#!/usr/bin/env bash set -euo pipefail ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" BUILD_DIR="$ROOT_DIR/build" ARTIFACTS_DIR="$ROOT_DIR/dist" SCHEME="iKeyMon" PROJECT="iKeyMon.xcodeproj" CREDENTIALS_FILE="$ROOT_DIR/.signing.env" VERSION_FILE="$ROOT_DIR/version.json" if [[ -f "$CREDENTIALS_FILE" ]]; then set -a # shellcheck disable=SC1090 source "$CREDENTIALS_FILE" set +a fi "$ROOT_DIR/scripts/sync_version.sh" rm -rf "$BUILD_DIR" "$ARTIFACTS_DIR" mkdir -p "$ARTIFACTS_DIR" xcodebuild \ -project "$ROOT_DIR/$PROJECT" \ -scheme "$SCHEME" \ -configuration Release \ -derivedDataPath "$BUILD_DIR" \ CODE_SIGNING_ALLOWED=NO \ clean build APP_PATH="$BUILD_DIR/Build/Products/Release/iKeyMon.app" if [[ ! -d "$APP_PATH" ]]; then echo "❌ Failed to find built app at $APP_PATH" exit 1 fi if [[ -n "${CODESIGN_IDENTITY:-}" ]]; then echo "🔏 Codesigning app with identity: $CODESIGN_IDENTITY" codesign \ --deep \ --force \ --options runtime \ --timestamp \ --entitlements "$ROOT_DIR/iKeyMon.entitlements" \ --sign "$CODESIGN_IDENTITY" \ "$APP_PATH" else echo "⚠ī¸ Skipping codesign (CODESIGN_IDENTITY not set)." fi STAGING_DIR=$(mktemp -d) mkdir -p "$STAGING_DIR" cp -R "$APP_PATH" "$STAGING_DIR/" ln -s /Applications "$STAGING_DIR/Applications" mkdir -p "$STAGING_DIR/.background" cp "$ROOT_DIR/Assets/dmg_background.png" "$STAGING_DIR/.background/background.png" VERSION="$(python3 - <<'PY' "$VERSION_FILE" import json, sys with open(sys.argv[1], "r", encoding="utf-8") as handle: data = json.load(handle) print(data.get("marketing_version", "dev")) PY )" ZIP_NAME="iKeyMon-${VERSION}.zip" pushd "$(dirname "$APP_PATH")" >/dev/null zip -r "$ARTIFACTS_DIR/$ZIP_NAME" "$(basename "$APP_PATH")" popd >/dev/null DMG_NAME="iKeyMon-${VERSION}.dmg" hdiutil create -volname "iKeyMon" -srcfolder "$STAGING_DIR" -ov -format UDZO "$ARTIFACTS_DIR/$DMG_NAME" if [[ -n "${NOTARY_APPLE_ID:-}" && -n "${NOTARY_TEAM_ID:-}" && -n "${NOTARY_PASSWORD:-}" ]]; then echo "📝 Submitting DMG for notarization..." xcrun notarytool submit "$ARTIFACTS_DIR/$DMG_NAME" \ --apple-id "$NOTARY_APPLE_ID" \ --team-id "$NOTARY_TEAM_ID" \ --password "$NOTARY_PASSWORD" \ --wait xcrun stapler staple "$ARTIFACTS_DIR/$DMG_NAME" else echo "⚠ī¸ Skipping notarization (NOTARY_* variables not set)." fi rm -rf "$STAGING_DIR" if [[ -n "${GITEA_TOKEN:-}" && -n "${GITEA_OWNER:-}" && -n "${GITEA_REPO:-}" ]]; then "$ROOT_DIR/scripts/publish_release.sh" "$VERSION" "$ARTIFACTS_DIR/$ZIP_NAME" "$ARTIFACTS_DIR/$DMG_NAME" else echo "ℹī¸ Skipping Gitea release publishing (GITEA_* variables not fully set)." fi echo "✅ Build complete. Artifacts:" echo " - $ARTIFACTS_DIR/$ZIP_NAME" echo " - $ARTIFACTS_DIR/$DMG_NAME"