chore: update to @electron/osx-sign@2.0.0 (microsoft#259758)

Author: deepak1556

build/darwin/sign.js

@@ -5,17 +5,34 @@
 
 import fs from 'fs';
 import path from 'path';
-import codesign from 'electron-osx-sign';
+import { sign, SignOptions } from '@electron/osx-sign';
 import { spawn } from '@malept/cross-spawn-promise';
 
 const root = path.dirname(path.dirname(__dirname));
+const baseDir = path.dirname(__dirname);
+const product = JSON.parse(fs.readFileSync(path.join(root, 'product.json'), 'utf8'));
+const helperAppBaseName = product.nameShort;
+const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';
+const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';
+const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';
 
 function getElectronVersion(): string {
 	const npmrc = fs.readFileSync(path.join(root, '.npmrc'), 'utf8');
 	const target = /^target="(.*)"$/m.exec(npmrc)![1];
 	return target;
 }
 
+function getEntitlementsForFile(filePath: string): string {
+	if (filePath.includes(gpuHelperAppName)) {
+		return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist');
+	} else if (filePath.includes(rendererHelperAppName)) {
+		return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist');
+	} else if (filePath.includes(pluginHelperAppName)) {
+		return path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist');
+	}
+	return path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist');
+}
+
 async function main(buildDir?: string): Promise<void> {
 	const tempDir = process.env['AGENT_TEMPDIRECTORY'];
 	const arch = process.env['VSCODE_ARCH'];
@@ -29,60 +46,22 @@ async function main(buildDir?: string): Promise<void> {
 		throw new Error('$AGENT_TEMPDIRECTORY not set');
 	}
 
-	const product = JSON.parse(fs.readFileSync(path.join(root, 'product.json'), 'utf8'));
-	const baseDir = path.dirname(__dirname);
 	const appRoot = path.join(buildDir, `VSCode-darwin-${arch}`);
 	const appName = product.nameLong + '.app';
-	const appFrameworkPath = path.join(appRoot, appName, 'Contents', 'Frameworks');
-	const helperAppBaseName = product.nameShort;
-	const gpuHelperAppName = helperAppBaseName + ' Helper (GPU).app';
-	const rendererHelperAppName = helperAppBaseName + ' Helper (Renderer).app';
-	const pluginHelperAppName = helperAppBaseName + ' Helper (Plugin).app';
 	const infoPlistPath = path.resolve(appRoot, appName, 'Contents', 'Info.plist');
 
-	const defaultOpts: codesign.SignOptions = {
+	const appOpts: SignOptions = {
 		app: path.join(appRoot, appName),
 		platform: 'darwin',
-		entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist'),
-		'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'app-entitlements.plist'),
-		hardenedRuntime: true,
-		'pre-auto-entitlements': false,
-		'pre-embed-provisioning-profile': false,
+		optionsForFile: (filePath) => ({
+			entitlements: getEntitlementsForFile(filePath),
+			hardenedRuntime: true,
+		}),
+		preAutoEntitlements: false,
+		preEmbedProvisioningProfile: false,
 		keychain: path.join(tempDir, 'buildagent.keychain'),
 		version: getElectronVersion(),
 		identity,
-		'gatekeeper-assess': false
-	};
-
-	const appOpts = {
-		...defaultOpts,
-		// TODO(deepak1556): Incorrectly declared type in electron-osx-sign
-		ignore: (filePath: string) => {
-			return filePath.includes(gpuHelperAppName) ||
-				filePath.includes(rendererHelperAppName) ||
-				filePath.includes(pluginHelperAppName);
-		}
-	};
-
-	const gpuHelperOpts: codesign.SignOptions = {
-		...defaultOpts,
-		app: path.join(appFrameworkPath, gpuHelperAppName),
-		entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist'),
-		'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-gpu-entitlements.plist'),
-	};
-
-	const rendererHelperOpts: codesign.SignOptions = {
-		...defaultOpts,
-		app: path.join(appFrameworkPath, rendererHelperAppName),
-		entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist'),
-		'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-renderer-entitlements.plist'),
-	};
-
-	const pluginHelperOpts: codesign.SignOptions = {
-		...defaultOpts,
-		app: path.join(appFrameworkPath, pluginHelperAppName),
-		entitlements: path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist'),
-		'entitlements-inherit': path.join(baseDir, 'azure-pipelines', 'darwin', 'helper-plugin-entitlements.plist'),
 	};
 
 	// Only overwrite plist entries for x64 and arm64 builds,
@@ -111,10 +90,7 @@ async function main(buildDir?: string): Promise<void> {
 		]);
 	}
 
-	await codesign.signAsync(gpuHelperOpts);
-	await codesign.signAsync(rendererHelperOpts);
-	await codesign.signAsync(pluginHelperOpts);
-	await codesign.signAsync(appOpts as any);
+	await sign(appOpts);
 }
 
 if (require.main === module) {