diff --git a/.gitignore b/.gitignore index 44ab1ae..9f00021 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ xcuserdata/ DerivedData/ build/ Build/ +dist/ +.signing.env diff --git a/README.md b/README.md index ed00cd6..642ce74 100644 --- a/README.md +++ b/README.md @@ -39,13 +39,13 @@ open iKeyMon.xcodeproj ### Local release build -Use the helper script to produce a zipped `.app` in `dist/`: +Use the helper script to produce distributables in `dist/`: ```bash ./scripts/build_release.sh ``` -It cleans previous artifacts, builds the `Release` configuration, and drops `iKeyMon-.zip` into the `dist` folder (ignored by git). +It cleans previous artifacts, builds the `Release` configuration, and drops both `iKeyMon-.zip` and `iKeyMon-.dmg` into the `dist` folder (ignored by git). To enable codesigning + notarization, copy `signing.env.example` to `.signing.env`, fill in your Developer ID identity, Apple ID, team ID, and app-specific password. The script sources that file locally (it remains gitignored) and performs signing/notarization when the values are present. ## 📦 License MIT — see [LICENSE](LICENSE) for details. diff --git a/scripts/build_release.sh b/scripts/build_release.sh index b595f47..6b7bedb 100755 --- a/scripts/build_release.sh +++ b/scripts/build_release.sh @@ -6,6 +6,12 @@ BUILD_DIR="$ROOT_DIR/build" ARTIFACTS_DIR="$ROOT_DIR/dist" SCHEME="iKeyMon" PROJECT="iKeyMon.xcodeproj" +CREDENTIALS_FILE="$ROOT_DIR/.signing.env" + +if [[ -f "$CREDENTIALS_FILE" ]]; then + # shellcheck disable=SC1090 + source "$CREDENTIALS_FILE" +fi rm -rf "$BUILD_DIR" "$ARTIFACTS_DIR" mkdir -p "$ARTIFACTS_DIR" @@ -23,6 +29,13 @@ if [[ ! -d "$APP_PATH" ]]; then exit 1 fi +if [[ -n "${CODESIGN_IDENTITY:-}" ]]; then + echo "🔏 Codesigning app with identity: $CODESIGN_IDENTITY" + codesign --deep --force --options runtime --sign "$CODESIGN_IDENTITY" "$APP_PATH" +else + echo "⚠️ Skipping codesign (CODESIGN_IDENTITY not set)." +fi + VERSION=$(xcodebuild \ -project "$ROOT_DIR/$PROJECT" \ -scheme "$SCHEME" \ @@ -39,4 +52,18 @@ popd >/dev/null DMG_NAME="iKeyMon-${VERSION}.dmg" hdiutil create -volname "iKeyMon" -srcfolder "$APP_PATH" -ov -format UDZO "$ARTIFACTS_DIR/$DMG_NAME" -echo "✅ Build complete. Artifact: $ARTIFACTS_DIR/$ZIP_NAME" +if [[ -n "${NOTARY_APPLE_ID:-}" && -n "${NOTARY_TEAM_ID:-}" && -n "${NOTARY_PASSWORD:-}" ]]; then + echo "📝 Submitting DMG for notarization..." + xcrun notarytool submit "$ARTIFACTS_DIR/$DMG_NAME" \ + --apple-id "$NOTARY_APPLE_ID" \ + --team-id "$NOTARY_TEAM_ID" \ + --password "$NOTARY_PASSWORD" \ + --wait + xcrun stapler staple "$ARTIFACTS_DIR/$DMG_NAME" +else + echo "⚠️ Skipping notarization (NOTARY_* variables not set)." +fi + +echo "✅ Build complete. Artifacts:" +echo " - $ARTIFACTS_DIR/$ZIP_NAME" +echo " - $ARTIFACTS_DIR/$DMG_NAME" diff --git a/signing.env.example b/signing.env.example new file mode 100644 index 0000000..6097d50 --- /dev/null +++ b/signing.env.example @@ -0,0 +1,4 @@ +CODESIGN_IDENTITY="Developer ID Application: Your Name (TEAMID1234)" +NOTARY_APPLE_ID="appleid@example.com" +NOTARY_TEAM_ID="TEAMID1234" +NOTARY_PASSWORD="app-specific-password"