From 902838bf99a6e5b0891947914d1925aca702f5b9 Mon Sep 17 00:00:00 2001 From: Jiri Zbytovsky Date: Mon, 17 Feb 2025 14:36:11 +0100 Subject: [PATCH] chore(suite-desktop-core): actually use TS for electron-builder scripts --- packages/suite-desktop-core/eslint.config.mjs | 7 +++++++ packages/suite-desktop-core/package.json | 3 ++- packages/suite-desktop-core/scripts/notarize.ts | 12 +++++++----- .../{setElectronFuses.js => setElectronFuses.ts} | 11 +++++++---- packages/suite-desktop-core/scripts/sign-windows.ts | 11 ++++++++--- packages/suite-desktop-core/tsconfig.json | 7 ++++++- packages/suite-desktop-core/tsconfig.lib.json | 12 ++++++++++++ packages/suite-desktop/electron-builder-config.js | 6 +++--- 8 files changed, 52 insertions(+), 17 deletions(-) rename packages/suite-desktop-core/scripts/{setElectronFuses.js => setElectronFuses.ts} (81%) create mode 100644 packages/suite-desktop-core/tsconfig.lib.json diff --git a/packages/suite-desktop-core/eslint.config.mjs b/packages/suite-desktop-core/eslint.config.mjs index 9a1b13fefeb..3a54674dd8a 100644 --- a/packages/suite-desktop-core/eslint.config.mjs +++ b/packages/suite-desktop-core/eslint.config.mjs @@ -20,4 +20,11 @@ export default [ { ignores: ['**/playwright-report/', '**/test-results/'], }, + { + files: ['**/scripts/**'], + rules: { + 'no-console': 'off', + 'import/no-default-export': 'off', + }, + }, ]; diff --git a/packages/suite-desktop-core/package.json b/packages/suite-desktop-core/package.json index d5b1e3de7db..8e73ffcd957 100644 --- a/packages/suite-desktop-core/package.json +++ b/packages/suite-desktop-core/package.json @@ -7,7 +7,8 @@ "homepage": "https://trezor.io/", "main": "src/app.ts", "scripts": { - "build:core": "yarn g:rimraf dist && TS_NODE_PROJECT=\"tsconfig.json\" yarn webpack --config ./webpack/core.webpack.config.ts", + "build:lib": "yarn g:rimraf ./lib && yarn g:tsc --build tsconfig.lib.json", + "build:core": "yarn build:lib && yarn g:rimraf dist && TS_NODE_PROJECT=\"tsconfig.json\" yarn webpack --config ./webpack/core.webpack.config.ts", "type-check": "yarn g:tsc --build tsconfig.json", "test:unit": "yarn g:jest", "test:e2e": "yarn xvfb-maybe -- playwright test --config=./e2e/playwright.config.ts", diff --git a/packages/suite-desktop-core/scripts/notarize.ts b/packages/suite-desktop-core/scripts/notarize.ts index 3a6f2cdc2d1..79aa2dd046f 100644 --- a/packages/suite-desktop-core/scripts/notarize.ts +++ b/packages/suite-desktop-core/scripts/notarize.ts @@ -1,8 +1,7 @@ -/* eslint-disable no-console */ +import { notarize } from '@electron/notarize'; +import type { Hooks } from 'app-builder-lib'; -const { notarize } = require('@electron/notarize'); - -exports.default = context => { +const notarizeAfterSignHook: Hooks['afterSign'] = context => { const { electronPlatformName, appOutDir } = context; if (electronPlatformName !== 'darwin') { @@ -25,5 +24,8 @@ exports.default = context => { appleId: process.env.APPLEID, appleIdPassword: process.env.APPLEIDPASS, teamId: process.env.APPLETEAMID, - }); + // TODO fix: notarize tool is known to be working, but TS fails: no overload matches this call + } as any); }; + +export default notarizeAfterSignHook; diff --git a/packages/suite-desktop-core/scripts/setElectronFuses.js b/packages/suite-desktop-core/scripts/setElectronFuses.ts similarity index 81% rename from packages/suite-desktop-core/scripts/setElectronFuses.js rename to packages/suite-desktop-core/scripts/setElectronFuses.ts index bfadb24dbdf..9e9ebe49679 100644 --- a/packages/suite-desktop-core/scripts/setElectronFuses.js +++ b/packages/suite-desktop-core/scripts/setElectronFuses.ts @@ -1,14 +1,15 @@ -const { flipFuses, FuseV1Options, FuseVersion } = require('@electron/fuses'); -const path = require('path'); +import { FuseV1Options, FuseVersion, flipFuses } from '@electron/fuses'; +import type { Hooks } from 'app-builder-lib'; +import path from 'path'; // copied from https://github.com/electron-userland/electron-builder/blob/04be5699c664e6a93e093b820a16ad516355b5c7/packages/app-builder-lib/src/platformPackager.ts#L430-L434 const binaryExtensionByPlaformNameMap = { darwin: '.app', win32: '.exe', linux: '', -}; +} as const; -exports.default = async function afterPack(context) { +const afterPackHookSetElectronFuses: Hooks['afterPack'] = async context => { const { electronPlatformName, appOutDir } = context; /* @@ -38,3 +39,5 @@ exports.default = async function afterPack(context) { console.log('Successfully set electron fuses'); }; + +export default afterPackHookSetElectronFuses; diff --git a/packages/suite-desktop-core/scripts/sign-windows.ts b/packages/suite-desktop-core/scripts/sign-windows.ts index 035bf8463ca..d5a93552730 100644 --- a/packages/suite-desktop-core/scripts/sign-windows.ts +++ b/packages/suite-desktop-core/scripts/sign-windows.ts @@ -1,19 +1,24 @@ -/* eslint-disable */ -exports.default = async function (configuration) { +import type { CustomWindowsSign } from 'app-builder-lib'; + +const signWindows: CustomWindowsSign = async configuration => { // Check if IS_CODESIGN_BUILD is set and true if (!process.env.IS_CODESIGN_BUILD || process.env.IS_CODESIGN_BUILD.toLowerCase() !== 'true') { console.log('This is DEV build, not signing'); + return; } + // do not include passwords or other sensitive data in the file // rather create environment variables with sensitive data const CERTIFICATE_NAME = process.env.WINDOWS_SIGN_CERTIFICATE_NAME; const TOKEN_PASSWORD = process.env.WINDOWS_SIGN_TOKEN_PASSWORD; - require('child_process').execSync( + await require('child_process').exec( `java -jar ../suite-desktop-core/scripts/jsign-6.0.jar --keystore ../suite-desktop-core/scripts/hardwareToken.cfg --storepass '${TOKEN_PASSWORD}' --storetype PKCS11 --tsaurl http://timestamp.digicert.com --alias "${CERTIFICATE_NAME}" "${configuration.path}"`, { stdio: 'inherit', }, ); }; + +export default signWindows; diff --git a/packages/suite-desktop-core/tsconfig.json b/packages/suite-desktop-core/tsconfig.json index 7b6849511c2..9a01359bc33 100644 --- a/packages/suite-desktop-core/tsconfig.json +++ b/packages/suite-desktop-core/tsconfig.json @@ -5,7 +5,12 @@ "moduleResolution": "node", "outDir": "libDev" }, - "include": ["src", "e2e", "**/*.json"], + "include": [ + "src", + "e2e", + "scripts", + "**/*.json" + ], "references": [ { "path": "../../suite-common/message-system" diff --git a/packages/suite-desktop-core/tsconfig.lib.json b/packages/suite-desktop-core/tsconfig.lib.json new file mode 100644 index 00000000000..566b42239f8 --- /dev/null +++ b/packages/suite-desktop-core/tsconfig.lib.json @@ -0,0 +1,12 @@ +{ + "extends": "../../tsconfig.lib.json", + "compilerOptions": { + "outDir": "lib" + }, + "include": ["./scripts"], + "references": [ + { + "path": "../eslint" + } + ] +} diff --git a/packages/suite-desktop/electron-builder-config.js b/packages/suite-desktop/electron-builder-config.js index 6d4dece7c6f..1bda15c8bbd 100644 --- a/packages/suite-desktop/electron-builder-config.js +++ b/packages/suite-desktop/electron-builder-config.js @@ -134,7 +134,7 @@ module.exports = { target: ['nsis'], signtoolOptions: { publisherName: ['SatoshiLabs, s.r.o.', 'Trezor Company s.r.o.'], - sign: '../suite-desktop-core/scripts/sign-windows.ts', + sign: '../suite-desktop-core/lib/sign-windows.js', }, }, linux: { @@ -162,6 +162,6 @@ module.exports = { category: 'Utility', target: ['AppImage'], }, - afterPack: '../suite-desktop-core/scripts/setElectronFuses.js', - afterSign: '../suite-desktop-core/scripts/notarize.ts', + afterPack: '../suite-desktop-core/lib/setElectronFuses.js', + afterSign: '../suite-desktop-core/lib/notarize.js', };