unity-xcode-builder@v1.3.3 (#21)

- fix applying entitlements to app bundles on sign step
- verify signed entitlements for app bundles

Author: StephenHodgson

dist/index.js

@@ -58316,6 +58316,7 @@ exports.XcodeProject = XcodeProject;
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.log = log;
+exports.DeepEqual = DeepEqual;
 const core = __nccwpck_require__(2186);
 function log(message, type = 'info') {
     if (type == 'info' && !core.isDebug()) {
@@ -58345,6 +58346,36 @@ function log(message, type = 'info') {
         }
     }
 }
+function DeepEqual(a, b) {
+    if (a === b)
+        return true;
+    if (typeof a !== typeof b)
+        return false;
+    if (typeof a !== 'object' || a === null || b === null)
+        return false;
+    if (Array.isArray(a) !== Array.isArray(b))
+        return false;
+    if (Array.isArray(a)) {
+        if (a.length !== b.length)
+            return false;
+        for (let i = 0; i < a.length; i++) {
+            if (!DeepEqual(a[i], b[i]))
+                return false;
+        }
+        return true;
+    }
+    const keysA = Object.keys(a);
+    const keysB = Object.keys(b);
+    if (keysA.length !== keysB.length)
+        return false;
+    for (const key of keysA) {
+        if (!keysB.includes(key))
+            return false;
+        if (!DeepEqual(a[key], b[key]))
+            return false;
+    }
+    return true;
+}
 
 
 /***/ }),
@@ -58906,13 +58937,25 @@ async function signMacOSAppBundle(projectRef) {
     if (!developerIdApplicationSigningIdentity) {
         throw new Error(`Failed to find the Developer ID Application signing identity!`);
     }
+    if (projectRef.entitlementsPath) {
+        if (projectRef.entitlementsPath.trim().length === 0) {
+            throw new Error(`Entitlements path is empty!`);
+        }
+        if (!fs.existsSync(projectRef.entitlementsPath)) {
+            throw new Error(`Entitlements file not found at: ${projectRef.entitlementsPath}`);
+        }
+    }
+    else {
+        throw new Error(`Entitlements path is not set! Please provide a valid entitlements plist file.`);
+    }
     const codesignArgs = [
         '--force',
         '--verify',
         '--timestamp',
         '--options', 'runtime',
         '--keychain', projectRef.credential.keychainPath,
         '--sign', developerIdApplicationSigningIdentity,
+        '--entitlements', projectRef.entitlementsPath,
     ];
     if (core.isDebug()) {
         codesignArgs.unshift('--verbose');
@@ -58944,6 +58987,32 @@ async function signMacOSAppBundle(projectRef) {
     if (verifyExitCode !== 0) {
         throw new Error('App bundle codesign verification failed!');
     }
+    let entitlementsOutput = '';
+    const entitlementsExitCode = await (0, exec_1.exec)('codesign', [
+        '--display',
+        '--entitlements', '-', '--xml',
+        appPath
+    ], {
+        listeners: {
+            stdout: (data) => {
+                entitlementsOutput += data.toString();
+            }
+        },
+        ignoreReturnCode: true
+    });
+    if (entitlementsExitCode !== 0) {
+        (0, utilities_1.log)(entitlementsOutput, 'error');
+        throw new Error('Failed to display signed entitlements!');
+    }
+    const expectedEntitlementsContent = await fs.promises.readFile(projectRef.entitlementsPath, 'utf8');
+    const expectedEntitlements = plist.parse(expectedEntitlementsContent);
+    if (!entitlementsOutput.trim()) {
+        throw new Error('Signed entitlements output is empty!');
+    }
+    const signedEntitlements = plist.parse(entitlementsOutput);
+    if (!(0, utilities_1.DeepEqual)(expectedEntitlements, signedEntitlements)) {
+        throw new Error('Signed entitlements do not match the expected entitlements!');
+    }
 }
 async function createMacOSInstallerPkg(projectRef) {
     core.info('Creating macOS installer pkg...');

dist/index.js.map

@@ -1,6 +1,6 @@
 {
   "name": "unity-xcode-builder",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "description": "A GitHub Action to build, archive, and upload Unity exported xcode projects.",
   "author": "buildalon",
   "license": "MIT",

package-lock.json

@@ -26,3 +26,27 @@ export function log(message: string, type: 'info' | 'warning' | 'error' = 'info'
         }
     }
 }
+
+export function DeepEqual(a: any, b: any): boolean {
+    if (a === b) return true;
+    if (typeof a !== typeof b) return false;
+    if (typeof a !== 'object' || a === null || b === null) return false;
+    if (Array.isArray(a) !== Array.isArray(b)) return false;
+
+    if (Array.isArray(a)) {
+        if (a.length !== b.length) return false;
+        for (let i = 0; i < a.length; i++) {
+            if (!DeepEqual(a[i], b[i])) return false;
+        }
+        return true;
+    }
+
+    const keysA = Object.keys(a);
+    const keysB = Object.keys(b);
+    if (keysA.length !== keysB.length) return false;
+    for (const key of keysA) {
+        if (!keysB.includes(key)) return false;
+        if (!DeepEqual(a[key], b[key])) return false;
+    }
+    return true;
+}

package.json

@@ -7,7 +7,10 @@ import plist = require('plist');
 import path = require('path');
 import fs = require('fs');
 import semver = require('semver');
-import { log } from './utilities';
+import {
+    DeepEqual,
+    log
+} from './utilities';
 import { SemVer } from 'semver';
 import core = require('@actions/core');
 import {
@@ -560,13 +563,24 @@ async function signMacOSAppBundle(projectRef: XcodeProject): Promise<void> {
     if (!developerIdApplicationSigningIdentity) {
         throw new Error(`Failed to find the Developer ID Application signing identity!`);
     }
+    if (projectRef.entitlementsPath) {
+        if (projectRef.entitlementsPath.trim().length === 0) {
+            throw new Error(`Entitlements path is empty!`);
+        }
+        if (!fs.existsSync(projectRef.entitlementsPath)) {
+            throw new Error(`Entitlements file not found at: ${projectRef.entitlementsPath}`);
+        }
+    } else {
+        throw new Error(`Entitlements path is not set! Please provide a valid entitlements plist file.`);
+    }
     const codesignArgs = [
         '--force',
         '--verify',
         '--timestamp',
         '--options', 'runtime',
         '--keychain', projectRef.credential.keychainPath,
         '--sign', developerIdApplicationSigningIdentity,
+        '--entitlements', projectRef.entitlementsPath,
     ];
     if (core.isDebug()) {
         codesignArgs.unshift('--verbose');
@@ -598,6 +612,32 @@ async function signMacOSAppBundle(projectRef: XcodeProject): Promise<void> {
     if (verifyExitCode !== 0) {
         throw new Error('App bundle codesign verification failed!');
     }
+    let entitlementsOutput = '';
+    const entitlementsExitCode = await exec('codesign', [
+        '--display',
+        '--entitlements', '-', '--xml',
+        appPath
+    ], {
+        listeners: {
+            stdout: (data: Buffer) => {
+                entitlementsOutput += data.toString();
+            }
+        },
+        ignoreReturnCode: true
+    });
+    if (entitlementsExitCode !== 0) {
+        log(entitlementsOutput, 'error');
+        throw new Error('Failed to display signed entitlements!');
+    }
+    const expectedEntitlementsContent = await fs.promises.readFile(projectRef.entitlementsPath, 'utf8');
+    const expectedEntitlements = plist.parse(expectedEntitlementsContent);
+    if (!entitlementsOutput.trim()) {
+        throw new Error('Signed entitlements output is empty!');
+    }
+    const signedEntitlements = plist.parse(entitlementsOutput);
+    if (!DeepEqual(expectedEntitlements, signedEntitlements)) {
+        throw new Error('Signed entitlements do not match the expected entitlements!');
+    }
 }
 
 async function createMacOSInstallerPkg(projectRef: XcodeProject): Promise<string> {
@@ -1110,4 +1150,4 @@ async function execGit(args: string[]): Promise<string> {
         throw new Error(`Git failed with exit code: ${exitCode}`);
     }
     return output;
-}
+}