Skip to content

build: Switch to dylibs on macOS #468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
limbonaut wants to merge 15 commits into
base: main
Choose a base branch
from
Open

build: Switch to dylibs on macOS #468

limbonaut wants to merge 15 commits into from

Conversation

@limbonaut
Copy link
Collaborator

@limbonaut limbonaut commented Dec 18, 2025
edited
Loading

This PR refactors the build process to create dylibs on macOS instead of frameworks to dodge issues with symlinks on Windows and app rejections in TestFlight due to malformed framework bundles.

@limbonaut limbonaut mentioned this pull request Dec 18, 2025
Open
This was referenced Dec 19, 2025
Closed
Closed
@limbonaut limbonaut changed the title PoC: build: Switch to dylibs on macOS build: Switch to dylibs on macOS Dec 19, 2025
@limbonaut limbonaut marked this pull request as ready for review December 19, 2025 09:36
sentry[bot]
sentry bot reviewed Dec 19, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Dec 19, 2025
View reviewed changes
.github/workflows/package.yml
APPLE_API_KEY_PATH: /tmp/apple_key.json
DO_CODESIGN: ${{ startsWith(github.ref, 'refs/heads/release/') && '1' || '0' }}
# DO_CODESIGN: ${{ startsWith(github.ref, 'refs/heads/release/') && '1' || '0' }}
DO_CODESIGN: 1
Copy link

@cursor cursor bot Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Hardcoded codesign flag may break CI on non-release branches

The conditional DO_CODESIGN logic is commented out and replaced with a hardcoded value of 1. Previously, codesigning only ran on release branches (refs/heads/release/). Now it always attempts to codesign, which will cause CI failures on non-release branches if the APPLE_CERT_DATA and APPLE_API_KEY secrets aren't available (the step at line 42-45 explicitly errors when these are missing).

Fix in Cursor Fix in Web

Copy link
Collaborator Author

@limbonaut limbonaut Dec 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll revert it when approved. Used for testing.

sentry[bot]
sentry bot reviewed Dec 19, 2025
View reviewed changes
@Ughuuu
Copy link

Ughuuu commented Dec 19, 2025

Not sure if this will cut it though, but I'm not an expert. I think the reason we use frameworks is so that they can be signed. dylibs if not will show a popup error when people download the addon.

@limbonaut
Copy link
Collaborator Author

limbonaut commented Dec 19, 2025
edited
Loading

@Ughuuu I've added changes to CI to sign the dylibs. And I checked a build from CI in a Godot project - no issues with Gatekeeper. It's all good!

Codesign info 
~/Downloads/sentry-godot-gdextension-1.2.0+2e19109
❯ codesign -vvv --display addons/sentry/bin/macos/libsentry.macos.release.dylib
Executable=/Users/limbonaut/Downloads/sentry-godot-gdextension-1.2.0+2e19109/addons/sentry/bin/macos/libsentry.macos.release.dylib
Identifier=libsentry.macos.release.dylib
Format=Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=12425 flags=0x10000(runtime) hashes=382+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=183f2467cf0a66bba63128481621caf446dc9640
CandidateCDHashFull sha256=183f2467cf0a66bba63128481621caf446dc9640b5e2410b9745e5ba7a77287c
Hash choices=sha256
CMSDigest=183f2467cf0a66bba63128481621caf446dc9640b5e2410b9745e5ba7a77287c
CMSDigestType=2
CDHash=183f2467cf0a66bba63128481621caf446dc9640
Signature size=8971
Authority=Developer ID Application: GetSentry LLC (97JCY7859U)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=18 Dec 2025 at 23:30:06
Info.plist=not bound
TeamIdentifier=97JCY7859U
Runtime Version=15.5.0
Sealed Resources=none
Internal requirements count=1 size=192

~/Downloads/sentry-godot-gdextension-1.2.0+2e19109
❯ codesign -vvv --display addons/sentry/bin/macos/libsentry.macos.debug.dylib
Executable=/Users/limbonaut/Downloads/sentry-godot-gdextension-1.2.0+2e19109/addons/sentry/bin/macos/libsentry.macos.debug.dylib
Identifier=libsentry.macos.debug.dylib
Format=Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=16071 flags=0x10000(runtime) hashes=496+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=8bcf44f033b0d72198b4f259086e565396ca8df6
CandidateCDHashFull sha256=8bcf44f033b0d72198b4f259086e565396ca8df6ac10ad6e68876c3abc7cfa5a
Hash choices=sha256
CMSDigest=8bcf44f033b0d72198b4f259086e565396ca8df6ac10ad6e68876c3abc7cfa5a
CMSDigestType=2
CDHash=8bcf44f033b0d72198b4f259086e565396ca8df6
Signature size=8970
Authority=Developer ID Application: GetSentry LLC (97JCY7859U)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=18 Dec 2025 at 23:30:05
Info.plist=not bound
TeamIdentifier=97JCY7859U
Runtime Version=15.5.0
Sealed Resources=none
Internal requirements count=1 size=188

~/Downloads/sentry-godot-gdextension-1.2.0+2e19109
❯ codesign -vvv --display addons/sentry/bin/macos/libSentry.dylib
Executable=/Users/limbonaut/Downloads/sentry-godot-gdextension-1.2.0+2e19109/addons/sentry/bin/macos/libSentry.dylib
Identifier=libSentry.dylib
Format=Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=54779 flags=0x10000(runtime) hashes=1706+2 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=e745bb5ae29a81b7f444fb3f4918f48c5460f85c
CandidateCDHashFull sha256=e745bb5ae29a81b7f444fb3f4918f48c5460f85ca3ca62db0876763c88a90343
Hash choices=sha256
CMSDigest=e745bb5ae29a81b7f444fb3f4918f48c5460f85ca3ca62db0876763c88a90343
CMSDigestType=2
CDHash=e745bb5ae29a81b7f444fb3f4918f48c5460f85c
Signature size=8971
Authority=Developer ID Application: GetSentry LLC (97JCY7859U)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=18 Dec 2025 at 23:30:06
Info.plist=not bound
TeamIdentifier=97JCY7859U
Runtime Version=14.2.0
Sealed Resources=none
Internal requirements count=1 size=176

BTW, when you export your Godot project with codesign, it signs the entire bundle and every library, which means it overwrites Sentry's signatures. Just for the info. And there is no problems with Gatekeeper as far as I've tested. It makes an online check the first time you use the library, and since it's signed and notarized – it gets a pass. The exported projects should get stamped during notarization process, so players don't even need to be online.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@tustanivsky tustanivsky tustanivsky approved these changes

@bitsandfoxes bitsandfoxes Awaiting requested review from bitsandfoxes

@mujacica mujacica Awaiting requested review from mujacica

+1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Build System

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

TestFlight rejects the app due to malformed framework bundles

4 participants

@limbonaut @Ughuuu @tustanivsky