fix(release): build in CI + catch startup errors#109
Merged
Conversation
…rors 0.3.7 shipped signed with a local "Apple Development" cert (tied to specific device UDIDs via the embedded provisioning profile), so launching on any other Mac failed codesign enforcement and crashed immediately at startup with EXC_BREAKPOINT / SIGTRAP in CrBrowserMain (#108). Root cause: scripts/release.sh ran `pnpm run build` locally with electron-builder auto-discovering the maintainer's keychain. The CI workflow already has CSC_IDENTITY_AUTO_DISCOVERY=false, so moving the build there produces a consistent unsigned (ad-hoc) artifact that runs on any machine after the quarantine bit is removed. Changes: - release.sh: bump + tag + push + dispatch release.yml, then gh run watch until CI finishes. No more local build or local `gh release create`. - main/index.ts: add .catch() on app.whenReady().then(...). Any startup rejection now logs + shows an error dialog + exits with code 1 instead of surfacing as an opaque SIGTRAP via Node's unhandled-rejection path. - README: note that local DMG testing uses `pnpm -F @spool/app build:mac`.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
scripts/release.shranpnpm run buildlocally, and electron-builder auto-discovered an Apple Development certificate from Keychain. Dev certs are tied to specific device UDIDs via the embedded provisioning profile — on any other Mac, hardened-runtime codesign enforcement kills the app at startup withEXC_BREAKPOINT / SIGTRAPinCrBrowserMain..github/workflows/release.ymlalready setsCSC_IDENTITY_AUTO_DISCOVERY=false, so moving the build to CI produces a consistent unsigned (ad-hoc) artifact that runs on any machine.Changes
scripts/release.sh: now bumps version, pushes the tag, dispatchesrelease.ymlon that tag, thengh run watch --exit-statusblocks until CI finishes. No more local build / localgh release create.packages/app/src/main/index.ts:.catch()onapp.whenReady().then(...)— any startup rejection now logs, shows an error dialog, and exits with code 1 instead of surfacing as an opaque SIGTRAP via Node's unhandled-rejection path. This makes future startup regressions actually diagnosable.README.md: note that local DMG testing usespnpm --filter @spool/app build:mac, release.sh is CI-only now.Test plan
./scripts/release.shon a new throwaway branch commit → expect bump → tag push → workflow dispatch → watch → release appears with CI-built artifactsxattr -dr com.apple.quarantine /Applications/Spool.app, launch → expect app opens normally instead of SIGTRAPthrowinsidewhenReady) → expect error dialog + non-zero exit instead of silent crash🤖 Generated with Claude Code