solvespace/.github/scripts/sign-macos.sh

#!/bin/bash -xe

lipo \
    -create \
        build/bin/SolveSpace.app/Contents/Resources/libomp.dylib \
        build-arm64/bin/SolveSpace.app/Contents/Resources/libomp.dylib \
    -output \
        build/bin/SolveSpace.app/Contents/Resources/libomp.dylib

lipo \
    -create \
        build/bin/SolveSpace.app/Contents/MacOS/SolveSpace \
        build-arm64/bin/SolveSpace.app/Contents/MacOS/SolveSpace \
    -output \
        build/bin/SolveSpace.app/Contents/MacOS/SolveSpace

lipo \
    -create \
        build/bin/SolveSpace.app/Contents/MacOS/solvespace-cli \
        build-arm64/bin/SolveSpace.app/Contents/MacOS/solvespace-cli \
    -output \
        build/bin/SolveSpace.app/Contents/MacOS/solvespace-cli

cd build

openmp="bin/SolveSpace.app/Contents/Resources/libomp.dylib"
app="bin/SolveSpace.app"
dmg="bin/SolveSpace.dmg"
bundle_id="com.solvespace.solvespace"

if [ "$CI" = "true" ]; then
    # get the signing certificate (this is the Developer ID:Application: Your Name, exported to a p12 file, then converted to base64, e.g.: cat ~/Desktop/certificate.p12 | base64 | pbcopy)
    echo $MACOS_CERTIFICATE_P12 | base64 --decode > certificate.p12

    # create a keychain
    security create-keychain -p secret build.keychain
    security default-keychain -s build.keychain
    security unlock-keychain -p secret build.keychain

    # import the key
    security import certificate.p12 -k build.keychain -P "${MACOS_CERTIFICATE_PASSWORD}" -T /usr/bin/codesign

    security set-key-partition-list -S apple-tool:,apple: -s -k secret build.keychain

    # check if all is good
    security find-identity -v
fi

# sign openmp
codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${openmp}"

# sign the .app
codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${app}"

# create the .dmg from the signed .app
hdiutil create -srcfolder "${app}" "${dmg}"

# sign the .dmg
codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${dmg}"

if ! command -v xcrun >/dev/null || ! xcrun --find notarytool >/dev/null; then
    echo "Notarytool is not present in the system. Notarization has failed."
    exit 1
fi

# Submit the package for notarization
notarization_output=$(
    xcrun notarytool submit "${dmg}" \
        --apple-id "hello@koenschmeets.nl" \
        --password "@env:MACOS_APPSTORE_APP_PASSWORD" \
        --team-id "8X77K9NDG3" \
        --wait 2>&1)

if [ $? -eq 0 ]; then
    # Extract the operation ID from the output
    operation_id=$(echo "$notarization_output" | awk '/RequestUUID/ {print $NF}')
    echo "Notarization submitted. Operation ID: $operation_id"
    exit 0
  else
    echo "Notarization failed. Error: $notarization_output"
    exit 1
  fi
fi

# staple
xcrun stapler staple "${dmg}"
Travis: CI improvements and fixing edge builds (#766) - Fix release notes by using edge deploy provider, see: https://github.com/travis-ci/dpl/pull/1069 - Deploy only on master branch - Move to arm64-graviton2 - Rename debian -> ubuntu - Remove appveyor.yml - Remove redundant deploy stage in build step names - Get rid of bash code in files using sh, and explicitly use bash in sign-macos.sh script - Add missing newline to build-windows.sh - Build x86 for Windows - Enable OpenMP in test builds - Disable sanitizers on macOS test build - Disallow failures on snap build 2020-10-24 17:08:40 +08:00			`#!/bin/bash -xe`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00
Combine arm64 and x86_64 libomp libraries 2021-04-05 02:24:22 +08:00			`lipo \`
			`-create \`
			`build/bin/SolveSpace.app/Contents/Resources/libomp.dylib \`
			`build-arm64/bin/SolveSpace.app/Contents/Resources/libomp.dylib \`
			`-output \`
			`build/bin/SolveSpace.app/Contents/Resources/libomp.dylib`

Add apple arm64 support 2021-02-08 08:07:21 +08:00			`lipo \`
			`-create \`
			`build/bin/SolveSpace.app/Contents/MacOS/SolveSpace \`
			`build-arm64/bin/SolveSpace.app/Contents/MacOS/SolveSpace \`
			`-output \`
			`build/bin/SolveSpace.app/Contents/MacOS/SolveSpace`

			`lipo \`
			`-create \`
			`build/bin/SolveSpace.app/Contents/MacOS/solvespace-cli \`
			`build-arm64/bin/SolveSpace.app/Contents/MacOS/solvespace-cli \`
			`-output \`
			`build/bin/SolveSpace.app/Contents/MacOS/solvespace-cli`

Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00			`cd build`

Correct libomp.dylib path in sign-macos.sh script 2021-04-05 01:15:00 +08:00			`openmp="bin/SolveSpace.app/Contents/Resources/libomp.dylib"`
macOS CI fixes 2020-10-19 17:24:37 +08:00			`app="bin/SolveSpace.app"`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00			`dmg="bin/SolveSpace.dmg"`
			`bundle_id="com.solvespace.solvespace"`

Travis: Build improvements and fixes (#751) - Add OpenMP to macOS build - Use as many cores as possible in CI - Update travis osx image to xcode12.2 - Ignore .vscode folder - In `.travis/sign-macos.sh`, only create keychain when `CI` variable is present - Only run macOS deploy stage when a tag is pushed 2020-10-20 15:39:26 +08:00			`if [ "$CI" = "true" ]; then`
			`# get the signing certificate (this is the Developer ID:Application: Your Name, exported to a p12 file, then converted to base64, e.g.: cat ~/Desktop/certificate.p12 \| base64 \| pbcopy)`
			`echo $MACOS_CERTIFICATE_P12 \| base64 --decode > certificate.p12`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00
Travis: Build improvements and fixes (#751) - Add OpenMP to macOS build - Use as many cores as possible in CI - Update travis osx image to xcode12.2 - Ignore .vscode folder - In `.travis/sign-macos.sh`, only create keychain when `CI` variable is present - Only run macOS deploy stage when a tag is pushed 2020-10-20 15:39:26 +08:00			`# create a keychain`
			`security create-keychain -p secret build.keychain`
			`security default-keychain -s build.keychain`
			`security unlock-keychain -p secret build.keychain`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00
Travis: Build improvements and fixes (#751) - Add OpenMP to macOS build - Use as many cores as possible in CI - Update travis osx image to xcode12.2 - Ignore .vscode folder - In `.travis/sign-macos.sh`, only create keychain when `CI` variable is present - Only run macOS deploy stage when a tag is pushed 2020-10-20 15:39:26 +08:00			`# import the key`
Travis: update travis and macos build configs - Fixing warnings in .travis.yml - Enable building on all cores for macOS build - Quote variables 2020-10-20 20:14:49 +08:00			`security import certificate.p12 -k build.keychain -P "${MACOS_CERTIFICATE_PASSWORD}" -T /usr/bin/codesign`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00
Travis: Build improvements and fixes (#751) - Add OpenMP to macOS build - Use as many cores as possible in CI - Update travis osx image to xcode12.2 - Ignore .vscode folder - In `.travis/sign-macos.sh`, only create keychain when `CI` variable is present - Only run macOS deploy stage when a tag is pushed 2020-10-20 15:39:26 +08:00			`security set-key-partition-list -S apple-tool:,apple: -s -k secret build.keychain`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00
Travis: Build improvements and fixes (#751) - Add OpenMP to macOS build - Use as many cores as possible in CI - Update travis osx image to xcode12.2 - Ignore .vscode folder - In `.travis/sign-macos.sh`, only create keychain when `CI` variable is present - Only run macOS deploy stage when a tag is pushed 2020-10-20 15:39:26 +08:00			`# check if all is good`
			`security find-identity -v`
			`fi`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00
Travis: sign libomp.dylib 2020-10-26 10:38:32 +08:00			`# sign openmp`
			`codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${openmp}"`

macOS CI fixes 2020-10-19 17:24:37 +08:00			`# sign the .app`
			`codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${app}"`

			`# create the .dmg from the signed .app`
			`hdiutil create -srcfolder "${app}" "${dmg}"`

Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00			`# sign the .dmg`
Update .travis.yml for macOS build Update .travis.yml for macOS build Add executable permission on sign-macos.sh script 2020-10-18 16:50:02 +08:00			`codesign -s "${MACOS_DEVELOPER_ID}" --timestamp --options runtime -f --deep "${dmg}"`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00
Try to use notarytool 2023-09-13 04:04:56 +08:00			`if ! command -v xcrun >/dev/null \|\| ! xcrun --find notarytool >/dev/null; then`
			`echo "Notarytool is not present in the system. Notarization has failed."`
			`exit 1`
			`fi`

			`# Submit the package for notarization`
			`notarization_output=$(`
			`xcrun notarytool submit "${dmg}" \`
Try to build macOS with new app-specific-password secret 2024-04-21 22:38:02 +08:00			`--apple-id "hello@koenschmeets.nl" \`
Try to use notarytool 2023-09-13 04:04:56 +08:00			`--password "@env:MACOS_APPSTORE_APP_PASSWORD" \`
			`--team-id "8X77K9NDG3" \`
			`--wait 2>&1)`

			`if [ $? -eq 0 ]; then`
			`# Extract the operation ID from the output`
			`operation_id=$(echo "$notarization_output" \| awk '/RequestUUID/ {print $NF}')`
			`echo "Notarization submitted. Operation ID: $operation_id"`
			`exit 0`
			`else`
			`echo "Notarization failed. Error: $notarization_output"`
			`exit 1`
			`fi`
			`fi`
Add macOS travis config, fix issue in CMakeLists.txt causing macOS build to break 2020-10-17 23:05:10 +08:00
			`# staple`
Fix whitespace and trailing newline in github actions files. 2021-06-24 22:47:49 +08:00			`xcrun stapler staple "${dmg}"`