electron-forge make not completing in Github Action

[cameronjeffords]

Pre-flight checklist

• [X] I have read the contribution documentation for this project.
• [X] I agree to follow the code of conduct that this project uses.
• [X] I have searched the issue tracker for a bug that matches the one I want to file, without success.

Electron Forge version

6.4.1

Electron version

25.0.1

Operating system

macOS 12.6.7

Last known working Electron Forge version

N/A

Expected behavior

electron-forge make should succeed and publish the distributable to out/. Instead, it is hanging after the [STARTED] Making a pkg distributable for darwin/x64 step.

Actual behavior

yarn make hangs in the github action

Steps to reproduce

Running electron-forge make in a Github action.

Additional information

Overview:

• electron-forge make succeeds when I run it for my package locally (personal mac M1). The distributable is built and saved successfully.
• Github logs for the action stop here (will run for 1hr+ without doing anything):

  [SUCCESS] Running postPackage hook
  [SUCCESS] Running package command
  [STARTED] Running preMake hook
  [SUCCESS] Running preMake hook
  [STARTED] Making distributables
  [STARTED] Making a pkg distributable for darwin/x64

Forge Config:

const config: ForgeConfig = {
    packagerConfig: {
        osxSign: {
            identity: 'Developer ID Application: ***',
        },
        osxNotarize: {
            tool: 'notarytool',
            appleId: process.env.NOTARIZE_USERNAME,
            appleIdPassword: process.env.NOTARIZE_PASSWORD,
            teamId: process.env.NOTARIZE_ASC_PROVIDER,
        },
    },
    rebuildConfig: {},
    makers: [
        new MakerSquirrel({
            certificateFile: process.env['WINDOWS_PFX_FILE'],
            certificatePassword: process.env['WINDOWS_PFX_PASSWORD'],
        }),
        new MakerPKG({
            identity: 'Developer ID Installer: ***',
        }),
    ],
    publishers: [
        new PublisherGithub({
            repository: {
                name: '***',
                owner: '***',
            },
            prerelease: true,
        }),
    ],
    plugins: [
        new WebpackPlugin({
            mainConfig,
            devServer: {
                allowedHosts: 'auto',
            },
            devContentSecurityPolicy: "connect-src 'self' wss://***/socket.io/ 'unsafe-eval'",
            renderer: {
                config: rendererConfig,
                entryPoints: [
                    {
                        html: './src/index.html',
                        js: './src/renderer.ts',
                        name: 'main_window',
                        preload: {
                            js: './src/preload.ts',
                        },
                    },
                ],
            },
        }),
    ],
}

Github Action:

name: Package

on:
  push:
    branches:
      - main

jobs:
  build:
    name: Build ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [macos-latest]
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Get Node.js 16
        uses: actions/setup-node@v3
        with:
          node-version: 16
      - name: Install yarn
        run: npm install -g yarn
      - name: Yarn
        run: yarn
      - name: Install global dependencies
        run: npm install -g yarn ngrok
      - name: Add MacOS certs
        if: matrix.os == 'macos-latest'
        run: chmod +x src/scripts/add-cert.sh && ./src/scripts/add-cert.sh
        env:
          CERTIFICATE_OSX_APPLICATION_BUNDLE: ${{ secrets.CERTIFICATE_OSX_APPLICATION_BUNDLE }}
          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
      - name: Forge Package
        if: matrix.os == 'macos-latest'
        run: yarn make
        env:
            NOTARIZE_ASC_PROVIDER: ${{ secrets.NOTARIZE_ASC_PROVIDER }}
            NOTARIZE_PASSWORD: ${{ secrets.NOTARIZE_PASSWORD }}
            NOTARIZE_USERNAME: ${{ secrets.NOTARIZE_USERNAME }}
            DEBUG: electron-forge:*

• I also tried building for arm64 with the same result, using yarn make --arch arm64

[cameronjeffords]

It does work with @electron-forge/maker-dmg so seems to be something specific to @electron-forge/maker-pkg

[erikian]

Do you see any error messages when using the DEBUG="electron-forge:*" environment variable as described here?

[cameronjeffords]

No. The variable was passed to the env as in the above Action. The only logs were from electron-forge:packager describing the targets and output path

[erikian]

I missed that, sorry. Is that the full log you're getting? It should contain a lot more information 🤔

You can also try to debug @electron/osx-sign (used by the pkg maker) with DEBUG="@electron/osx-sign" or DEBUG="@electron/osx-sign,electron-forge:*".

[RamK777-stack]

in my case I am using circleCI

new MakerDMG({ additionalDMGOptions: { "code-sign": { "signing-identity": 'identity', identifier: '..*' } } })

in this step process hangs

electron-osx-sign Automating entitlement app group... Info.plist: /var/folders/bl/wbxjgtzx7j5_mjsmfr3ynlc00000gp/T/electron-packager/darwin-x64/VitalEngine Desktop-darwin-x64-UH9yba/VitalEngine Desktop.app/Contents/Info.plist +3ms

electron-osx-sign Signing... /var/folders/bl/wbxjgtzx7j5_mjsmfr3ylc00000gp/T/electron-packager/darwin-x64/VitalEngine Desktop-darwin-x64-UH9yba/VitalEngine Desktop.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/af.lproj/locale.pak +2ms

electron-osx-sign Executing... codesign --sign This step hangs for long time ..

Too long with no output (exceeded 1h0m0s): context deadline exceeded

[cameronjeffords]

@erikian OK I went ahead and just ran it with DEBUG="*", and got some additional logs:

** if you'd like to see logs prior to here let me know **
...
023-08-23T15:18:20.217Z electron-osx-sign Verifying...
2023-08-23T15:18:20.218Z electron-osx-sign Verifying application bundle with codesign...
2023-08-23T15:18:20.218Z electron-osx-sign Executing... codesign --verify --deep --strict --verbose=2 /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-packager/darwin-x64/<app>-darwin-x64-sOKdzs/<app>.app
2023-08-23T15:18:21.464Z electron-osx-sign Verified.
2023-08-23T15:18:21.465Z electron-osx-sign Displaying entitlements...
2023-08-23T15:18:21.465Z electron-osx-sign Executing... codesign --display --entitlements :- /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-packager/darwin-x64/<app>-darwin-x64-sOKdzs/<app>.app
2023-08-23T15:18:21.521Z electron-notarize notarizing using the new notarytool system
2023-08-23T15:18:21.519Z electron-osx-sign Entitlements: 
2023-08-23T15:18:21.521Z electron-notarize:spawn spawning cmd: xcrun args: [ '--find', 'notarytool' ] opts: {}
 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.security.cs.allow-jit</key><true/><key>com.apple.security.device.audio-input</key><true/><key>com.apple.security.device.bluetooth</key><true/><key>com.apple.security.device.camera</key><true/><key>com.apple.security.device.print</key><true/><key>com.apple.security.device.usb</key><true/><key>com.apple.security.personal-information.location</key><true/></dict></plist>
2023-08-23T15:18:21.519Z electron-osx-sign Application signed.
2023-08-23T15:18:24.482Z electron-notarize:spawn cmd xcrun terminated with code: 0
2023-08-23T15:18:24.482Z electron-notarize:notarytool starting notarize process for app: /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-packager/darwin-x64/<app>-darwin-x64-sOKdzs/<app>.app
2023-08-23T15:18:24.483Z electron-notarize:helpers doing work inside temp dir: /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-notarize-WdsjVa
2023-08-23T15:18:24.484Z electron-notarize:notarytool zipping application to: /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-notarize-WdsjVa/<app>.zip
2023-08-23T15:18:24.484Z electron-notarize:spawn spawning cmd: ditto args: [
  '-c',
  '-k',
  '--sequesterRsrc',
  '--keepParent',
  '<app>.app',
  '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-notarize-WdsjVa/<app>.zip'
] opts: {
  cwd: '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-packager/darwin-x64/<app>-darwin-x64-sOKdzs'
}
2023-08-23T15:18:36.008Z electron-notarize:spawn cmd ditto terminated with code: 0
2023-08-23T15:18:36.009Z electron-notarize:notarytool zip succeeded, attempting to upload to Apple
2023-08-23T15:18:36.010Z electron-notarize:spawn spawning cmd: xcrun args: [
  'notarytool',
  'submit',
  '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-notarize-WdsjVa/<app>.zip',
  '--apple-id',
  '*********',
  '--password',
  '*********',
  '--team-id',
  '*********',
  '--wait',
  '--output-format',
  'json'
] opts: {}
2023-08-23T15:19:31.739Z electron-notarize:spawn cmd xcrun terminated with code: 0
2023-08-23T15:19:31.739Z electron-notarize:notarytool notarization success
2023-08-23T15:19:31.739Z electron-notarize:helpers work succeeded
2023-08-23T15:19:31.746Z electron-notarize:staple attempting to staple app: /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-packager/darwin-x64/<app>-darwin-x64-sOKdzs/<app>.app
2023-08-23T15:19:31.746Z electron-notarize:spawn spawning cmd: xcrun args: [ 'stapler', 'staple', '-v', '<app>.app' ] opts: {
  cwd: '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-packager/darwin-x64/<app>-darwin-x64-sOKdzs'
}
2023-08-23T15:19:33.253Z electron-notarize:spawn cmd xcrun terminated with code: 0
2023-08-23T15:19:33.253Z electron-notarize:staple staple succeeded
2023-08-23T15:19:33.253Z electron-packager Moving /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/electron-packager/darwin-x64/<app>-darwin-x64-sOKdzs to /Users/runner/work/<app>/<app>/out/<app>-darwin-x64
2023-08-23T15:19:33.260Z electron-forge:packager outputPaths: [
[SUCCESS] Finalizing package
  '/Users/runner/work/<app>/<app>/out/<app>-darwin-x64'
[SUCCESS] Packaging for x64 on darwin
]
[SUCCESS] Packaging application
2023-08-23T15:19:33.266Z electron-osx-sign:warn No `install` passed in arguments, will fallback to default `/Applications`.
[STARTED] Running postPackage hook
[SUCCESS] Running postPackage hook
[SUCCESS] Running package command
[STARTED] Running preMake hook
[SUCCESS] Running preMake hook
[STARTED] Making distributables
[STARTED] Making a pkg distributable for darwin/x64
2023-08-23T15:03:09.802Z electron-osx-sign @electron/osx-sign@1.0.5
2023-08-23T15:03:09.803Z electron-osx-sign `identity` passed in arguments.
2023-08-23T15:03:09.803Z electron-osx-sign Executing... security find-identity -v
2023-08-23T15:03:09.868Z electron-osx-sign Identity: 
 > Name: Developer ID Installer: ***
 > Hash: ***
2023-08-23T15:03:09.868Z electron-osx-sign Found 1 identity.
2023-08-23T15:03:09.868Z electron-osx-sign Flattening application... 
 > Application: /Users/runner/work/<app>/<app>/out/<app>-darwin-x64/<app>.app 
 > Package output: /Users/runner/work/<app>/<app>/out/make/<app>-1.0.0-x64.pkg 
 > Install path: /Applications 
 > Identity: Developer ID Installer: ***
 > Scripts: undefined
2023-08-23T15:03:09.869Z electron-osx-sign Flattening... /Users/runner/work/<app>/<app>/out/<app>-darwin-x64/<app>.app
2023-08-23T15:03:09.869Z electron-osx-sign Executing... productbuild --component /Users/runner/work/<app>/<app>/out/<app>-darwin-x64/<app>.app /Applications --sign Developer ID Installer: 
*** /Users/runner/work/<app>/<app>/out/make/<app>-1.0.0-x64.pkg

[erikian]

@cameronjeffords @RamK777-stack could you try downgrading all @electron-forge/* dependencies to v6.0.0-beta.70 and see if it helps? I'm suspecting the CLI library change introduced in v6.0.0-beta.71 (https://github.com/electron/forge/pull/3022) could be the cause of this, a user in our Discord server reported successful builds on beta.70 and stalled ones on beta.71.

[ab-mwright]

@cameronjeffords @RamK777-stack, I resolved the hanging issue by modifying the certificate import script to include trust settings for both the codesign and productbuild tools.

security import $CERTIFICATE_P12 -k $KEY_CHAIN_NAME -P $CERTIFICATE_PASSWORD -T /usr/bin/codesign -T /usr/bin/productbuild;

[pagoru]

Still same problem on the latest version 7...