From 05017ffd5ead97f270f86284564bcc8113e803c8 Mon Sep 17 00:00:00 2001
From: Micha <espey@smart-q.de>
Date: Tue, 25 Nov 2025 19:15:25 +0100
Subject: [PATCH] more Sparkle tests

---
 scripts/build_release.sh | 52 +++++++++++++++++++++++++++++++++-------
 1 file changed, 44 insertions(+), 8 deletions(-)

diff --git a/scripts/build_release.sh b/scripts/build_release.sh
index e2d857e..ea8c851 100755
--- a/scripts/build_release.sh
+++ b/scripts/build_release.sh
@@ -103,6 +103,46 @@ sign_update_artifacts() {
   fi
 }
 
+submit_for_notarization() {
+  local target="$1"
+  local label="$2"
+  echo "📝 Submitting ${label} for notarization..."
+  xcrun notarytool submit "$target" \
+    --apple-id "$NOTARY_APPLE_ID" \
+    --team-id "$NOTARY_TEAM_ID" \
+    --password "$NOTARY_PASSWORD" \
+    --wait
+}
+
+notarize_app_bundle() {
+  local bundle="$1"
+  local label="$2"
+  if [[ -z "${NOTARY_APPLE_ID:-}" || -z "${NOTARY_TEAM_ID:-}" || -z "${NOTARY_PASSWORD:-}" ]]; then
+    echo "ℹ️ Skipping notarization for ${label} (NOTARY_* variables not set)."
+    return 1
+  fi
+
+  local tmp_dir
+  tmp_dir="$(mktemp -d)"
+  local archive="$tmp_dir/$(basename "$bundle").zip"
+  ditto -c -k --keepParent "$bundle" "$archive"
+
+  submit_for_notarization "$archive" "$label"
+  xcrun stapler staple "$bundle"
+  rm -rf "$tmp_dir"
+}
+
+notarize_artifact() {
+  local artifact="$1"
+  local label="$2"
+  if [[ -z "${NOTARY_APPLE_ID:-}" || -z "${NOTARY_TEAM_ID:-}" || -z "${NOTARY_PASSWORD:-}" ]]; then
+    echo "ℹ️ Skipping notarization for ${label} (NOTARY_* variables not set)."
+    return 1
+  fi
+  submit_for_notarization "$artifact" "$label"
+  xcrun stapler staple "$artifact"
+}
+
 if [[ -f "$CREDENTIALS_FILE" ]]; then
   set -a
   # shellcheck disable=SC1090
@@ -146,6 +186,8 @@ else
   echo "⚠️ Skipping codesign (CODESIGN_IDENTITY not set)."
 fi
 
+notarize_app_bundle "$APP_PATH" "iKeyMon.app"
+
 STAGING_DIR=$(mktemp -d)
 mkdir -p "$STAGING_DIR"
 cp -R "$APP_PATH" "$STAGING_DIR/"
@@ -171,15 +213,9 @@ hdiutil create -volname "iKeyMon" -srcfolder "$STAGING_DIR" -ov -format UDZO "$A
 sign_update_artifacts
 
 if [[ -n "${NOTARY_APPLE_ID:-}" && -n "${NOTARY_TEAM_ID:-}" && -n "${NOTARY_PASSWORD:-}" ]]; then
-  echo "📝 Submitting DMG for notarization..."
-  xcrun notarytool submit "$ARTIFACTS_DIR/$DMG_NAME" \
-    --apple-id "$NOTARY_APPLE_ID" \
-    --team-id "$NOTARY_TEAM_ID" \
-    --password "$NOTARY_PASSWORD" \
-    --wait
-  xcrun stapler staple "$ARTIFACTS_DIR/$DMG_NAME"
+  notarize_artifact "$ARTIFACTS_DIR/$DMG_NAME" "$DMG_NAME"
 else
-  echo "⚠️ Skipping notarization (NOTARY_* variables not set)."
+  echo "⚠️ Skipping DMG notarization (NOTARY_* variables not set)."
 fi
 rm -rf "$STAGING_DIR"