Skip to content
Snippets Groups Projects 3.76 KiB
Newer Older
Joe Donofry's avatar
Joe Donofry committed

set -u

# Modified version of script found at:

# Add Qt binaries to path
export QTPATH=(${PATH}/Qt/6.*/macos/bin)
Joe Donofry's avatar
Joe Donofry committed
pipx ensurepath
Joe Donofry's avatar
Joe Donofry committed
. ~/.zshrc
export PATH=${QTPATH}:${PATH}
Joe Donofry's avatar
Joe Donofry committed

security unlock-keychain -p "${RUNNER_USER_PW}" login.keychain

Joe Donofry's avatar
Joe Donofry committed
if [ -n "${CI_PIPELINE_TRIGGERED:-}" ] && [ "${TRIGGERED_BY:-}" = "cirrus" ]; then
  echo "cirrus build id: ${TRIGGER_BUILD_ID}"
  # download the build artifacts from cirrus api
  curl "${TRIGGER_BUILD_ID}/" -o
  # cirrus ci artifacts task name is 'binaries' so that's the zip name.
  # we zip 'build/' in cirrus ci, cirrus itself puts it in a 'build' directory
  # so move it to the right place for the rest of the process.
Joe Donofry's avatar
Joe Donofry committed

if [ ! -d "" ]; then
  echo " is missing, you did something wrong!"
  exit 1
Joe Donofry's avatar
Joe Donofry committed

echo "[INFO] Signing app contents"
find ""|while read -r fname; do
    if [ -f "$fname" ]; then
        echo "[INFO] Signing $fname"
        codesign --force --timestamp --options=runtime --sign "${APPLE_DEV_IDENTITY}" "$fname"

codesign --force --timestamp --options=runtime --sign "${APPLE_DEV_IDENTITY}" ""
NOTARIZE_SUBMIT_LOG=$(mktemp /tmp/notarize-submit.XXXXXX)
NOTARIZE_STATUS_LOG=$(mktemp /tmp/notarize-status.XXXXXX)
Joe Donofry's avatar
Joe Donofry committed

finish() {
Nicolas Werner's avatar
Nicolas Werner committed
Joe Donofry's avatar
Joe Donofry committed
trap finish EXIT

dmgbuild -s .ci/macos/settings.json "Nheko" nheko.dmg
codesign -s "${APPLE_DEV_IDENTITY}" nheko.dmg
Joe Donofry's avatar
Joe Donofry committed
user=$(id -nu)
chown "${user}" nheko.dmg

echo "--> Start Notarization process"
# OLD altool usage: xcrun altool -t osx -f nheko.dmg --primary-bundle-id "io.github.nheko-reborn.nheko" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_SUBMIT_LOG" 2>&1
xcrun notarytool submit nheko.dmg --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_SUBMIT_LOG" 2>&1
Joe Donofry's avatar
Joe Donofry committed
# OLD altool usage: requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG")"
requestUUID="$(awk -F ': ' '/id/ {print $2}' "$NOTARIZE_SUBMIT_LOG" | head -1)"
Joe Donofry's avatar
Joe Donofry committed

if [ -z "${requestUUID}" ]; then
  echo "Something went wrong when submitting the request... we don't have a UUID"
  exit 1
  echo "Received requestUUID: \"${requestUUID}\""
Joe Donofry's avatar
Joe Donofry committed
while sleep 60 && date; do
  echo "--> Checking notarization status for \"${requestUUID}\""
Joe Donofry's avatar
Joe Donofry committed

  # OLD altool usage: xcrun altool --notarization-info "${requestUUID}" -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_STATUS_LOG" 2>&1
  xcrun notarytool info "${requestUUID}" --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_STATUS_LOG" 2>&1
Joe Donofry's avatar
Joe Donofry committed

  sub_status="$(awk -F ': ' '/status/ {print $2}' "$NOTARIZE_STATUS_LOG")"
  #isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG")
  #isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG")
Joe Donofry's avatar
Joe Donofry committed

  echo "Status for submission \"${requestUUID}\": \"${sub_status}\""
Joe Donofry's avatar
Joe Donofry committed
  if [ "${sub_status}" = "Accepted" ]; then
Joe Donofry's avatar
Joe Donofry committed
      echo "Notarization done!"
      xcrun stapler staple -v nheko.dmg
      echo "Stapler done!"
  if [ "${sub_status}" = "Invalid" ] || [ "${sub_status}" = "Rejected" ]; then
Joe Donofry's avatar
Joe Donofry committed
      echo "Notarization failed"
      xcrun notarytool log "${requestUUID}" --apple-id "${APPLE_DEV_USER}" --password "${APPLE_DEV_PASS}" --team-id "${APPLE_TEAM_ID}" > "$NOTARIZE_STATUS_LOG" 2>&1
Joe Donofry's avatar
Joe Donofry committed
      cat "$NOTARIZE_STATUS_LOG" 1>&2
      exit 1
Joe Donofry's avatar
Joe Donofry committed
  echo "Notarization not finished yet, sleep 1m then check again..."


if [ -n "$VERSION" ]; then
    mv nheko.dmg "nheko-${VERSION}-${PLAT}.dmg"
    mkdir -p artifacts
    cp "nheko-${VERSION}-${PLAT}.dmg" artifacts/