matrixion/.ci/macos/notarize.sh

102 lines
3.7 KiB
Bash
Raw Normal View History

2021-09-03 21:53:31 +03:00
#!/bin/sh
set -u
# Modified version of script found at:
# https://forum.qt.io/topic/96652/how-to-notarize-qt-application-on-macos/18
# Add Qt binaries to path
2023-06-09 02:51:11 +03:00
PATH="/usr/local/opt/qt@6/bin/:${PATH}"
export PATH
2021-09-03 21:53:31 +03:00
security unlock-keychain -p "${RUNNER_USER_PW}" login.keychain
2022-10-28 01:55:52 +03:00
if [ -n "${CI_PIPELINE_TRIGGERED:-}" ] && [ "${TRIGGERED_BY:-}" = "cirrus" ]; then
echo "cirrus build id: ${TRIGGER_BUILD_ID}"
cat "${TRIGGER_PAYLOAD}"
# download the build artifacts from cirrus api
curl "https://api.cirrus-ci.com/v1/artifact/build/${TRIGGER_BUILD_ID}/binaries.zip" -o binaries.zip
# cirrus ci artifacts task name is 'binaries' so that's the zip name.
unzip binaries.zip
# we zip 'build/nheko.app' in cirrus ci, cirrus itself puts it in a 'build' directory
# so move it to the right place for the rest of the process.
2023-06-19 04:12:50 +03:00
unzip nheko.zip
fi
2021-09-03 21:53:31 +03:00
2023-06-19 04:12:50 +03:00
if [ ! -d "nheko.app" ]; then
echo "nheko.app is missing, you did something wrong!"
exit 1
fi
2021-09-03 21:53:31 +03:00
2021-11-15 19:19:04 +03:00
echo "[INFO] Signing app contents"
2023-06-19 04:12:50 +03:00
find "nheko.app/Contents"|while read -r fname; do
if [ -f "$fname" ]; then
2021-11-15 19:19:04 +03:00
echo "[INFO] Signing $fname"
codesign --force --timestamp --options=runtime --sign "${APPLE_DEV_IDENTITY}" "$fname"
fi
done
2023-06-19 04:12:50 +03:00
codesign --force --timestamp --options=runtime --sign "${APPLE_DEV_IDENTITY}" "nheko.app"
2021-11-15 19:19:04 +03:00
2022-09-25 00:43:06 +03:00
NOTARIZE_SUBMIT_LOG=$(mktemp /tmp/notarize-submit.XXXXXX)
NOTARIZE_STATUS_LOG=$(mktemp /tmp/notarize-status.XXXXXX)
2021-09-03 21:53:31 +03:00
finish() {
2023-06-20 03:12:18 +03:00
rm "$NOTARIZE_SUBMIT_LOG" "$NOTARIZE_STATUS_LOG"
2021-09-03 21:53:31 +03:00
}
trap finish EXIT
dmgbuild -s .ci/macos/settings.json "Nheko" nheko.dmg
codesign -s "${APPLE_DEV_IDENTITY}" nheko.dmg
2021-09-03 21:53:31 +03:00
user=$(id -nu)
chown "${user}" nheko.dmg
echo "--> Start Notarization process"
# OLD altool usage: xcrun altool -t osx -f nheko.dmg --primary-bundle-id "io.github.nheko-reborn.nheko" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_SUBMIT_LOG" 2>&1
xcrun notarytool submit nheko.dmg --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_SUBMIT_LOG" 2>&1
2022-09-25 04:30:27 +03:00
# OLD altool usage: requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG")"
2022-09-25 05:16:18 +03:00
requestUUID="$(awk -F ': ' '/id/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)"
2021-09-03 21:53:31 +03:00
if [ -z "${requestUUID}" ]; then
echo "Something went wrong when submitting the request... we don't have a UUID"
exit 1
2022-09-26 02:16:23 +03:00
else
echo "Received requestUUID: \"${requestUUID}\""
fi
2021-09-03 21:53:31 +03:00
while sleep 60 && date; do
echo "--> Checking notarization status for \"${requestUUID}\""
2021-09-03 21:53:31 +03:00
# OLD altool usage: xcrun altool --notarization-info "${requestUUID}" -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_STATUS_LOG" 2>&1
xcrun notarytool info "${requestUUID}" --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_STATUS_LOG" 2>&1
2021-09-03 21:53:31 +03:00
sub_status="$(awk -F ': ' '/status/ {print $2}' "$NOTARIZE_STATUS_LOG")"
#isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG")
#isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG")
2021-09-03 21:53:31 +03:00
echo "Status for submission \"${requestUUID}\": \"${sub_status}\""
2022-09-25 05:46:53 +03:00
if [ "${sub_status}" = "Accepted" ]; then
2021-09-03 21:53:31 +03:00
echo "Notarization done!"
xcrun stapler staple -v nheko.dmg
echo "Stapler done!"
break
fi
if [ "${sub_status}" = "Invalid" ] || [ "${sub_status}" = "Rejected" ]; then
2021-09-03 21:53:31 +03:00
echo "Notarization failed"
xcrun notarytool log "${requestUUID}" --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_STATUS_LOG" 2>&1
2021-09-03 21:53:31 +03:00
cat "$NOTARIZE_STATUS_LOG" 1>&2
2021-11-15 19:19:04 +03:00
exit 1
2021-09-03 21:53:31 +03:00
fi
echo "Notarization not finished yet, sleep 1m then check again..."
done
VERSION=${CI_COMMIT_SHORT_SHA}
if [ -n "$VERSION" ]; then
mv nheko.dmg "nheko-${VERSION}-${PLAT}.dmg"
mkdir -p artifacts
cp "nheko-${VERSION}-${PLAT}.dmg" artifacts/
2023-06-09 02:51:11 +03:00
fi