forked from raisingthefloor/morphic-macos
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnotarize.sh
114 lines (91 loc) · 2.56 KB
/
notarize.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/bash
BRANCH="${BRANCH}"
BRANCH_NAME="${BRANCH_NAME}"
if [[ "${BRANCH_NAME}" == "master" ]]; then
echo "detected master build. will notarize"
elif [[ "${BRANCH}" == *"staging/"* ]]; then
echo "detected staging build. will notarize"
elif [[ "${BRANCH}" == *"release/"* ]]; then
echo "detected release build. will notarize"
else
echo "detected PR build. Will not notarize"
exit 0
fi
USERNAME="${USERNAME}"
APP_PASSWORD="${APP_PASSWORD}"
SIGNING_IDENTITY="${SIGNING_IDENTITY}"
BUNDLE_ID="${BUNDLE_ID}"
DMG_PATH="${DMG_PATH}"
PKG_PATH="${PKG_PATH}"
if [[ "$DMG_PATH" != "" ]]; then
FILE_PATH=${DMG_PATH}
else
FILE_PATH=${PKG_PATH}
fi
exitWithErr()
{
echo "$1"
exit 1
}
# Parse the status field from output.
parseStatus()
{
echo "$1" | awk -F ': ' '/Status:/ { print $2; }'
}
# Parse the RequestUUID field from output
parseRequestUuid()
{
echo "$1" | awk '/RequestUUID/ { print $NF; }'
}
toLower()
{
echo "$1" | tr '[:upper:]' '[:lower:]'
}
if [[ "$USERNAME" == "" ]]; then
exitWithErr "USERNAME env var must be provided"
fi
if [[ "$APP_PASSWORD" == "" ]]; then
exitWithErr "APP_PASSWORD env var must be provided"
fi
if [[ "$DMG_PATH" != "" && "$SIGNING_IDENTITY" == "" ]]; then
exitWithErr "SIGNING_IDENTITY env var must be provided for DMG files"
fi
set -e
set -x
if [[ "$SIGNING_IDENTITY" != "" ]]; then
codesign --timestamp \
--sign "${SIGNING_IDENTITY}" \
"${FILE_PATH}"
fi
# this will return a “RequestUUID”...which is used as a command-line argument for polling
NOTARIZE_REQUST=$(xcrun altool --notarize-app \
--primary-bundle-id "${BUNDLE_ID}" \
--username "${USERNAME}" \
--password "${APP_PASSWORD}" \
--file "${FILE_PATH}")
echo "${NOTARIZE_REQUST}"
REQUEST_UUID=$(parseRequestUuid "${NOTARIZE_REQUST}")
if [[ "${REQUEST_UUID}" == "" ]]; then
exitWithErr "failed to parse request_UUID"
fi
# Poll for completion
REQUEST_STATUS="in progress"
while [[ "$REQUEST_STATUS" == "in progress" ]]; do
echo "Polling for completion of notarization request"
sleep 20
NOTARY_INFO=$(xcrun altool \
--notarization-info ${REQUEST_UUID} \
--username "${USERNAME}" \
--password "${APP_PASSWORD}")
REQUEST_STATUS=$(parseStatus "${NOTARY_INFO}")
REQUEST_STATUS=$(toLower "$REQUEST_STATUS")
echo "current status: ${REQUEST_STATUS}"
done
echo "Final notarization status:"
echo "${NOTARY_INFO}"
if [[ "$REQUEST_STATUS" != "success" ]]; then
exitWithErr "failed to get notarization. Status is not 'success'"
fi
echo "stapling notarization to file"
xcrun stapler staple "${FILE_PATH}"
echo "successfully stapled notarization to file"