Skip to content

fix: refactor mac/mas/mas-dev logic flows within MacPackager #9567

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
mmaietta wants to merge 11 commits into
base: master
Choose a base branch
from
Draft

fix: refactor mac/mas/mas-dev logic flows within MacPackager #9567

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
83cc1ad
fix: properly parse and pass through `mas` configs to overwrite `mac`…
mmaietta Feb 6, 2026
f3ca1c8
Merge branch 'master' into fix/mas-vs-mac
mmaietta Feb 6, 2026
82e9ee8
Merge branch 'master' into fix/mas-vs-mac
mmaietta Feb 6, 2026
cff912b
migrate to programmatic vitest API
mmaietta Feb 7, 2026
85379a0
Merge commit 'cff912bf11500896b63e7db503131ef736cb31b5' into fix/mas-…
mmaietta Feb 7, 2026
a195541
cleanup
mmaietta Feb 7, 2026
db2c29a
snapshot
mmaietta Feb 7, 2026
76132b8
tmp save
mmaietta Feb 6, 2026
60aa41f
Merge commit 'de82d5edd81076a69159305896f7837df2204f25' into fix/mas-…
mmaietta Feb 7, 2026
66ca309
Merge branch 'master' into fix/mas-vs-mac
mmaietta Feb 8, 2026
0901d66
Merge branch 'master' into fix/mas-vs-mac
mmaietta Feb 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/six-rice-knock.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"app-builder-lib": patch
---

fix: properly parse and pass through `mas` configs to overwrite `mac` config when target is `mas` or `mas-dev`
14 changes: 10 additions & 4 deletions packages/app-builder-lib/src/codeSign/macCodeSign.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import * as path from "path"
import { getTempName } from "temp-file"
import { isAutoDiscoveryCodeSignIdentity } from "../util/flags"
import { importCertificate } from "./codesign"
import { isMacOsHighSierra as isNewerThanHighSierra } from "../util/macosVersion"

export const appleCertificatePrefixes = ["Developer ID Application:", "Developer ID Installer:", "3rd Party Mac Developer Application:", "3rd Party Mac Developer Installer:"]

Expand All @@ -35,11 +36,11 @@ export function isSignAllowed(isPrintWarn = true): boolean {
return false
}

const buildForPrWarning =
"There are serious security concerns with CSC_FOR_PULL_REQUEST=true (see the CircleCI documentation (https://circleci.com/docs/1.0/fork-pr-builds/) for details)" +
"\nIf you have SSH keys, sensitive env vars or AWS credentials stored in your project settings and untrusted forks can make pull requests against your repo, then this option isn't for you."

if (isPullRequest()) {
const buildForPrWarning =
"There are serious security concerns with CSC_FOR_PULL_REQUEST=true (see the CircleCI documentation (https://circleci.com/docs/1.0/fork-pr-builds/) for details)" +
"\nIf you have SSH keys, sensitive env vars or AWS credentials stored in your project settings and untrusted forks can make pull requests against your repo, then this option isn't for you."

if (isEnvTrue(process.env.CSC_FOR_PULL_REQUEST)) {
if (isPrintWarn) {
log.warn(buildForPrWarning)
Expand All @@ -54,6 +55,11 @@ export function isSignAllowed(isPrintWarn = true): boolean {
return false
}
}

if (!isNewerThanHighSierra()) {
throw new InvalidConfigurationError("macOS High Sierra 10.13.6 is required to sign")
}

return true
}

Expand Down
Loading
Loading