diff --git a/.ci/macos/notarize.sh b/.ci/macos/notarize.sh
new file mode 100755
index 0000000000000000000000000000000000000000..ca8646be51e4c6d32d105b718f92ccbbc383dbf2
--- /dev/null
+++ b/.ci/macos/notarize.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+set -u
+
+# Modified version of script found at:
+# https://forum.qt.io/topic/96652/how-to-notarize-qt-application-on-macos/18
+
+# Add Qt binaries to path
+PATH="/usr/local/opt/qt@5/bin/:${PATH}"
+
+security unlock-keychain -p "${RUNNER_USER_PW}" login.keychain
+
+( cd build || exit
+ # macdeployqt does not copy symlinks over.
+ # this specifically addresses icu4c issues but nothing else.
+ # We might not even need this any longer...
+ # ICU_LIB="$(brew --prefix icu4c)/lib"
+ # export ICU_LIB
+ # mkdir -p nheko.app/Contents/Frameworks
+ # find "${ICU_LIB}" -type l -name "*.dylib" -exec cp -a -n {} nheko.app/Contents/Frameworks/ \; || true
+
+ macdeployqt nheko.app -dmg -always-overwrite -qmldir=../resources/qml/ -sign-for-notarization="${APPLE_DEV_IDENTITY}"
+
+ user=$(id -nu)
+ chown "${user}" nheko.dmg
+)
+
+NOTARIZE_SUBMIT_LOG=$(mktemp -t notarize-submit)
+NOTARIZE_STATUS_LOG=$(mktemp -t notarize-status)
+
+finish() {
+ rm "$NOTARIZE_SUBMIT_LOG" "$NOTARIZE_STATUS_LOG"
+}
+trap finish EXIT
+
+dmgbuild -s .ci/macos/settings.json "Nheko" nheko.dmg
+codesign -s "${APPLE_DEV_IDENTITY}" nheko.dmg
+user=$(id -nu)
+chown "${user}" nheko.dmg
+
+echo "--> Start Notarization process"
+xcrun altool -t osx -f nheko.dmg --primary-bundle-id "io.github.nheko-reborn.nheko" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_SUBMIT_LOG" 2>&1
+requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG")"
+
+while sleep 60 && date; do
+ echo "--> Checking notarization status for ${requestUUID}"
+
+ xcrun altool --notarization-info "${requestUUID}" -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_STATUS_LOG" 2>&1
+
+ isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG")
+ isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG")
+
+ if [ -n "${isSuccess}" ]; then
+ echo "Notarization done!"
+ xcrun stapler staple -v nheko.dmg
+ echo "Stapler done!"
+ break
+ fi
+ if [ -n "${isFailure}" ]; then
+ echo "Notarization failed"
+ cat "$NOTARIZE_STATUS_LOG" 1>&2
+ return 1
+ fi
+ echo "Notarization not finished yet, sleep 1m then check again..."
+done
+
+VERSION=${CI_COMMIT_SHORT_SHA}
+
+if [ -n "$VERSION" ]; then
+ mv nheko.dmg "nheko-${VERSION}.dmg"
+ mkdir artifacts
+ cp "nheko-${VERSION}.dmg" artifacts/
+fi
\ No newline at end of file
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cea6be7b5ee3e6cb009f5a3feb6763551cc0e8c2..e82e72d6c28d07fcc9abed3e7ad81bab45befa72 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -55,7 +55,6 @@ build-macos:
#- brew update
#- brew reinstall --force python3
#- brew bundle --file=./.ci/macos/Brewfile --force --cleanup
- - pip3 install dmgbuild
- rm -rf ../.hunter && mv .hunter ../.hunter || true
script:
- export PATH=/usr/local/opt/qt@5/bin/:${PATH}
@@ -72,19 +71,40 @@ build-macos:
- cmake --build build
after_script:
- mv ../.hunter .hunter
- - ./.ci/macos/deploy.sh
- - ./.ci/upload-nightly-gitlab.sh artifacts/nheko-${CI_COMMIT_SHORT_SHA}.dmg
artifacts:
paths:
- - artifacts/nheko-${CI_COMMIT_SHORT_SHA}.dmg
- name: nheko-${CI_COMMIT_SHORT_SHA}-macos
- expose_as: 'macos-dmg'
+ - build/nheko.app
+ name: nheko-${CI_COMMIT_SHORT_SHA}-macos-app
+ expose_as: 'macos-app'
+ public: false
cache:
key: "${CI_JOB_NAME}"
paths:
- .hunter/
- "${CCACHE_DIR}"
+codesign-macos:
+ stage: deploy
+ tags: [macos]
+ before_script:
+ - pip3 install dmgbuild
+ script:
+ - export PATH=/usr/local/opt/qt@5/bin/:${PATH}
+ - ./.ci/macos/notarize.sh
+ after_script:
+ - ./.ci/upload-nightly-gitlab.sh artifacts/nheko-${CI_COMMIT_SHORT_SHA}.dmg
+ needs:
+ - build-macos
+ rules:
+ - if: '$CI_COMMIT_BRANCH == "master"'
+ - if : $CI_COMMIT_TAG
+ artifacts:
+ paths:
+ - artifacts/nheko-${CI_COMMIT_SHORT_SHA}.dmg
+ name: nheko-${CI_COMMIT_SHORT_SHA}-macos
+ expose_as: 'macos-dmg'
+
+
build-flatpak-amd64:
stage: build
image: ubuntu:latest