damoahdominic · asieduernest12 · Mar 31, 2026 · Mar 30, 2026 · Mar 31, 2026 · Mar 31, 2026
diff --git a/.github/workflows/build-macos.yml b/.github/workflows/build-macos.yml
@@ -10,7 +10,44 @@ on:
 
 jobs:
   build-macos:
-    runs-on: macos-latest
+    # Available runners as of March 2026:
+    #   Retired: macos-11 (2024), macos-12 (Jan 2025), macos-13 (Dec 2025)
+    #   Active:  macos-14 (arm64), macos-15 (arm64), macos-26 (arm64, GA Feb 2026)
+    #            macos-15-intel / macos-26-intel for x64 (replaces retired macos-13)
+    # macos-14 deprecation begins July 2026 — remove that entry then.
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # x64 (Intel) builds — macos-13 retired; use -intel variants
+          - runner: macos-15-intel
+            arch: x64
+            make_target: build-macos-x64
+            vscode_arch: x64
+            output_dir: VSCode-darwin-x64
+          - runner: macos-26-intel
+            arch: x64
+            make_target: build-macos-x64
+            vscode_arch: x64
+            output_dir: VSCode-darwin-x64
+          # arm64 (Apple Silicon) builds
+          - runner: macos-14
+            arch: arm64
+            make_target: build-macos-arm64
+            vscode_arch: arm64
+            output_dir: VSCode-darwin-arm64
+          - runner: macos-15
+            arch: arm64
+            make_target: build-macos-arm64
+            vscode_arch: arm64
+            output_dir: VSCode-darwin-arm64
+          - runner: macos-26
+            arch: arm64
+            make_target: build-macos-arm64
+            vscode_arch: arm64
+            output_dir: VSCode-darwin-arm64
+
+    runs-on: ${{ matrix.runner }}
     timeout-minutes: 120
     permissions:
       contents: write
@@ -43,8 +80,8 @@ jobs:
             console.log('Stamped version =>', tag, 'commit =>', sha);
           "
 
-      - name: Build macOS (arm64)
-        run: make build-macos-arm64
+      - name: Build macOS (${{ matrix.arch }})
+        run: make ${{ matrix.make_target }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NODE_OPTIONS: --max-old-space-size=7168
@@ -70,18 +107,16 @@ jobs:
       - name: Sign app
         env:
           CODESIGN_IDENTITY: "Developer ID Application: HITL, Inc (SQZ9VHYXJ3)"
-          # gulp outputs to path.dirname(root) = $GITHUB_WORKSPACE/apps/VSCode-darwin-arm64
           AGENT_BUILDDIRECTORY: ${{ github.workspace }}/apps
           AGENT_TEMPDIRECTORY: ${{ runner.temp }}
-          VSCODE_ARCH: arm64
+          VSCODE_ARCH: ${{ matrix.vscode_arch }}
         working-directory: apps/editor
         run: node build/darwin/sign.js "$GITHUB_WORKSPACE/apps"
 
       - name: Zip signed app
         run: |
-          APP_DIR="$GITHUB_WORKSPACE/apps/VSCode-darwin-arm64"
-          cd "$APP_DIR"
-          zip -Xry "$RUNNER_TEMP/OCcode-darwin-arm64-${GITHUB_REF_NAME}.zip" "OCcode.app"
+          cd "$GITHUB_WORKSPACE/apps/${{ matrix.output_dir }}"
+          zip -Xry "$RUNNER_TEMP/OCcode-${{ matrix.output_dir }}-${GITHUB_REF_NAME}.zip" "OCcode.app"
 
       - name: Notarize
         env:
@@ -91,11 +126,10 @@ jobs:
           APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
           APPLE_API_KEY_P8: ${{ secrets.APPLE_API_KEY_P8 }}
         run: |
-          # Write the .p8 key file
           mkdir -p ~/.appstoreconnect/private_keys
           echo "$APPLE_API_KEY_P8" > ~/.appstoreconnect/private_keys/AuthKey_${APPLE_API_KEY_ID}.p8
 
-          xcrun notarytool submit "$RUNNER_TEMP/OCcode-darwin-arm64-${GITHUB_REF_NAME}.zip" \
+          xcrun notarytool submit "$RUNNER_TEMP/OCcode-${{ matrix.output_dir }}-${GITHUB_REF_NAME}.zip" \
             --key ~/.appstoreconnect/private_keys/AuthKey_${APPLE_API_KEY_ID}.p8 \
             --key-id "$APPLE_API_KEY_ID" \
             --issuer "$APPLE_API_KEY_ISSUER" \
@@ -104,152 +138,31 @@ jobs:
 
       - name: Staple notarization ticket
         run: |
-          xcrun stapler staple "$GITHUB_WORKSPACE/apps/VSCode-darwin-arm64/OCcode.app"
+          xcrun stapler staple "$GITHUB_WORKSPACE/apps/${{ matrix.output_dir }}/OCcode.app"
 
       - name: Re-zip stapled app
         run: |
-          cd "$GITHUB_WORKSPACE/apps/VSCode-darwin-arm64"
-          zip -Xry "$RUNNER_TEMP/OCcode-darwin-arm64-${GITHUB_REF_NAME}-signed.zip" "OCcode.app"
+          cd "$GITHUB_WORKSPACE/apps/${{ matrix.output_dir }}"
+          zip -Xry "$RUNNER_TEMP/OCcode-${{ matrix.output_dir }}-${GITHUB_REF_NAME}-signed.zip" "OCcode.app"
 
       - name: Verify signature
         run: |
-          codesign -dv --deep --verbose=4 "$GITHUB_WORKSPACE/apps/VSCode-darwin-arm64/OCcode.app" 2>&1
-          spctl -a -vvv -t install "$GITHUB_WORKSPACE/apps/VSCode-darwin-arm64/OCcode.app" 2>&1
+          codesign -dv --deep --verbose=4 "$GITHUB_WORKSPACE/apps/${{ matrix.output_dir }}/OCcode.app" 2>&1
+          spctl -a -vvv -t install "$GITHUB_WORKSPACE/apps/${{ matrix.output_dir }}/OCcode.app" 2>&1
 
       - name: Upload signed app artifact
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         continue-on-error: true
         with:
-          name: OCcode-darwin-arm64-${{ github.ref_name }}-signed
-          path: ${{ runner.temp }}/OCcode-darwin-arm64-${{ github.ref_name }}-signed.zip
+          name: OCcode-${{ matrix.output_dir }}-${{ matrix.runner }}-${{ github.ref_name }}-signed
+          path: ${{ runner.temp }}/OCcode-${{ matrix.output_dir }}-${{ github.ref_name }}-signed.zip
           retention-days: 30
 
       - name: Create GitHub Release (on tag)
         if: startsWith(github.ref, 'refs/tags/')
         uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
         with:
-          files: ${{ runner.temp }}/OCcode-darwin-arm64-${{ github.ref_name }}-signed.zip
-          name: OCcode ${{ github.ref_name }}
-          draft: false
-          prerelease: false
-
-  build-macos-x64:
-    runs-on: macos-13        # last Intel-based GitHub Actions runner
-    timeout-minutes: 120
-    permissions:
-      contents: write
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
-        with:
-          submodules: recursive
-
-      - name: Setup Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
-        with:
-          node-version: '20.18.2'
-
-      - name: Stamp release version in product.json
-        if: startsWith(github.ref, 'refs/tags/')
-        working-directory: apps/editor
-        run: |
-          node -e "
-            const fs = require('fs');
-            const p = JSON.parse(fs.readFileSync('product.json', 'utf8'));
-            const tag = process.env.GITHUB_REF_NAME;
-            const sha = process.env.GITHUB_SHA ? process.env.GITHUB_SHA.slice(0, 7) : tag;
-            p.occRelease = tag;
-            p.voidVersion = tag;
-            p.commit = sha;
-            p.date = new Date().toISOString();
-            fs.writeFileSync('product.json', JSON.stringify(p, null, '\t'));
-            console.log('Stamped version =>', tag, 'commit =>', sha);
-          "
-
-      - name: Build macOS (x64)
-        run: make build-macos-x64
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NODE_OPTIONS: --max-old-space-size=7168
-
-      - name: Import certificate to keychain
-        env:
-          P12_BASE64: ${{ secrets.APPLE_CERTIFICATE_P12_BASE64 }}
-          P12_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
-        run: |
-          KEYCHAIN_PATH=$RUNNER_TEMP/buildagent.keychain
-          CERT_PATH=$RUNNER_TEMP/developer-id.p12
-
-          echo "$P12_BASE64" | base64 --decode -o "$CERT_PATH"
-
-          security create-keychain -p "keychain-password" "$KEYCHAIN_PATH"
-          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
-          security unlock-keychain -p "keychain-password" "$KEYCHAIN_PATH"
-          security import "$CERT_PATH" -k "$KEYCHAIN_PATH" -P "$P12_PASSWORD" -T /usr/bin/codesign
-          security list-keychain -d user -s "$KEYCHAIN_PATH"
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "keychain-password" "$KEYCHAIN_PATH"
-
-      - name: Sign app
-        env:
-          CODESIGN_IDENTITY: "Developer ID Application: HITL, Inc (SQZ9VHYXJ3)"
-          AGENT_BUILDDIRECTORY: ${{ github.workspace }}/apps
-          AGENT_TEMPDIRECTORY: ${{ runner.temp }}
-          VSCODE_ARCH: x64
-        working-directory: apps/editor
-        run: node build/darwin/sign.js "$GITHUB_WORKSPACE/apps"
-
-      - name: Zip signed app
-        run: |
-          APP_DIR="$GITHUB_WORKSPACE/apps/VSCode-darwin-x64"
-          cd "$APP_DIR"
-          zip -Xry "$RUNNER_TEMP/OCcode-darwin-x64-${GITHUB_REF_NAME}.zip" "OCcode.app"
-
-      - name: Notarize
-        env:
-          APPLE_ID: ${{ secrets.APPLE_ID }}
-          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
-          APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
-          APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
-          APPLE_API_KEY_P8: ${{ secrets.APPLE_API_KEY_P8 }}
-        run: |
-          mkdir -p ~/.appstoreconnect/private_keys
-          echo "$APPLE_API_KEY_P8" > ~/.appstoreconnect/private_keys/AuthKey_${APPLE_API_KEY_ID}.p8
-
-          xcrun notarytool submit "$RUNNER_TEMP/OCcode-darwin-x64-${GITHUB_REF_NAME}.zip" \
-            --key ~/.appstoreconnect/private_keys/AuthKey_${APPLE_API_KEY_ID}.p8 \
-            --key-id "$APPLE_API_KEY_ID" \
-            --issuer "$APPLE_API_KEY_ISSUER" \
-            --wait \
-            --timeout 30m
-
-      - name: Staple notarization ticket
-        run: |
-          xcrun stapler staple "$GITHUB_WORKSPACE/apps/VSCode-darwin-x64/OCcode.app"
-
-      - name: Re-zip stapled app
-        run: |
-          cd "$GITHUB_WORKSPACE/apps/VSCode-darwin-x64"
-          zip -Xry "$RUNNER_TEMP/OCcode-darwin-x64-${GITHUB_REF_NAME}-signed.zip" "OCcode.app"
-
-      - name: Verify signature
-        run: |
-          codesign -dv --deep --verbose=4 "$GITHUB_WORKSPACE/apps/VSCode-darwin-x64/OCcode.app" 2>&1
-          spctl -a -vvv -t install "$GITHUB_WORKSPACE/apps/VSCode-darwin-x64/OCcode.app" 2>&1
-
-      - name: Upload signed app artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
-        continue-on-error: true
-        with:
-          name: OCcode-darwin-x64-${{ github.ref_name }}-signed
-          path: ${{ runner.temp }}/OCcode-darwin-x64-${{ github.ref_name }}-signed.zip
-          retention-days: 30
-
-      - name: Create GitHub Release (on tag)
-        if: startsWith(github.ref, 'refs/tags/')
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
-        with:
-          files: ${{ runner.temp }}/OCcode-darwin-x64-${{ github.ref_name }}-signed.zip
+          files: ${{ runner.temp }}/OCcode-${{ matrix.output_dir }}-${{ github.ref_name }}-signed.zip
           name: OCcode ${{ github.ref_name }}
           draft: false
           prerelease: false

diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,8 @@
 node_modules/
 out/
 dist/
+apps/editor/extensions/**/out/
+apps/editor/extensions/**/package-lock.json
 *.vsix
 .DS_Store
 apps/editor/.build/

diff --git a/.versionrc.json b/.versionrc.json
@@ -0,0 +1,12 @@
+{
+	"bumpFiles": [
+		{
+			"filename": "version.txt",
+			"type": "plain-text"
+		},
+		{
+			"filename": "package.json",
+			"type": "json"
+		}
+	]
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [3.2.42](https://github.com/damoahdominic/occ/compare/v3.2.40...v3.2.42) (2026-03-31)
+
+## [3.2.41](https://github.com/damoahdominic/occ/compare/v3.2.40...v3.2.41) (2026-03-31)
+
+## [3.2.40](https://github.com/damoahdominic/occ/compare/v3.2.39...v3.2.40) (2026-03-31)
+
+## [3.2.38](https://github.com/damoahdominic/occ/compare/v3.2.39...v3.2.38) (2026-03-31)
+
+## [3.2.39](https://github.com/damoahdominic/occ/compare/v3.2.38...v3.2.39) (2026-03-31)
+
+## [3.2.37](https://github.com/damoahdominic/occ/compare/v3.2.38...v3.2.37) (2026-03-31)
+
+## [3.2.37](https://github.com/damoahdominic/occ/compare/v3.2.38...v3.2.37) (2026-03-31)
+
 ## [3.2.38](https://github.com/damoahdominic/occ/compare/v3.2.37...v3.2.38) (2026-03-30)
 
 ## [3.2.37](https://github.com/damoahdominic/occ/compare/v3.2.36...v3.2.37) (2026-03-30)

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,12 @@
-# Use Node.js LTS as base image
-FROM node:18-alpine
+# Use Node.js 20 LTS as base image
+FROM node:20-alpine
+
+# Install build dependencies and Python for native modules
+RUN apk add --no-cache \
+    python3 \
+    make \
+    g++ \
+    gcc
 
 # Set working directory
 WORKDIR /app