tracer/iKeyMon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Support codesign/notarize via local credentials file

Browse Source
This commit is contained in:
Micha
2025-11-20 00:34:56 +01:00
parent 0f1c876520
commit 73d81216bb
4 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -3,3 +3,5 @@ xcuserdata/
DerivedData/ DerivedData/
build/ build/
Build/ Build/
dist/
.signing.env

4
README.md
View File

@@ -39,13 +39,13 @@ open iKeyMon.xcodeproj
### Local release build ### Local release build
Use the helper script to produce a zipped `.app` in `dist/`: Use the helper script to produce distributables in `dist/`:
```bash ```bash
./scripts/build_release.sh ./scripts/build_release.sh
``` ```
It cleans previous artifacts, builds the `Release` configuration, and drops `iKeyMon-<version>.zip` into the `dist` folder (ignored by git). It cleans previous artifacts, builds the `Release` configuration, and drops both `iKeyMon-<version>.zip` and `iKeyMon-<version>.dmg` into the `dist` folder (ignored by git). To enable codesigning + notarization, copy `signing.env.example` to `.signing.env`, fill in your Developer ID identity, Apple ID, team ID, and app-specific password. The script sources that file locally (it remains gitignored) and performs signing/notarization when the values are present.
## 📦 License ## 📦 License
MIT — see [LICENSE](LICENSE) for details. MIT — see [LICENSE](LICENSE) for details.

29
scripts/build_release.sh
View File

@@ -6,6 +6,12 @@ BUILD_DIR="$ROOT_DIR/build"
ARTIFACTS_DIR="$ROOT_DIR/dist" ARTIFACTS_DIR="$ROOT_DIR/dist"
SCHEME="iKeyMon" SCHEME="iKeyMon"
PROJECT="iKeyMon.xcodeproj" PROJECT="iKeyMon.xcodeproj"
CREDENTIALS_FILE="$ROOT_DIR/.signing.env"
if [[ -f "$CREDENTIALS_FILE" ]]; then
# shellcheck disable=SC1090
source "$CREDENTIALS_FILE"
fi
rm -rf "$BUILD_DIR" "$ARTIFACTS_DIR" rm -rf "$BUILD_DIR" "$ARTIFACTS_DIR"
mkdir -p "$ARTIFACTS_DIR" mkdir -p "$ARTIFACTS_DIR"
@@ -23,6 +29,13 @@ if [[ ! -d "$APP_PATH" ]]; then
exit 1 exit 1
fi fi
if [[ -n "${CODESIGN_IDENTITY:-}" ]]; then
echo "🔏 Codesigning app with identity: $CODESIGN_IDENTITY"
codesign --deep --force --options runtime --sign "$CODESIGN_IDENTITY" "$APP_PATH"
else
echo "⚠️ Skipping codesign (CODESIGN_IDENTITY not set)."
fi
VERSION=$(xcodebuild \ VERSION=$(xcodebuild \
-project "$ROOT_DIR/$PROJECT" \ -project "$ROOT_DIR/$PROJECT" \
-scheme "$SCHEME" \ -scheme "$SCHEME" \
@@ -39,4 +52,18 @@ popd >/dev/null
DMG_NAME="iKeyMon-${VERSION}.dmg" DMG_NAME="iKeyMon-${VERSION}.dmg"
hdiutil create -volname "iKeyMon" -srcfolder "$APP_PATH" -ov -format UDZO "$ARTIFACTS_DIR/$DMG_NAME" hdiutil create -volname "iKeyMon" -srcfolder "$APP_PATH" -ov -format UDZO "$ARTIFACTS_DIR/$DMG_NAME"
echo "✅ Build complete. Artifact: $ARTIFACTS_DIR/$ZIP_NAME" if [[ -n "${NOTARY_APPLE_ID:-}" && -n "${NOTARY_TEAM_ID:-}" && -n "${NOTARY_PASSWORD:-}" ]]; then
echo "📝 Submitting DMG for notarization..."
xcrun notarytool submit "$ARTIFACTS_DIR/$DMG_NAME" \
--apple-id "$NOTARY_APPLE_ID" \
--team-id "$NOTARY_TEAM_ID" \
--password "$NOTARY_PASSWORD" \
--wait
xcrun stapler staple "$ARTIFACTS_DIR/$DMG_NAME"
else
echo "⚠️ Skipping notarization (NOTARY_* variables not set)."
fi
echo "✅ Build complete. Artifacts:"
echo " - $ARTIFACTS_DIR/$ZIP_NAME"
echo " - $ARTIFACTS_DIR/$DMG_NAME"

4
signing.env.example Normal file
View File

@@ -0,0 +1,4 @@
CODESIGN_IDENTITY="Developer ID Application: Your Name (TEAMID1234)"
NOTARY_APPLE_ID="appleid@example.com"
NOTARY_TEAM_ID="TEAMID1234"
NOTARY_PASSWORD="app-specific-password"