If your application is open source and it's going to be on GitHub or something, you'll want to make sure to ignore the certificate files in your source control. My certificate files are in the build assets folder and that is being ignored by electron builder, so they're not included in the build. One important security note here is that we don't want our certificates to be available to any third parties and we don't want it included in our application bundle.
Then over here, in bash, we're going to add execute permissions to the bash script that we just create. What this does is this tells electron builder to fail the build if code signing failed or is invalid for whatever reason. Before we try it out, another thing we want to add to our electron builder configuration here, force code signing, true.
Then we'll call our MPM scripts that actually calls the electron builder. Electron builder needs to know that password to be able to sign. Then, when I exported this P12 file, I had to set a password for it. I'm going to pass the folder recurrently and build assets and then mac certs. We're going to call this the root of our project. We're going to pass to the current working directory. We're going to use export to set the environment variable. Here we're going to set some global environment variables that electron builder will look at and use to select the certificate for code signing. The first thing we're going to do is create a bash script here.
