           CSC_KEY_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
           CSC_KEYCHAIN: ${{ secrets.APPLE_SIGNING_IDENTITY }}
+          CSC_FOR_PULL_REQUEST: true
           # Windows codesign config is part of electron-builder.yml and handled in prepare-files
         run: npm run tronb:package:${{ env.IS_STAGING == 'true' && 'dev' || 'prod' }}
 
@@ -267,7 +269,7 @@
       VERSION: ${{ format('v{0}', needs.prepare-files.outputs.version) }}
     needs: [prepare-files, build-apps]
     steps:
       - uses: actions/checkout@v6
 
       - uses: actions/download-artifact@v4
         with:
@@ -326,8 +328,8 @@
             --arg version "${VERSION}" \
             --arg pub_date "${PUB_DATE}" \
             --arg notes "${NOTES}" \
             --arg mac_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-mac.dmg" \
             --arg mac_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x64-mac.dmg" \
             --arg windows_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-win.exe" \
             --arg windows_x64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-x64-win.exe" \
             --arg linux_arm64_url "$RELEASE_DIR/${{ env.URL_CODED_NAME }}-${VERSION_NO_V}-arm64-linux.AppImage" \