Improve development build experience#516
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3a76ce031a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # Source .envrc if it exists to load APP_IDENTITY and other environment variables | ||
| if [[ -f "${ROOT_DIR}/.envrc" ]]; then | ||
| # shellcheck disable=SC1091 | ||
| source "${ROOT_DIR}/.envrc" |
There was a problem hiding this comment.
compile_and_run.sh runs with set -euo pipefail, so sourcing .envrc executes every command in that file and hard-fails on common direnv-only helpers (for example PATH_add/use), which can break local builds even when APP_IDENTITY is the only value needed. This also removes direnv’s explicit trust gate: if someone adds a .envrc in a branch, running this script will execute it immediately.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
This PR updates the local development packaging/build scripts to reduce repeated macOS permission prompts (keychain/code-signing + privacy prompts) during rebuilds by making signing identity configuration more automatic and by providing explicit TCC usage descriptions in the generated Info.plist.
Changes:
compile_and_run.sh: LoadAPP_IDENTITYfrom a root.envrc(if present) to stabilize dev code signing across rebuilds.package_app.sh: Add macOS privacy usage description strings (Apple Events, protected folders, Photo Library, Apple Music) into the generated appInfo.plist.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| Scripts/compile_and_run.sh | Sources .envrc to load/export APP_IDENTITY before build/signing. |
| Scripts/package_app.sh | Injects several macOS privacy usage description keys into the generated Info.plist. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Source .envrc if it exists to load APP_IDENTITY and other environment variables | ||
| if [[ -f "${ROOT_DIR}/.envrc" ]]; then | ||
| # shellcheck disable=SC1091 | ||
| source "${ROOT_DIR}/.envrc" | ||
| export APP_IDENTITY | ||
| fi | ||
|
|
| source "${ROOT_DIR}/.envrc" | ||
| export APP_IDENTITY |
| # shellcheck disable=SC1091 | ||
| source "${ROOT_DIR}/.envrc" | ||
| export APP_IDENTITY |
| <key>CodexBuildTimestamp</key><string>${BUILD_TIMESTAMP}</string> | ||
| <key>CodexGitCommit</key><string>${GIT_COMMIT}</string> | ||
| <!-- Usage descriptions for macOS privacy permissions --> | ||
| <key>NSAppleEventsUsageDescription</key><string>CodexBar needs to interact with other applications to open URLs and manage your AI coding sessions.</string> |
| <key>NSDesktopFolderUsageDescription</key><string>CodexBar needs access to open configuration and log files from your Desktop.</string> | ||
| <key>NSDocumentsFolderUsageDescription</key><string>CodexBar needs access to open configuration and log files from your Documents folder.</string> | ||
| <key>NSDownloadsFolderUsageDescription</key><string>CodexBar needs access to open configuration and log files from your Downloads folder.</string> |
johnyoonh
changed the title
johnyoonh
force-pushed
the
fix/build-improvements
branch
from
3a76ce0 to
4b400e1
Compare
There was a problem hiding this comment.
Pull request overview
This PR improves the local development/build workflow and the packaged app’s privacy permission prompts by auto-loading signing-related env vars and adding explicit TCC usage descriptions to the generated Info.plist.
Changes:
- Update
compile_and_run.shto loadAPP_IDENTITY(and other env vars) from a project.envrcwhen present. - Update
package_app.shto embed macOS privacy usage description keys into the generatedInfo.plist.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| Scripts/compile_and_run.sh | Attempts to streamline dev signing by sourcing .envrc for APP_IDENTITY. |
| Scripts/package_app.sh | Adds explicit TCC usage description strings to the generated Info.plist. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Source .envrc if it exists to load APP_IDENTITY and other environment variables | ||
| # Note: This executes all commands in .envrc, but direnv requires explicit user approval | ||
| # via 'direnv allow', so this is safe for development use. | ||
| if [[ -f "${ROOT_DIR}/.envrc" ]]; then | ||
| # shellcheck disable=SC1091 | ||
| source "${ROOT_DIR}/.envrc" | ||
| export APP_IDENTITY | ||
| fi | ||
|
|
| # shellcheck disable=SC1091 | ||
| source "${ROOT_DIR}/.envrc" | ||
| export APP_IDENTITY |
| <key>CodexBuildTimestamp</key><string>${BUILD_TIMESTAMP}</string> | ||
| <key>CodexGitCommit</key><string>${GIT_COMMIT}</string> | ||
| <!-- Usage descriptions for macOS privacy permissions --> | ||
| <key>NSAppleEventsUsageDescription</key><string>CodexBar needs to interact with other applications to open URLs and manage your AI coding sessions.</string> |
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
- compile_and_run.sh: Automatically source .envrc for APP_IDENTITY - Added comment acknowledging direnv trust model - package_app.sh: Add privacy usage descriptions to Info.plist - Apple Events: Interact with other apps for URLs/sessions - Desktop/Documents/Downloads: Open config and log files - Photo Library/Apple Music: Explicitly state not used Benefits: - Consistent code signing across rebuilds - Clear privacy descriptions instead of generic dialogs - Streamlined development workflow Note: Does NOT fix issue steipete#485 (Claude keychain prompt cycle). That requires changes to Claude OAuth keychain handling logic. Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
johnyoonh
force-pushed
the
fix/build-improvements
branch
from
4b400e1 to
bb54acf
Compare
| # via 'direnv allow', so this is safe for development use. | ||
| if [[ -f "${ROOT_DIR}/.envrc" ]]; then | ||
| # shellcheck disable=SC1091 | ||
| source "${ROOT_DIR}/.envrc" |
There was a problem hiding this comment.
Could we verify whether sourcing .envrc directly here bypasses direnv's approval model, so a branch-specific change to that file would be executed whenever this script runs?
| # via 'direnv allow', so this is safe for development use. | ||
| if [[ -f "${ROOT_DIR}/.envrc" ]]; then | ||
| # shellcheck disable=SC1091 | ||
| source "${ROOT_DIR}/.envrc" |
There was a problem hiding this comment.
Could we confirm that the .envrc files we expect contributors to use are valid to source in plain bash, rather than relying on direnv-only helpers such as use or PATH_add that would cause this script to fail under set -e?
|
Thanks for the contribution. I’m doing a backlog cleanup, and this PR still has unresolved review feedback around the development environment and shell-loading behavior, plus substantial drift from current main, so I’m going to close it for now. If you want to revive it, please rebase onto current main, address the outstanding comments, and reopen or submit a fresh PR. |
Summary
Improves development build scripts for smoother workflow.
Changes
compile_and_run.sh
.envrcforAPP_IDENTITYenvironment variablepackage_app.sh
Benefits
Note
This PR improves the development experience but does NOT directly fix issue #485 (Claude keychain prompt cycle). That issue requires changes to Claude OAuth keychain handling logic.