Initial commit

.github/dependabot.yml

@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/node-utils"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    open-pull-requests-limit: 20
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "fix"
+      include: "scope"
+    open-pull-requests-limit: 20

.github/workflows/sign.yml

@@ -0,0 +1,27 @@
+name: CI
+
+on:
+  workflow_dispatch:
+
+jobs:
+  sign:
+    runs-on: macos-14
+    timeout-minutes: 30
+    env:
+      SECRET_URL: "${{ secrets.SECRET_URL }}"
+      SECRET_KEY: "${{ secrets.SECRET_KEY }}"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.fastlane
+          key: session-${{ github.run_id }}
+          restore-keys: |
+            session
+
+      - name: Sign
+        run: |
+          PYTHONUNBUFFERED=1 ./sign.py

.gitignore

@@ -0,0 +1,256 @@
+/debug2.sh
+/samples/
+/.vscode/
+
+# Created by https://www.toptal.com/developers/gitignore/api/python,visualstudiocode,intellij+all
+# Edit at https://www.toptal.com/developers/gitignore?templates=python,visualstudiocode,intellij+all
+
+### Intellij+all ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### Intellij+all Patch ###
+# Ignores the whole .idea folder and all .iml files
+# See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360
+
+.idea/
+
+# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
+
+*.iml
+modules.xml
+.idea/misc.xml
+*.ipr
+
+# Sonarlint plugin
+.idea/sonarlint
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
+# End of https://www.toptal.com/developers/gitignore/api/python,visualstudiocode,intellij+all

.semaphore/semaphore.yml

@@ -0,0 +1,28 @@
+version: v1.0
+name: CI
+agent:
+  machine:
+    type: a1-standard-4
+    os_image: macos-xcode15
+execution_time_limit:
+  minutes: 30
+
+blocks:
+  - name: Sign
+    task:
+      jobs:
+        - name: Sign
+          commands:
+            - checkout
+            - nvm install 20
+            - cache restore session
+            # remove once bundled fastlane >= 2.225.0
+            - curl https://mise.jdx.dev/mise-latest-macos-x64 > ~/mise
+            - chmod +x ~/mise
+            - ~/mise plugins install https://github.com/mollyIV/asdf-fastlane.git
+            - ~/mise use -g fastlane
+            - PYTHONUNBUFFERED=1 ~/mise exec fastlane -- ./sign.py
+            - cache delete session
+            - cache store session ~/.fastlane
+      secrets:
+        - name: ios-signer

README.md

@@ -0,0 +1,50 @@
+# SignTools CI
+
+This is a free and simple builder for [SignTools](https://github.com/SignTools/SignTools). It uses a Continuous Integration (CI) provider to pull, sign, and upload any iOS apps to your `SignTools`.
+
+The following providers are supported:
+
+- [GitHub Actions](https://docs.github.com/en/actions)
+- [Semaphore CI](https://semaphoreci.com/)
+
+You only need to configure one provider.
+
+## Note on free developer accounts
+
+Starting from SignTools 3.0, free developer accounts are no longer supported. Check out [SignTools](https://github.com/SignTools/SignTools) for more information.
+
+## Repository setup
+
+First you need to create your own `SignTools-CI` repository:
+
+1. Create a GitHub account
+2. Click on the `Use this template` button at the top of this page
+3. Give the new project a name and set the visibility to `Private`
+4. Create the new project
+
+Alternatively, you can also manually clone this repo into a new private repository.
+
+## Provider setup
+
+You now need to configure a CI provider. **You only need one**:
+
+### GitHub Actions
+
+1. [Open](https://github.com/settings/tokens/new) the Personal access token generation page
+2. Select (grant) the `workflow` scope
+3. Generate the token
+
+This is the token you need for your `SignTools` service's builder configuration.
+
+### Semaphore CI
+
+1. Register for [SemaphoreCI](https://semaphoreci.com/) and create an organization
+2. At the top of the organization dashboard, click on `Create New`
+3. On the page that opens, press `Choose repository`
+4. Authorize SemaphoreCI's app to access your GitHub private repositories in order to see the builder you just created
+5. Back on SemaphoreCI's new project page, you will see your builder repository - click on it
+6. Proceed with `Continue to workflow setup`, then click `I will use the existing configuration`
+7. Go to `Manage Settings` of that repository
+8. At the bottom of the page that opens, set `What to build` to `Do not build this project (Pause project)`
+
+[View](https://me.semaphoreci.com/account) your API Token. This is the token you need for your `SignTools` service's builder configuration.