From abdcead4a8ba5833264dfb7d382f1c247d9c0422 Mon Sep 17 00:00:00 2001
From: Ethan Dickson <ethan@coder.com>
Date: Fri, 23 May 2025 12:50:44 +1000
Subject: [PATCH 1/2] ci: sign builds for distribution via sparkle

---
 .env                                   |  2 ++
 .github/workflows/release.yml          |  1 +
 Coder-Desktop/Coder-Desktop/Info.plist |  2 ++
 Coder-Desktop/project.yml              |  4 ++++
 Makefile                               |  3 ++-
 scripts/build.sh                       | 21 +++++++++++++++------
 6 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/.env b/.env
index 9eb149b6..6ee8f2bb 100644
--- a/.env
+++ b/.env
@@ -10,3 +10,5 @@ APPLE_ID_PASSWORD="op://Apple/3apcadvvcojjbpxnd7m5fgh5wm/password"
 
 APP_PROF="op://Apple/Provisioning Profiles/profiles/application_base64"
 EXT_PROF="op://Apple/Provisioning Profiles/profiles/extension_base64"
+
+SPARKLE_PRIVATE_KEY="op://Apple/Private key for signing Sparkle updates/notesPlain"
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c5129913..adbc130d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -56,6 +56,7 @@ jobs:
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_NOTARYTOOL_PASSWORD }}
           APP_PROF: ${{ secrets.CODER_DESKTOP_APP_PROVISIONPROFILE_B64 }}
           EXT_PROF: ${{ secrets.CODER_DESKTOP_EXTENSION_PROVISIONPROFILE_B64 }}
+          SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
         run: make release
 
       # Upload as artifact in dry-run mode
diff --git a/Coder-Desktop/Coder-Desktop/Info.plist b/Coder-Desktop/Coder-Desktop/Info.plist
index 4712604f..c1bf929a 100644
--- a/Coder-Desktop/Coder-Desktop/Info.plist
+++ b/Coder-Desktop/Coder-Desktop/Info.plist
@@ -31,5 +31,7 @@
 		<key>NEMachServiceName</key>
 		<string>$(TeamIdentifierPrefix)com.coder.Coder-Desktop.VPN</string>
 	</dict>
+	<key>SUPublicEDKey</key>
+    <string>Ae2oQLTcx89/a73XrpOt+IVvqdo+fMTjo3UKEm77VdA=</string>
 </dict>
 </plist>
diff --git a/Coder-Desktop/project.yml b/Coder-Desktop/project.yml
index 9455a44a..224add81 100644
--- a/Coder-Desktop/project.yml
+++ b/Coder-Desktop/project.yml
@@ -129,6 +129,9 @@ packages:
   URLRouting:
     url: https://github.com/pointfreeco/swift-url-routing
     revision: 09b155d
+  Sparkle:
+    url: https://github.com/sparkle-project/Sparkle
+    exactVersion: 2.7.0
 
 
 targets:
@@ -202,6 +205,7 @@ targets:
       - package: LaunchAtLogin
       - package: SDWebImageSwiftUI
       - package: SDWebImageSVGCoder
+      - package: Sparkle
     scheme:
       testPlans:
         - path: Coder-Desktop.xctestplan
diff --git a/Makefile b/Makefile
index a21b756b..e50b060c 100644
--- a/Makefile
+++ b/Makefile
@@ -106,7 +106,8 @@ release: $(KEYCHAIN_FILE) ## Create a release build of Coder Desktop
 		--app-prof-path "$$APP_PROF_PATH" \
 		--ext-prof-path "$$EXT_PROF_PATH" \
 		--version $(MARKETING_VERSION) \
-		--keychain "$(APP_SIGNING_KEYCHAIN)"; \
+		--keychain "$(APP_SIGNING_KEYCHAIN)" \
+		--sparkle-private-key "$$SPARKLE_PRIVATE_KEY"; \
 	rm "$$APP_PROF_PATH" "$$EXT_PROF_PATH"
 
 .PHONY: fmt
diff --git a/scripts/build.sh b/scripts/build.sh
index de6f34aa..1cf65c30 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -16,15 +16,17 @@ APP_PROF_PATH=${APP_PROF_PATH:-""}
 EXT_PROF_PATH=${EXT_PROF_PATH:-""}
 KEYCHAIN=${KEYCHAIN:-""}
 VERSION=${VERSION:-""}
+SPARKLE_PRIVATE_KEY=${SPARKLE_PRIVATE_KEY:-""}
 
 # Function to display usage
 usage() {
   echo "Usage: $0 [--app-prof-path <path>] [--ext-prof-path <path>] [--keychain <path>]"
-  echo "  --app-prof-path <path>     Set the APP_PROF_PATH variable"
-  echo "  --ext-prof-path <path>     Set the EXT_PROF_PATH variable"
-  echo "  --keychain      <path>     Set the KEYCHAIN variable"
-  echo "  --version       <version>  Set the VERSION variable to fetch and generate the cask file for"
-  echo "  -h, --help                 Display this help message"
+  echo "  --app-prof-path       <path>     Set the APP_PROF_PATH variable"
+  echo "  --ext-prof-path       <path>     Set the EXT_PROF_PATH variable"
+  echo "  --keychain            <path>     Set the KEYCHAIN variable"
+  echo "  --sparkle-private-key <path>     Set the SPARKLE_PRIVATE_KEY variable"
+  echo "  --version             <version>  Set the VERSION variable to fetch and generate the cask file for"
+  echo "  -h, --help                       Display this help message"
 }
 
 # Parse command line arguments
@@ -42,6 +44,10 @@ while [[ "$#" -gt 0 ]]; do
     KEYCHAIN="$2"
     shift 2
     ;;
+  --sparkle-private-key)
+    SPARKLE_PRIVATE_KEY="$2"
+    shift 2
+    ;;
   --version)
     VERSION="$2"
     shift 2
@@ -59,7 +65,7 @@ while [[ "$#" -gt 0 ]]; do
 done
 
 # Check if required variables are set
-if [[ -z "$APP_PROF_PATH" || -z "$EXT_PROF_PATH" || -z "$KEYCHAIN" ]]; then
+if [[ -z "$APP_PROF_PATH" || -z "$EXT_PROF_PATH" || -z "$KEYCHAIN" || -z "$SPARKLE_PRIVATE_KEY" ]]; then
   echo "Missing required values"
   echo "APP_PROF_PATH: $APP_PROF_PATH"
   echo "EXT_PROF_PATH: $EXT_PROF_PATH"
@@ -195,6 +201,9 @@ xcrun notarytool submit "$PKG_PATH" \
 xcrun stapler staple "$PKG_PATH"
 xcrun stapler staple "$BUILT_APP_PATH"
 
+signature=$(echo "$SPARKLE_PRIVATE_KEY" | ~/Library/Developer/Xcode/DerivedData/Coder-Desktop-*/SourcePackages/artifacts/sparkle/Sparkle/bin/sign_update "$PKG_PATH" -ed-key-file -)
+echo "$signature" >"$PKG_PATH.sig"
+
 # Add dsym to build artifacts
 (cd "$ARCHIVE_PATH/dSYMs" && zip -9 -r --symlinks "$DSYM_ZIPPED_PATH" ./*)
 

From d9d94b334acd9a3b4d218c87b36c0a53a2bfb887 Mon Sep 17 00:00:00 2001
From: Ethan Dickson <ethan@coder.com>
Date: Fri, 23 May 2025 13:23:18 +1000
Subject: [PATCH 2/2] zzz

---
 scripts/build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/build.sh b/scripts/build.sh
index 1cf65c30..f6e537a6 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -201,7 +201,7 @@ xcrun notarytool submit "$PKG_PATH" \
 xcrun stapler staple "$PKG_PATH"
 xcrun stapler staple "$BUILT_APP_PATH"
 
-signature=$(echo "$SPARKLE_PRIVATE_KEY" | ~/Library/Developer/Xcode/DerivedData/Coder-Desktop-*/SourcePackages/artifacts/sparkle/Sparkle/bin/sign_update "$PKG_PATH" -ed-key-file -)
+signature=$(echo "$SPARKLE_PRIVATE_KEY" | ~/Library/Developer/Xcode/DerivedData/Coder-Desktop-*/SourcePackages/artifacts/sparkle/Sparkle/bin/sign_update "$PKG_PATH" --ed-key-file -)
 echo "$signature" >"$PKG_PATH.sig"
 
 # Add dsym to build artifacts

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/coder/coder-desktop-macos/pull/165.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder-desktop-macos/pull/165.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder-desktop-macos/pull/165.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/coder/coder-desktop-macos/pull/165.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>