From af236d0058ee296a059cc695ce79937d60d3cb1c Mon Sep 17 00:00:00 2001
From: Danny Beck <dlc.beck@gmail.com>
Date: Tue, 14 Jan 2025 15:00:42 -0800
Subject: [PATCH] adds additional macOS configuration and improves codesign
 config

---
 .github/workflows/release.yml | 10 ++++++++--
 src-tauri/tauri.conf.json     |  3 ++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 047bee6..37efd63 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,7 +62,13 @@ jobs:
         if: matrix.platform == 'macos-latest'
         run: |
           echo "Processing macOS build..."
+          # Create temporary keychain
+          security create-keychain -p temppass build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p temppass build.keychain
           # Sign the app
-          codesign --force --deep --sign - ./src-tauri/target/*/release/bundle/macos/*.app
-          # Remove quarantine from app and DMG
+          codesign --force --deep --options runtime --sign - ./src-tauri/target/*/release/bundle/macos/*.app
+          # Remove quarantine attributes
           find ./src-tauri/target/*/release/bundle -name "*.app" -o -name "*.dmg" -exec xattr -rd com.apple.quarantine {} \;
+          # Verify signature
+          codesign --verify --verbose ./src-tauri/target/*/release/bundle/macos/*.app
diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json
index 450bdb1..8060804 100644
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@@ -39,7 +39,8 @@
       "minimumSystemVersion": "10.13",
       "entitlements": null,
       "providerShortName": null,
-      "signingIdentity": null
+      "signingIdentity": null,
+      "hardenedRuntime": true
     }
   },
   "plugins": {