Sync 5.0.0 alpha6

.github/workflows/build-and-release.yml

@@ -375,17 +375,26 @@ jobs:
         working-directory: .
         run: |
           S3_PATH="s3://${{ secrets.AWS_S3_BUCKET }}/wi/${{ github.run_id }}/"
-          aws s3 cp installers/mac/ "${S3_PATH}" --recursive --exclude "*" --include "*.pkg"
+          aws s3 cp installers/mac/ "${S3_PATH}" --recursive --exclude "*" --include "*.pkg" --include "*.dmg"
 
       - name: Upload macOS artifacts
         if: ${{ github.event.inputs.build_packed_installers == 'true' }}
         uses: actions/upload-artifact@v4
         with:
-          name: Product-Integrator-Darwin-${{ matrix.arch }}
+          name: Product-Integrator-Darwin-PKG-${{ matrix.arch }}
           path: |
             installers/mac/*.pkg
           if-no-files-found: error
 
+      - name: Upload macOS DMG artifacts
+        if: ${{ github.event.inputs.build_packed_installers == 'true' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: Product-Integrator-Darwin-DMG-${{ matrix.arch }}
+          path: |
+            installers/mac/*.dmg
+          if-no-files-found: error
+
       - name: cosign-installer
         if: ${{ github.event.inputs.build_packed_installers == 'true' }}
         uses: sigstore/cosign-installer@v3.5.0
@@ -407,11 +416,29 @@ jobs:
           cd ../..
           openssl dgst -sha256 -out installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.pkg.sha256 installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.pkg
 
-      - name: Upload Signatures and Hashes for pkg installer
+      - name: Sign the dmg installer
+        if: ${{ github.event.inputs.build_packed_installers == 'true' }}
+        run: |
+          cd ../..
+          cosign sign-blob installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.dmg --output-certificate installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.dmg.pem --output-signature installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.dmg.sig --yes
+
+      - name: Verify signature of the dmg installer
+        if: ${{ github.event.inputs.build_packed_installers == 'true' }}
+        run: |
+          cd ../..
+          cosign verify-blob installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.dmg --certificate installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.dmg.pem --signature installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.dmg.sig --certificate-identity=https://github.com/wso2/product-integrator/.github/workflows/build-and-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
+
+      - name: Generate Hashes for dmg installer
+        if: ${{ github.event.inputs.build_packed_installers == 'true' }}
+        run: |
+          cd ../..
+          openssl dgst -sha256 -out installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.dmg.sha256 installers/mac/wso2-integrator-${{ github.event.inputs.integrator_version }}-${{ matrix.arch }}.dmg
+
+      - name: Upload Signatures and Hashes for mac installers
         if: ${{ github.event.inputs.build_packed_installers == 'true' }}
         uses: actions/upload-artifact@v4
         with:
-          name: Signatures-and-Hashes-PKG
+          name: Signatures-and-Hashes-MAC
           path: |
             installers/mac/*.pem
             installers/mac/*.sig
@@ -686,6 +713,16 @@ jobs:
         if: ${{ github.event.inputs.build_packed_installers == 'true' }}
         run: |
           cp ../artifacts/VSCode-win32-x64.zip ../../installers/windows/
+      - name: Exclude build workspace from Windows Defender
+        if: ${{ github.event.inputs.build_packed_installers == 'true' }}
+        shell: pwsh
+        run: |
+          Add-MpPreference -ExclusionPath "$env:GITHUB_WORKSPACE"
+      - name: Enable long paths (Windows)
+        if: ${{ github.event.inputs.build_packed_installers == 'true' }}
+        shell: pwsh
+        run: |
+          Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -Name 'LongPathsEnabled' -Value 1
       - name: Build Windows installer packages
         if: ${{ github.event.inputs.build_packed_installers == 'true' }}
         shell: pwsh
@@ -856,14 +893,21 @@ jobs:
       - name: Download macOS PKG artifacts
         uses: actions/download-artifact@v4
         with:
-          name: Product-Integrator-Darwin-arm64
+          name: Product-Integrator-Darwin-PKG-arm64
+          path: release-files/
+        continue-on-error: true
+
+      - name: Download macOS DMG artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: Product-Integrator-Darwin-DMG-arm64
           path: release-files/
         continue-on-error: true
 
-      - name: Download Signatures and Hashes (PKG)
+      - name: Download Signatures and Hashes (MAC)
         uses: actions/download-artifact@v4
         with:
-          name: Signatures-and-Hashes-PKG
+          name: Signatures-and-Hashes-MAC
           path: release-files/
         continue-on-error: true
 

.gitignore

@@ -54,3 +54,4 @@ common/autoinstallers/*/.npmrc
 
 **/rush-logs/
 .github/workflows/release.yml
+installers/mac/dmg_mount/

installers/mac/Distribution.xml

@@ -2,8 +2,8 @@
 <installer-gui-script minSpecVersion="1">
     <title>WSO2 Integrator</title>
     <organization>com.wso2.integrator</organization>
-    <domains enable_localSystem="false" enable_currentUserOnly="true" enable_currentUserHome="true" />
-    <options customize="never" require-scripts="false" rootVolumeOnly="false" />
+    <domains enable_localSystem="true" enable_currentUserOnly="false" enable_currentUserHome="false" />
+    <options customize="never" require-scripts="false" rootVolumeOnly="true" />
     <welcome file="welcome.html" />
     <license file="license.txt" />
     <conclusion file="conclusion.html" />

installers/mac/build.sh

@@ -158,6 +158,117 @@ else
     exit 1
 fi
 
+# -------------------------------------------------------------------
+# Build the DMG
+# -------------------------------------------------------------------
+
+APP_NAME="WSO2 Integrator"
+DMG_NAME="wso2-integrator-$VERSION-$ARCH.dmg"
+DMG_STAGING="$WORK_DIR/dmg_staging"
+
+# Fix #4: include $ARCH in temp filename to avoid collisions across architectures
+TEMP_DMG="$WORK_DIR/tmp_rw_$VERSION-$ARCH.dmg"
+
+# Fix #3: cleanup trap — detach mounted image and remove temp artifacts on any exit
+DMG_MOUNT_DIR=""
+dmg_cleanup() {
+    if [ -n "$DMG_MOUNT_DIR" ] && hdiutil info | grep -q "$DMG_MOUNT_DIR"; then
+        print_warning "Trap: detaching leftover DMG mount at $DMG_MOUNT_DIR"
+        hdiutil detach "$DMG_MOUNT_DIR" -force -quiet 2>/dev/null || true
+    fi
+    rm -f "$TEMP_DMG"
+    rm -rf "$DMG_STAGING"
+}
+trap dmg_cleanup EXIT
+
+print_info "Preparing DMG staging directory"
+rm -rf "$DMG_STAGING"
+mkdir -p "$DMG_STAGING"
+
+# The .app is still fully assembled in WSO2_TARGET — reuse it directly
+cp -r "$WSO2_TARGET/$APP_NAME.app" "$DMG_STAGING/"
+
+# Fix #5: remove any leftover temp DMG before creation to avoid "File exists" error
+rm -f "$TEMP_DMG"
+
+print_info "Creating temporary writable DMG (auto-sized)"
+hdiutil create \
+    -srcfolder "$DMG_STAGING" \
+    -volname "$APP_NAME" \
+    -fs HFS+ \
+    -format UDRW \
+    "$TEMP_DMG"
+
+print_info "Mounting temporary DMG for customisation"
+# Fix #1: capture actual mountpoint from hdiutil attach output via -plist
+# Note: -quiet suppresses plist output, so redirect stderr instead
+ATTACH_PLIST=$(hdiutil attach "$TEMP_DMG" -plist 2>/dev/null)
+DMG_MOUNT_DIR=$(echo "$ATTACH_PLIST" | python3 -c "
+import sys, plistlib
+pl = plistlib.loads(sys.stdin.buffer.read())
+for e in pl.get('system-entities', []):
+    mp = e.get('mount-point', '')
+    if mp.startswith('/Volumes/'):
+        print(mp)
+        break
+")
+
+if [ -z "$DMG_MOUNT_DIR" ]; then
+    print_error "Failed to determine DMG mount point"
+    exit 1
+fi
+print_info "DMG mounted at: $DMG_MOUNT_DIR"
+sleep 3
+
+# Fix #2: create a POSIX symlink as fallback (works in CI without Finder)
+ln -sf /Applications "$DMG_MOUNT_DIR/Applications"
+
+# Fix #2: attempt Finder window layout but treat it as best-effort (non-fatal)
+print_info "Configuring DMG window layout (best-effort)"
+osascript <<APPLESCRIPT 2>/dev/null || print_warning "Finder AppleScript layout skipped (restricted environment)"
+tell application "Finder"
+    set dmgDisk to disk "$(basename "$DMG_MOUNT_DIR")"
+    tell dmgDisk
+        open
+        set current view of container window to icon view
+        set toolbar visible of container window to false
+        set statusbar visible of container window to false
+        set the bounds of container window to {400, 100, 840, 480}
+        set viewOptions to the icon view options of container window
+        set arrangement of viewOptions to not arranged
+        set icon size of viewOptions to 100
+        set position of item "$APP_NAME.app" of container window to {130, 170}
+        set position of item "Applications" of container window to {310, 170}
+        close
+        open
+        update without registering applications
+        delay 2
+    end tell
+end tell
+APPLESCRIPT
+
+print_info "Finalising DMG"
+sync
+sleep 3
+hdiutil detach "$DMG_MOUNT_DIR" -force -quiet
+DMG_MOUNT_DIR=""  # Clear so trap doesn't attempt a second detach
+hdiutil convert "$TEMP_DMG" \
+    -format UDZO \
+    -imagekey zlib-level=9 \
+    -o "$WORK_DIR/$DMG_NAME"
+
+if [ -f "$WORK_DIR/$DMG_NAME" ]; then
+    print_info "Successfully created: $DMG_NAME"
+    print_info "Package size: $(du -h "$WORK_DIR/$DMG_NAME" | cut -f1)"
+else
+    print_error "Failed to create DMG package"
+    exit 1
+fi
+
+# Temp files cleaned by the EXIT trap
+trap - EXIT
+dmg_cleanup
+
 # Cleanup
 rm -rf "${WSO2_TARGET:?}"/*
 rm -rf "${ICP_TARGET:?}"/*

installers/windows/WixPackage/Package.wxs

@@ -11,7 +11,7 @@
   >
 
     <MajorUpgrade DowngradeErrorMessage="!(loc.DowngradeError)" />
-    <MediaTemplate EmbedCab="yes" />
+    <MediaTemplate EmbedCab="yes" CompressionLevel="none" MaximumUncompressedMediaSize="400" />
 
     <ui:WixUI Id="WixUI_InstallDir_Custom" InstallDirectory="INSTALLFOLDER" />
 
@@ -23,7 +23,6 @@
       <ComponentGroupRef Id="IntegratorComponents" />
       <ComponentRef Id="IntegratorShortcutComponent" />
       <ComponentRef Id="CleanupFoldersComponent" />
-      <!-- <ComponentGroupRef Id="SettingsComponents" /> -->
     </Feature>
 
   </Package>

installers/windows/WixPackage/WixPackage.wixproj

@@ -9,9 +9,4 @@
     <PackageReference Include="WixToolset.UI.wixext" Version="5.0.2" />
     <PackageReference Include="WixToolset.Util.wixext" Version="5.0.2" />
   </ItemGroup>
-
-  <Target Name="CheckPayloadExists" BeforeTargets="BeforeBuild">
-    <Error Condition="!Exists('$(MSBuildThisFileDirectory)payload\settings.json')"
-           Text="Missing required payload file: $(MSBuildThisFileDirectory)payload\settings.json. Ensure the packaging step has produced this file before building the WiX project." />
-  </Target>
 </Project>

installers/windows/build.bat

@@ -30,6 +30,9 @@ if "%~5"=="" (
 )
 
 
+REM Clean up any leftover payload directory from a previous build
+if exist ".\WixPackage\payload" rmdir /s /q ".\WixPackage\payload"
+
 @REM REM Extract integrator.zip
 powershell -nologo -noprofile -command "& { Add-Type -A 'System.IO.Compression.FileSystem'; [IO.Compression.ZipFile]::ExtractToDirectory('%~3', '.\WixPackage\payload\Integrator'); }"
 if errorlevel 1 (
@@ -78,23 +81,37 @@ if exist "%BAL_SRC%" (
 REM Extract numeric-only version for WiX ProductVersion (strip pre-release suffix like -m1, -beta1)
 for /f "delims=" %%v in ('powershell -nologo -noprofile -command "('%~5' -split '-')[0]"') do set "WIX_VERSION=%%v"
 
+
 REM Update version in Package.wxs
 powershell -Command "(Get-Content '.\WixPackage\Package.wxs') -replace '@VERSION@', '%WIX_VERSION%' | Set-Content '.\WixPackage\Package.wxs'"
 
+REM Map build directory to a short drive letter to keep file paths under 260 chars.
+REM wixnative.exe lacks a longPathAware manifest, so it crashes on paths > 260 chars.
+set "SCRIPT_DIR=%~dp0"
+set "SCRIPT_DIR=%SCRIPT_DIR:~0,-1%"
+subst W: "%SCRIPT_DIR%"
+pushd W:\
 
 dotnet build .\CustomAction1\CustomAction1.csproj -c Release
 if errorlevel 1 (
     echo CustomAction1 build failed
+    popd
+    subst W: /D
     powershell -Command "(Get-Content '.\WixPackage\Package.wxs') -replace '%WIX_VERSION%', '@VERSION@' | Set-Content '.\WixPackage\Package.wxs'"
     exit /b 1
 )
-dotnet build .\WixPackage\WixPackage.wixproj -p:Platform=x64 -p:Configuration=Release
+dotnet build .\WixPackage\WixPackage.wixproj -p:Platform=x64 -p:Configuration=Release -maxcpucount:1 -v:detailed
 if errorlevel 1 (
     echo WixPackage build failed
+    popd
+    subst W: /D
     powershell -Command "(Get-Content '.\WixPackage\Package.wxs') -replace '%WIX_VERSION%', '@VERSION@' | Set-Content '.\WixPackage\Package.wxs'"
     exit /b 1
 )
 
+popd
+subst W: /D
+
 REM Rename MSI output to include version
 set "MSI_ORIG=WixPackage\bin\x64\Release\en-US\WSO2-Integrator.msi"
 set "MSI_NEW=WixPackage\bin\x64\Release\en-US\wso2-integrator-%~5.msi"