blob: 1e1b20499f233f0c62c693b0399d60097409d4b5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
#!/bin/sh
set -u
# Modified version of script found at:
# https://forum.qt.io/topic/96652/how-to-notarize-qt-application-on-macos/18
# Add Qt binaries to path
PATH="/usr/local/opt/qt@5/bin/:${PATH}"
security unlock-keychain -p "${RUNNER_USER_PW}" login.keychain
( cd build || exit
# macdeployqt does not copy symlinks over.
# this specifically addresses icu4c issues but nothing else.
# We might not even need this any longer...
# ICU_LIB="$(brew --prefix icu4c)/lib"
# export ICU_LIB
# mkdir -p nheko.app/Contents/Frameworks
# find "${ICU_LIB}" -type l -name "*.dylib" -exec cp -a -n {} nheko.app/Contents/Frameworks/ \; || true
#macdeployqt nheko.app -dmg -always-overwrite -qmldir=../resources/qml/ -sign-for-notarization="${APPLE_DEV_IDENTITY}"
macdeployqt nheko.app -always-overwrite -qmldir=../resources/qml/
# user=$(id -nu)
# chown "${user}" nheko.dmg
)
echo "[INFO] Signing app contents"
find "build/nheko.app/Contents"|while read fname; do
if [[ -f $fname ]]; then
echo "[INFO] Signing $fname"
codesign --force --timestamp --options=runtime --sign "${APPLE_DEV_IDENTITY}" "$fname"
fi
done
codesign --force --timestamp --options=runtime --sign "${APPLE_DEV_IDENTITY}" "build/nheko.app"
NOTARIZE_SUBMIT_LOG=$(mktemp /tmp/notarize-submit.XXXXXX)
NOTARIZE_STATUS_LOG=$(mktemp /tmp/notarize-status.XXXXXX)
finish() {
rm "$NOTARIZE_SUBMIT_LOG" "$NOTARIZE_STATUS_LOG"
}
trap finish EXIT
dmgbuild -s .ci/macos/settings.json "Nheko" nheko.dmg
codesign -s "${APPLE_DEV_IDENTITY}" nheko.dmg
user=$(id -nu)
chown "${user}" nheko.dmg
echo "--> Start Notarization process"
xcrun altool -t osx -f nheko.dmg --primary-bundle-id "io.github.nheko-reborn.nheko" --notarize-app -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_SUBMIT_LOG" 2>&1
requestUUID="$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_SUBMIT_LOG")"
while sleep 60 && date; do
echo "--> Checking notarization status for ${requestUUID}"
xcrun altool --notarization-info "${requestUUID}" -u "${APPLE_DEV_USER}" -p "${APPLE_DEV_PASS}" > "$NOTARIZE_STATUS_LOG" 2>&1
isSuccess=$(grep "success" "$NOTARIZE_STATUS_LOG")
isFailure=$(grep "invalid" "$NOTARIZE_STATUS_LOG")
if [ -n "${isSuccess}" ]; then
echo "Notarization done!"
xcrun stapler staple -v nheko.dmg
echo "Stapler done!"
break
fi
if [ -n "${isFailure}" ]; then
echo "Notarization failed"
cat "$NOTARIZE_STATUS_LOG" 1>&2
exit 1
fi
echo "Notarization not finished yet, sleep 1m then check again..."
done
VERSION=${CI_COMMIT_SHORT_SHA}
if [ -n "$VERSION" ]; then
mv nheko.dmg "nheko-${VERSION}.dmg"
mkdir artifacts
cp "nheko-${VERSION}.dmg" artifacts/
fi
|
