Siza desktop app foundation using Electron, React, and TypeScript.
- Node.js 22+
- npm 10+
npm installnpm run dev— run renderer development server (Vite)npm run build— build renderer + Electron main/preload bundlesnpm run electron:dev— build and open Electron appnpm run electron:build— package desktop app with electron-buildernpm run lint— run ESLintnpm run type-check— run TypeScript type checksnpm run test— run unit tests
src/main— Electron main process and preload bridgesrc/renderer— React UIsrc/shared— shared typed contracts used across main/preload/renderer
Distributable builds require platform-specific signing to avoid OS security warnings.
- Obtain an Apple Developer ID Application certificate from the Apple Developer portal.
- Export the certificate as a
.p12file and base64-encode it:base64 -i certificate.p12 | pbcopy - Add the following GitHub Actions secrets to the repository:
CSC_LINK— base64-encoded.p12certificateCSC_KEY_PASSWORD— certificate passwordAPPLE_ID— Apple ID email used for notarizationAPPLE_APP_SPECIFIC_PASSWORD— app-specific password from appleid.apple.comAPPLE_TEAM_ID— 10-character team ID from the Developer portal
- electron-builder reads
CSC_LINKandCSC_KEY_PASSWORDautomatically. Add notarization config topackage.json:Use"afterSign": "scripts/notarize.js"
@electron/notarizeinscripts/notarize.jswithAPPLE_ID,APPLE_APP_SPECIFIC_PASSWORD, andAPPLE_TEAM_ID.
- Obtain a Code Signing EV Certificate from a CA (e.g. DigiCert, Sectigo).
- Export the
.pfxfile and base64-encode it:[Convert]::ToBase64String([IO.File]::ReadAllBytes("cert.pfx")) | Set-Clipboard
- Add GitHub Actions secrets:
CSC_LINK— base64-encoded.pfxCSC_KEY_PASSWORD— certificate password
- electron-builder handles the rest automatically for NSIS targets.
Skip signing for local development by setting:
CSC_IDENTITY_AUTO_DISCOVERY=false npm run electron:buildThis repository ships with baseline workflows for:
- CI quality checks (
lint,type-check,test,build) - CodeQL analysis
- Trivy vulnerability scan
- Secret scanning (TruffleHog)