From 141fbbe63ef2d9cb7fe01c2d1821579af5ef722e Mon Sep 17 00:00:00 2001 From: Satya Patel Date: Tue, 10 Feb 2026 12:28:52 -0800 Subject: [PATCH 1/6] ci(desktop): use macos-latest-xlarge runner for faster builds --- .github/workflows/build-desktop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 39b892fe2bf..7dcee325e0d 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -31,7 +31,7 @@ on: jobs: build: name: Build - macOS (${{ matrix.arch }}) - runs-on: macos-latest + runs-on: macos-latest-xlarge environment: production strategy: From 84f11dddf0aa41beab8e01cbb014ca4c0fcbd929 Mon Sep 17 00:00:00 2001 From: Satya Patel Date: Tue, 10 Feb 2026 12:47:25 -0800 Subject: [PATCH 2/6] ci(desktop): try macos-latest-large runner instead --- .github/workflows/build-desktop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 7dcee325e0d..c38d899c6d5 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -31,7 +31,7 @@ on: jobs: build: name: Build - macOS (${{ matrix.arch }}) - runs-on: macos-latest-xlarge + runs-on: macos-latest-large environment: production strategy: From 526ee15fc619729a926af9640e0a422b5f564e96 Mon Sep 17 00:00:00 2001 From: Satya Patel Date: Tue, 10 Feb 2026 13:44:40 -0800 Subject: [PATCH 3/6] ci(desktop): split build step into prepare, build, and sign Breaks the monolithic "Build Electron app" step into 3 discrete steps to get visibility into where time is spent: 1. Prepare native modules & resources 2. Build unsigned app bundle 3. Code sign, notarize & package --- .github/workflows/build-desktop.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index c38d899c6d5..68493938bfb 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -96,7 +96,17 @@ jobs: STREAMS_URL: ${{ secrets.STREAMS_URL }} run: bun run compile:app - - name: Build Electron app + - name: Prepare native modules & resources + working-directory: apps/desktop + run: | + bun run copy:native-modules + bun run download:claude + + - name: Build app bundle + working-directory: apps/desktop + run: npx electron-builder --dir --config ${{ inputs.electron_builder_config }} -c.mac.identity=null + + - name: Code sign, notarize & package working-directory: apps/desktop env: CSC_LINK: ${{ secrets.MAC_CERTIFICATE }} @@ -104,7 +114,7 @@ jobs: APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: bun run package -- --publish never --config ${{ inputs.electron_builder_config }} + run: npx electron-builder --prepackaged release/mac-arm64 --config ${{ inputs.electron_builder_config }} --publish never - name: Upload DMG artifact uses: actions/upload-artifact@v4 From 53486bf2c9b601d5a75af71942859885b02804d5 Mon Sep 17 00:00:00 2001 From: Satya Patel Date: Tue, 10 Feb 2026 14:25:16 -0800 Subject: [PATCH 4/6] fix(ci): add --arm64 flag to dir build step --dir mode ignores mac.target.arch from config and defaults to host arch (x64 on macos-latest-large). Explicitly pass --arm64 so the unsigned bundle lands in release/mac-arm64 as expected. --- .github/workflows/build-desktop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 68493938bfb..5a48be9d77d 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -104,7 +104,7 @@ jobs: - name: Build app bundle working-directory: apps/desktop - run: npx electron-builder --dir --config ${{ inputs.electron_builder_config }} -c.mac.identity=null + run: npx electron-builder --dir --arm64 --config ${{ inputs.electron_builder_config }} -c.mac.identity=null - name: Code sign, notarize & package working-directory: apps/desktop From f5f99f5e8c696aa088259e99ba1855933d1f1e71 Mon Sep 17 00:00:00 2001 From: Satya Patel Date: Tue, 10 Feb 2026 14:53:21 -0800 Subject: [PATCH 5/6] fix(ci): pass .app path to --prepackaged, not parent dir --prepackaged release/mac-arm64 wraps the directory in another .app, creating a double-nested bundle. It needs the path to the actual .app bundle (e.g. release/mac-arm64/Superset Canary.app). --- .github/workflows/build-desktop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 5a48be9d77d..70974a23a82 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -114,7 +114,7 @@ jobs: APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} - run: npx electron-builder --prepackaged release/mac-arm64 --config ${{ inputs.electron_builder_config }} --publish never + run: npx electron-builder --prepackaged "release/mac-arm64/$(ls release/mac-arm64/)" --config ${{ inputs.electron_builder_config }} --publish never - name: Upload DMG artifact uses: actions/upload-artifact@v4 From 986a34adc7ba5f376a30ff066aa32e5584382dad Mon Sep 17 00:00:00 2001 From: Satya Patel Date: Tue, 10 Feb 2026 15:16:23 -0800 Subject: [PATCH 6/6] fix(ci): move signing to build step, prepackaged only creates DMG/ZIP electron-builder's --prepackaged skips the signing phase entirely. Move signing env vars to the --dir build step so the .app is properly signed and notarized. The prepackaged step then just creates DMG/ZIP from the already-signed bundle. --- .github/workflows/build-desktop.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 70974a23a82..c6ccdfd7d42 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -102,11 +102,7 @@ jobs: bun run copy:native-modules bun run download:claude - - name: Build app bundle - working-directory: apps/desktop - run: npx electron-builder --dir --arm64 --config ${{ inputs.electron_builder_config }} -c.mac.identity=null - - - name: Code sign, notarize & package + - name: Build & sign app bundle working-directory: apps/desktop env: CSC_LINK: ${{ secrets.MAC_CERTIFICATE }} @@ -114,6 +110,10 @@ jobs: APPLE_ID: ${{ secrets.APPLE_ID }} APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + run: npx electron-builder --dir --arm64 --config ${{ inputs.electron_builder_config }} + + - name: Package (DMG & ZIP) + working-directory: apps/desktop run: npx electron-builder --prepackaged "release/mac-arm64/$(ls release/mac-arm64/)" --config ${{ inputs.electron_builder_config }} --publish never - name: Upload DMG artifact