The Ghostty Apple ID has been frozen. I'm working on figuring out how to
get it back. In the meantime, this switches the notarization to my
personal Apple ID.
I originally created the dedicated Apple ID to limit access since we
were using app passwords. But I've since discovered that we can create
API tokens that have limited access, so I don't think this is a problem
anymore.
Resolves#7591
This moves our CI to build macOS on Sequoia (macOS 15) with Xcode 26,
including the new macOS 26 beta SDK.
Importantly, this will make our builds on macOS 26 use the new styling.
I've added a new job that ensures we can continue to build with Xcode 16 and
the macOS 15 SDK, as well, although I think that might come to an end
when we switch over to an IconComposer-based icon. I'll verify then. For
now, we continue to support both.
I've also removed our `hasLiquidGlass` check, since this will now always
be true for macOS 26 builds.
We have been building on macOS 14 and Xcode 16.0 for a longggg time now.
This gets us to a version that will be running Xcode 26 eventually so
we can ultimately build for Tahoe on a stable OS.
This should change nothing in the interim.
The auto-update prompt isn't useful for local (source) builds. Disable
it by default by setting Sparkle's SUEnableAutomaticChecks Info.plist
key to NO (false) for all build configurations.
We then selectively re-enable it by deleting that Info.plist key from
our release workflows. We delete the key instead of setting its value to
YES (true) to give us Sparkle's default behavior of prompting the user
to enable update checks on the second application launch. (YES tells
Sparkle to skip that prompt and silently enable update checks.)
See also: https://sparkle-project.org/documentation/customization/
The focus of this commit is to store the dSYM files associated with
official macOS builds. dSYM files allow us to map crash reports to
source.
The dSYM files are primarily uploaded to our official blob storage where
all releases are also stored. We also upload the dSYM files to Sentry
since I'm experimenting with using that for crash reproting (note:
manual crash reporting, no automatic network traffic).
This commit also changes our blob URLs for releases to use the full
Git SHA rather than a build number. This is much easier to trace back.
There are numerous fixes since our previous version (2.5.1) and I
believe at least one is one that users have hit where unarchiving didn't
work properly despite a properly built archive. I'm hoping this improves
that.
Besides this, there is one major security fix. I think it was low risk
to our project currently but I read through it and it is sensible to
protect against the case.
