-
Notifications
You must be signed in to change notification settings - Fork 1
Build and Release
The Xcode project is at the repository root (Zerm.xcodeproj). It used to live under native-macos/ to coexist with a since-removed Tauri prototype; that nesting is gone.
- Xcode 16+ (the project is developed on Xcode 26.x)
- macOS 14.4+ (Apple Silicon recommended)
- Native dependency XCFrameworks under
$(HOME)/Zerm-Dependencies/(whisper.cpp,sherpa-onnx,llama)
# From the repo root
xcodebuild -project Zerm.xcodeproj -scheme Zerm -configuration Debug \
CODE_SIGNING_ALLOWED=NO buildLocal signing has no provisioning profile, so disable code signing for plain builds.
make install # build Debug (LOCAL_BUILD), ad-hoc sign, copy to /Applications, reset TCC
make sherpa # (re)build the sherpa-onnx XCFrameworksmake install ad-hoc signs the app, which changes its signature — so macOS resets TCC and you must re-grant Accessibility and Screen Recording under Zerm → Permissions after each install. User data (SwiftData stores, settings, downloaded models) lives outside the bundle and is preserved.
A
LOCAL_BUILDstores API keys inUserDefaultsrather than the Keychain so the ad-hoc app can read them.
- Pure-Swift files auto-compile via
PBXFileSystemSynchronizedRootGroup— adding a.swiftfile needs noproject.pbxprojedit. - XCFrameworks do need pbxproj wiring.
llamaandwhisperare dynamic → embedded + signed;sherpa-onnx/onnxruntimeare static → linked only. ONNX Runtime is not merged intolibsherpa-onnx.a, so both must be linked (the_OrtGetApiBasegotcha).
.github/workflows/ci.yml runs on every push/PR: Swift build (macOS), website lint, and a secret/PII scan. Secret detection is also done by the GitGuardian app check and CodeQL.
The repo's Actions policy is
selected+sha_pinning_required: true— everyuses:must be pinned to a full commit SHA, and only github-owned/verified/allow-listed actions may run. Unpinned or disallowed actions cause an immediatestartup_failure.
- Updates use Sparkle 2.x; the appcast is
appcast.xmland the feed URL is set inInfo.plist(SUFeedURL). Automatic checks are currently disabled (SUEnableAutomaticChecks = false), so existing installs are not auto-updated. - Releases are cut as GitHub releases (currently drafts). A publicly installable, auto-updating build needs a Developer ID-signed + notarized DMG and a Sparkle EdDSA signing key for the appcast — these are the outstanding prerequisites for public distribution.
- Local users update by pulling and rebuilding (
make install).
See: Architecture