-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrelease.sh
More file actions
executable file
·127 lines (110 loc) · 3.4 KB
/
release.sh
File metadata and controls
executable file
·127 lines (110 loc) · 3.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/bin/bash
set -euo pipefail
SCHEME="Hush"
PROJECT_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
BUILD_DIR="${PROJECT_ROOT}/build"
ARCHIVE_PATH="${BUILD_DIR}/${SCHEME}.xcarchive"
EXPORT_DIR="${BUILD_DIR}/export"
EXPORT_OPTIONS="${BUILD_DIR}/ExportOptions.plist"
GREEN='\033[0;32m'
RED='\033[0;31m'
BOLD='\033[1m'
NC='\033[0m'
info() { echo -e "${BOLD}$1${NC}"; }
ok() { echo -e " ${GREEN}$1${NC}"; }
die() { echo -e " ${RED}$1${NC}"; exit 1; }
# preflight
[[ -z "${TEAM_ID:-}" ]] && die "TEAM_ID not set"
[[ -z "${APPLE_ID:-}" ]] && die "APPLE_ID not set"
[[ -z "${APP_PASSWORD:-}" ]] && die "APP_PASSWORD not set (app-specific password)"
command -v xcodegen >/dev/null 2>&1 || die "xcodegen not found"
command -v create-dmg >/dev/null 2>&1 || die "create-dmg not found (brew install create-dmg)"
VERSION=$(grep 'MARKETING_VERSION' "${PROJECT_ROOT}/project.yml" | head -1 | sed 's/.*"\(.*\)"/\1/')
[[ -z "${VERSION}" ]] && die "Could not read MARKETING_VERSION from project.yml"
APP_PATH="${EXPORT_DIR}/${SCHEME}.app"
DMG_PATH="${BUILD_DIR}/${SCHEME}-${VERSION}.dmg"
info "Building ${SCHEME} ${VERSION} (team ${TEAM_ID})"
# clean
rm -rf "${BUILD_DIR}"
mkdir -p "${BUILD_DIR}"
# generate project
cd "${PROJECT_ROOT}"
xcodegen generate
ok "project generated"
# archive
info "Archiving..."
xcodebuild archive \
-project "${SCHEME}.xcodeproj" \
-scheme "${SCHEME}" \
-configuration Release \
-archivePath "${ARCHIVE_PATH}" \
DEVELOPMENT_TEAM="${TEAM_ID}" \
CODE_SIGN_IDENTITY="Developer ID Application" \
OTHER_CODE_SIGN_FLAGS="--timestamp" \
ENABLE_HARDENED_RUNTIME=YES \
| tail -1
ok "archived"
# export
cat > "${EXPORT_OPTIONS}" <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>method</key>
<string>developer-id</string>
<key>teamID</key>
<string>${TEAM_ID}</string>
</dict>
</plist>
EOF
info "Exporting..."
xcodebuild -exportArchive \
-archivePath "${ARCHIVE_PATH}" \
-exportPath "${EXPORT_DIR}" \
-exportOptionsPlist "${EXPORT_OPTIONS}" \
| tail -1
ok "exported"
rm -f "${EXPORT_OPTIONS}"
# verify signature
codesign --verify --deep --strict "${APP_PATH}"
ok "signature valid"
# create dmg
info "Creating DMG..."
create-dmg \
--volname "${SCHEME}" \
--window-pos 200 120 \
--window-size 660 400 \
--icon-size 80 \
--icon "${SCHEME}.app" 180 190 \
--app-drop-link 480 190 \
--hide-extension "${SCHEME}.app" \
"${DMG_PATH}" \
"${APP_PATH}"
ok "dmg created"
# notarize dmg (Apple checks the .app inside, no need to notarize it separately)
info "Notarizing..."
RESULT=$(xcrun notarytool submit "${DMG_PATH}" \
--apple-id "${APPLE_ID}" \
--password "${APP_PASSWORD}" \
--team-id "${TEAM_ID}" \
--wait 2>&1) || true
if echo "$RESULT" | grep -q "status: Accepted"; then
xcrun stapler staple "${DMG_PATH}"
ok "notarized and stapled"
else
echo "$RESULT"
ID=$(echo "$RESULT" | grep 'id:' | head -1 | awk '{print $2}')
if [[ -n "${ID}" ]]; then
xcrun notarytool log "$ID" \
--apple-id "${APPLE_ID}" \
--password "${APP_PASSWORD}" \
--team-id "${TEAM_ID}" || true
fi
die "notarization failed"
fi
# done
SHA=$(shasum -a 256 "${DMG_PATH}" | awk '{print $1}')
echo ""
info "Done: ${DMG_PATH}"
echo " version: ${VERSION}"
echo " sha256: ${SHA}"