[v3] Bundling/signing

[popaprozac]

Description

This PR makes changes to the macOS build tasks to bundle and sign Wails binaries to enable new macOS APIs.
Upcoming Notifications API (#4098) on macOS requires the app to be bundled with a bundle identifier and signed to work properly.

Fixes (#4098)

Changes

dev	build	package
Creates an app bundle with .dev appended. Copies the build binary from bin, dev bundle identifier from build/darwin/Info.dev.plist, and the icons from build/darwin/icons.icns. Ad-hoc/self-signs the app bundle for local testing.	No changes	Ad-hoc/self-signs the app bundle for local use.

It will be important to document that the ad-hoc signing will not work for distributing the app and is only sufficient for local testing/use. Signing and notarizing is required for distribution.

Type of change

Please select the option that is relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration using wails doctor.

• Windows
• macOS
• Linux

If you checked Linux, please specify the distro and version.

Test Configuration

Please paste the output of wails doctor. If you are unable to run this command, please describe your environment in as much detail as possible.

 Wails (v3.0.0-dev)  Wails Doctor

# System

┌──────────────────────────────────────────────────┐
| Name          | MacOS                            |
| Version       | 15.3.2                           |
| ID            | 24D2082                          |
| Branding      | Sequoia                          |
| Platform      | darwin                           |
| Architecture  | arm64                            |
| Apple Silicon | true                             |
| CPU           | Apple M4 Max                     |
| CPU 1         | Apple M4 Max                     |
| CPU 2         | Apple M4 Max                     |
| GPU           | 32 cores, Metal Support: Metal 3 |
| Memory        | 36 GB                            |
└──────────────────────────────────────────────────┘

# Build Environment

┌─────────────────────────────────────────────────────────┐
| Wails CLI    | v3.0.0-dev                               |
| Go Version   | go1.24.1                                 |
| Revision     | 4a2dc2875f1a2215cfd74c1099be8e4ef0f5cf96 |
| Modified     | true                                     |
| -buildmode   | exe                                      |
| -compiler    | gc                                       |
| CGO_CFLAGS   |                                          |
| CGO_CPPFLAGS |                                          |
| CGO_CXXFLAGS |                                          |
| CGO_ENABLED  | 1                                        |
| CGO_LDFLAGS  |                                          |
| GOARCH       | arm64                                    |
| GOARM64      | v8.0                                     |
| GOOS         | darwin                                   |
| vcs          | git                                      |
| vcs.modified | true                                     |
| vcs.revision | 4a2dc2875f1a2215cfd74c1099be8e4ef0f5cf96 |
| vcs.time     | 2025-03-16T01:37:50Z                     |
└─────────────────────────────────────────────────────────┘

# Dependencies

┌────────────────────────────────────────────────────────────────────────┐
| npm             | 10.9.2                                               |
| *NSIS           | Not Installed. Install with `brew install makensis`. |
| Xcode cli tools | 2409                                                 |
|                                                                        |
└─────────────────────── * - Optional Dependency ────────────────────────┘

# Checking for issues

 SUCCESS  No issues found

# Diagnosis

 SUCCESS  Your system is ready for Wails development!

Checklist:

• I have updated website/src/pages/changelog.mdx with details of this PR
• My code follows the general coding style of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

Summary by CodeRabbit

• New Features

  • Enhanced the macOS application bundling process with automatic signing for both production and development builds, improving security and compatibility.

• Documentation

  • Updated the changelog and build guides to describe the new macOS bundling and ad-hoc signing capabilities.

[coderabbitai]

Walkthrough

This pull request updates the macOS build and run processes by enhancing the Taskfile for asset building. The production bundle is now explicitly signed using codesign after file copying, and a new development bundle is created with its own structure, including an Info.plist file, icon, and executable—all signed using codesign. Additionally, documentation is updated to reflect these changes in both the changelog and the macOS build feature sections.

Changes

File(s)	Change Summary
v3/.../darwin/Taskfile.yml	Modified the create:app:bundle task by adding a codesign command post file-copy, and updated the run task to create, structure, and sign a development bundle before execution.
docs/.../changelog.mdx, docs/.../learn/build.mdx	Updated documentation to include entries on ad-hoc signing of app bundles in development and to highlight macOS-specific build and packaging features.

Sequence Diagram(s)

sequenceDiagram
    participant Builder as Build System
    participant Bundler as App Bundler
    participant CodeSigner as Code Signer
    participant Executor as App Executor

    Builder->>Bundler: Copy files for production bundle
    Bundler->>CodeSigner: Execute codesign for production bundle
    CodeSigner->>Bundler: Return signed bundle
    Builder->>Bundler: Create development bundle directory
    Bundler->>Bundler: Copy icon, executable, and Info.plist for dev bundle
    Bundler->>CodeSigner: Execute codesign for development bundle
    CodeSigner->>Bundler: Return signed dev bundle
    Builder->>Executor: Execute development bundle

Loading

Possibly related PRs

• bugfix : fix error on building runnable .app on MacOS when 'name' and 'outputfilename' are different. #3789: Addresses executable name adjustments in Info.plist, relating to macOS bundle management.
• Taskfile Refactor #3748: Involves refactoring of the Taskfile structure which is closely related to the current Taskfile modifications.
• Add darwin universal build and package #3902: Introduces Taskfile.yml updates for building and packaging universal binaries, sharing similarities in macOS bundle processing.

Suggested reviewers

• leaanthony

Poem

I’m a rabbit, hopping with glee,
Signing bundles both swift and free.
Dev or prod, they’re now complete,
Codesigned with a rhythmic beat.
Hop along to a build so neat!
🐇✨

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dcda263 and c482c85.

📒 Files selected for processing (1)

• v3/internal/commands/build_assets/darwin/Taskfile.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• v3/internal/commands/build_assets/darwin/Taskfile.yml

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docs/src/content/docs/changelog.mdx (1)

142-143: Clarify the Changelog Entry for Ad-hoc Signing
The entry “Creates and ad-hoc signs app bundles in dev to enable certain macOS APIs” is concise. Consider adding a brief note or a reference to the documentation for further clarification on the limitations (e.g., that ad-hoc signing is only suitable for development, not for app distribution) to guide users appropriately.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 38ac5f7 and 9db28ec.

📒 Files selected for processing (3)

• docs/src/content/docs/changelog.mdx (1 hunks)
• docs/src/content/docs/guides/signing.mdx (1 hunks)
• docs/src/content/docs/learn/build.mdx (1 hunks)

🔇 Additional comments (2)

docs/src/content/docs/guides/signing.mdx (1)

87-99: Ensure the Updated Notarization Source Path is Consistent
The gon-sign.json snippet now uses "source": ["./build/bin/release/app"], which aligns with the new release directory structure for notarization. Please verify that this change is intentional and that all related build and notarization scripts expect the binary to be in this location.

docs/src/content/docs/learn/build.mdx (1)

123-127: Acknowledge the Addition of Ad-hoc Signing in the macOS Build Process
The macOS section now includes “Ad-hoc signing .app bundles,” which reflects the new capability in the build system. Ensure that related documentation (e.g., in the signing guide) details when and why you would use ad-hoc signing versus proper distribution signing. Overall, this update enhances clarity on the build process.

[leaanthony]

Thanks so much for opening this (and being patient!). I'm wondering, for compatibility reasons, whether we leave releases as they currently are but alter the dev output to be appname.dev.app instead of moving them to the new directories. Thoughts?

[popaprozac]

Sure if compatibility here is key, I don't have a strong reason to change the structure we have, just preference.

On my own projects I might just separate it out, my brain will like that 😅

I'll change it later today (PST). Thanks!

[leaanthony]

Thank you! There's a level of inertia we need to consider 😅

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud