[email protected] (#20)

- test license step
- update deps
- misc formatting
- update default macOS entitlements to use hardened runtime

Author: StephenHodgson

dist/index.js

@@ -20070,7 +20070,7 @@ function expand(str, isTop) {
   var isOptions = m.body.indexOf(',') >= 0;
   if (!isSequence && !isOptions) {
     // {a},b}
-    if (m.post.match(/,.*\}/)) {
+    if (m.post.match(/,(?!,).*\}/)) {
       str = m.pre + '{' + m.body + escClose + m.post;
       return expand(str);
     }
@@ -58739,7 +58739,7 @@ async function ArchiveXcodeProject(projectRef) {
         const entitlementsHandle = await fs.promises.open(projectRef.entitlementsPath, fs.constants.O_RDONLY);
         try {
             const entitlementsContent = await fs.promises.readFile(entitlementsHandle, 'utf8');
-            core.debug(`----- Entitlements content: -----\n${entitlementsContent}\n-----------------------------------`);
+            core.info(`----- Entitlements content: -----\n${entitlementsContent}\n-----------------------------------`);
         }
         finally {
             await entitlementsHandle.close();
@@ -59216,8 +59216,10 @@ async function getDefaultEntitlementsMacOS(projectRef) {
             break;
         default:
             defaultEntitlements = {
-                'com.apple.security.cs.disable-library-validation': true,
+                'com.apple.security.cs.allow-jit': true,
+                'com.apple.security.cs.allow-unsigned-executable-memory': true,
                 'com.apple.security.cs.allow-dyld-environment-variables': true,
+                'com.apple.security.cs.disable-library-validation': true,
                 'com.apple.security.cs.disable-executable-page-protection': true,
             };
             break;

dist/index.js.map

@@ -1,6 +1,6 @@
 {
   "name": "unity-xcode-builder",
-  "version": "1.3.1",
+  "version": "1.3.2",
   "description": "A GitHub Action to build, archive, and upload Unity exported xcode projects.",
   "author": "buildalon",
   "license": "MIT",
@@ -25,7 +25,7 @@
     "uuid": "^10.0.0"
   },
   "devDependencies": {
-    "@types/node": "^22.15.21",
+    "@types/node": "^22.15.33",
     "@types/plist": "^3.0.5",
     "@types/semver": "^7.7.0",
     "@types/uuid": "^10.0.0",
@@ -39,4 +39,4 @@
     "watch": "ncc build src/index.ts -o dist --source-map --license licenses.txt --watch",
     "clean": "npm install && shx rm -rf dist/ out/ node_modules/ && npm ci"
   }
-}
+}

package-lock.json

@@ -402,7 +402,7 @@ export async function ArchiveXcodeProject(projectRef: XcodeProject): Promise<Xco
         const entitlementsHandle = await fs.promises.open(projectRef.entitlementsPath, fs.constants.O_RDONLY);
         try {
             const entitlementsContent = await fs.promises.readFile(entitlementsHandle, 'utf8');
-            core.debug(`----- Entitlements content: -----\n${entitlementsContent}\n-----------------------------------`);
+            core.info(`----- Entitlements content: -----\n${entitlementsContent}\n-----------------------------------`);
         } finally {
             await entitlementsHandle.close();
         }
@@ -741,7 +741,7 @@ async function notarizeArchive(projectRef: XcodeProject, archivePath: string, st
     }
 }
 
-async function getNotarizationLog(projectRef: XcodeProject, id: string) {
+async function getNotarizationLog(projectRef: XcodeProject, id: string): Promise<void> {
     let output = '';
     const notaryLogArgs = [
         'notarytool',
@@ -866,10 +866,12 @@ async function getDefaultEntitlementsMacOS(projectRef: XcodeProject): Promise<vo
             };
             break;
         default:
-            // steam: https://partner.steamgames.com/doc/store/application/platforms#3
+            // use default hardened runtime entitlements
             defaultEntitlements = {
-                'com.apple.security.cs.disable-library-validation': true,
+                'com.apple.security.cs.allow-jit': true,
+                'com.apple.security.cs.allow-unsigned-executable-memory': true,
                 'com.apple.security.cs.allow-dyld-environment-variables': true,
+                'com.apple.security.cs.disable-library-validation': true,
                 'com.apple.security.cs.disable-executable-page-protection': true,
             };
             break;