fix(mac): add retry in mac code sign (#8101)

Author: beyondkmp

.changeset/wild-buttons-pretend.md

@@ -0,0 +1,5 @@
+---
+"app-builder-lib": patch
+---
+
+fix(mac): add retry mechanism in mac code signing for `electron/osx-sign`.

packages/app-builder-lib/src/codeSign/macCodeSign.ts

@@ -1,5 +1,5 @@
 import BluebirdPromise from "bluebird-lst"
-import { exec, InvalidConfigurationError, isEmptyOrSpaces, isEnvTrue, isPullRequest, log, TmpDir } from "builder-util/out/util"
+import { exec, InvalidConfigurationError, isEmptyOrSpaces, isEnvTrue, isPullRequest, log, TmpDir, retry } from "builder-util/out/util"
 import { copyFile, unlinkIfExists } from "builder-util/out/fs"
 import { Fields, Logger } from "builder-util/out/log"
 import { randomBytes, createHash } from "crypto"
@@ -11,6 +11,8 @@ import { getTempName } from "temp-file"
 import { isAutoDiscoveryCodeSignIdentity } from "../util/flags"
 import { importCertificate } from "./codesign"
 import { Identity as _Identity } from "@electron/osx-sign/dist/cjs/util-identities"
+import { SignOptions } from "@electron/osx-sign/dist/cjs/types"
+import { signAsync } from "@electron/osx-sign"
 
 export const appleCertificatePrefixes = ["Developer ID Application:", "Developer ID Installer:", "3rd Party Mac Developer Application:", "3rd Party Mac Developer Installer:"]
 
@@ -213,13 +215,8 @@ async function importCerts(keychainFile: string, paths: Array<string>, keyPasswo
   }
 }
 
-/** @private */
-export function sign(path: string, name: string, keychain: string): Promise<any> {
-  const args = ["--deep", "--force", "--sign", name, path]
-  if (keychain != null) {
-    args.push("--keychain", keychain)
-  }
-  return exec("/usr/bin/codesign", args)
+export async function sign(opts: SignOptions): Promise<void> {
+  return retry(() => signAsync(opts), 3, 5000, 5000)
 }
 
 export let findIdentityRawResult: Promise<Array<string>> | null = null

packages/app-builder-lib/src/macPackager.ts

@@ -1,14 +1,13 @@
 import BluebirdPromise from "bluebird-lst"
 import { deepAssign, Arch, AsyncTaskManager, exec, InvalidConfigurationError, log, use, getArchSuffix } from "builder-util"
-import { signAsync } from "@electron/osx-sign"
 import { PerFileSignOptions, SignOptions } from "@electron/osx-sign/dist/cjs/types"
 import { mkdir, readdir } from "fs/promises"
 import { Lazy } from "lazy-val"
 import * as path from "path"
 import { copyFile, statOrNull, unlinkIfExists } from "builder-util/out/fs"
 import { orIfFileNotExist } from "builder-util/out/promise"
 import { AppInfo } from "./appInfo"
-import { CertType, CodeSigningInfo, createKeychain, findIdentity, Identity, isSignAllowed, removeKeychain, reportError } from "./codeSign/macCodeSign"
+import { CertType, CodeSigningInfo, createKeychain, findIdentity, Identity, isSignAllowed, removeKeychain, reportError, sign } from "./codeSign/macCodeSign"
 import { DIR_TARGET, Platform, Target } from "./core"
 import { AfterPackContext, ElectronPlatformName } from "./index"
 import { MacConfiguration, MasConfiguration, NotarizeLegacyOptions, NotarizeNotaryOptions } from "./options/macOptions"
@@ -408,7 +407,7 @@ export default class MacPackager extends PlatformPackager<MacConfiguration> {
       customSign ? "executing custom sign" : "signing"
     )
 
-    return customSign ? Promise.resolve(customSign(opts, this)) : signAsync(opts)
+    return customSign ? Promise.resolve(customSign(opts, this)) : sign(opts)
   }
 
   //noinspection JSMethodCanBeStatic