-
Notifications
You must be signed in to change notification settings - Fork 127
/
release
executable file
·162 lines (116 loc) · 3.43 KB
/
release
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#!/bin/bash
# Exit on error
trap 'exit' ERR
# Colours
reset=$(tput sgr0)
bold=$(tput bold)
blue=$(tput setaf 4)
app='Phoenix'
sign_update="$PWD/Pods/Sparkle/bin/sign_update"
# Unset arguments
unset code_sign_identity
unset output_directory
# Helpers
help() {
echo >&2 "\
${bold}Usage:${reset} $(basename $0) -s code-sign-identity -o output-directory
notarytool will use a Keychain profile with the name “NOTARISATION_PASSWORD” for authentication.
Use “xcrun notarytool store-credentials” to store the credentials.
Arguments:
-s code-sign-identity used to sign the app
-o output-directory where the app archive is created"
}
missing_argument() {
echo >&2 "Option -$1 requires an argument."
}
non_existent_path() {
echo >&2 "Path “$1” does not exist."
}
describe() {
echo -e "\n${bold}${blue}${1}${reset}\n"
}
get_property() {
/usr/libexec/PlistBuddy -c "Print $1" "$2"
}
get_build_setting() {
xcodebuild -showBuildSettings | grep "$1" | tr -d "$1 = "
}
# Parse arguments
while getopts 'u:s:d:o:' opt; do
case $opt in
s) code_sign_identity=$OPTARG;;
o) output_directory=$OPTARG;;
:)
missing_argument $OPTARG
exit 1
;;
?)
help
exit 1
;;
esac
done
# Invalid arguments
if [ ! "$code_sign_identity" ] || [ ! "$output_directory" ]; then
help
exit 1
fi
# Verify paths
if [ ! -d "$output_directory" ]; then
non_existent_path "$output_directory"
exit 1
fi
# Build app
build_directory="$PWD/build"
version=$(get_build_setting 'MARKETING_VERSION')
build_number=$(get_build_setting 'CURRENT_PROJECT_VERSION')
notarisation_archive="phoenix-$version.zip"
archive="phoenix-$version.tar.gz"
if [ -f "$output_directory/$archive" ]; then
echo "Archive “"$archive"” already exists. Exiting..."
exit 1
fi
describe "Building $app..."
rm -rf $build_directory
xcodebuild -workspace $app.xcworkspace \
-scheme $app \
-configuration Release \
-archivePath "$build_directory/$app.xcarchive" \
CODE_SIGN_IDENTITY="$code_sign_identity" \
clean archive
xcodebuild -archivePath "$build_directory/$app.xcarchive" \
-exportArchive \
-exportPath $build_directory \
-exportOptionsPlist export.plist
# Verify app
describe 'Verifying signed app...'
cd $build_directory
codesign --verbose=4 --verify $app.app
spctl --verbose=4 --assess --type execute $app.app
# Notarise app
describe 'Notarising app...'
echo 'Creating archive for notarisation...'
ditto -c -k --keepParent $app.app $notarisation_archive
echo 'Uploading archive to notarisation service...'
xcrun notarytool submit --wait --keychain-profile 'NOTARISATION_PASSWORD' $notarisation_archive
# Staple app
describe 'Stapling app...'
xcrun stapler staple $app.app
# Archive app
describe 'Archiving app...'
tar czf "$output_directory/$archive" $app.app
echo "Archived to “"$output_directory/$archive"”."
cd $output_directory
# Create EdDSA-signature
describe 'Creating EdDSA-signature for archive...'
eddsa_signature=$($sign_update $archive | perl -ne '/sparkle:edSignature="(.+)" / && print $1')
echo "EdDSA: $eddsa_signature"
# Collect information
describe 'Collecting release information...'
echo "Date: $(LANG=en date '+%a, %d %b %Y %T %z')"
echo "Version: $version ($build_number)"
echo "Archive: $archive"
echo "Size: $(stat -f '%z' $archive)"
echo "SHA-256: $(shasum -a 256 $archive)"
echo "EdDSA signature: $eddsa_signature"
describe 'Done.'