Merge pull request #28 from nor0x/26

[macOS] codesign + notarization ✍️

.github/workflows/release.yml

@@ -5,6 +5,12 @@ on:
     tags:
       - '*'
 
+env:
+  APPLE_ID: ${{ secrets.APPLE_ID }}
+  TEAM_ID: ${{ secrets.TEAM_ID }}
+  APP_SPECIFIC_PWD: ${{ secrets.APP_SPECIFIC_PWD }}
+  SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }}
+
 jobs:
   build-macos:
     runs-on: macos-14

scripts/Dots.entitlements

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.automation.apple-events</key>
+    <true/>
+</dict>
+</plist>

scripts/build-macos.sh

@@ -1,6 +1,10 @@
 cd ..
 version=$(cat version.txt)
 cd /Users/runner/work/Dots/Dots/src/
+echo "setting <CFBundleVersion> and <CFBundleShortVersionString> in Dots.csproj to $version"
+sed -i '' "s/CFBundleVersion>.*</CFBundleVersion>$version</g" Dots.csproj
+sed -i '' "s/CFBundleShortVersionString>.*</CFBundleShortVersionString>$version</g" Dots.csproj
+
 
 dotnet restore
 echo "Building Dots for macOS arm64"
@@ -13,6 +17,37 @@ cp -Rf bin/Release/net8.0-macos/osx-arm64/Dots.app/Contents/MacOS bin/Release/ne
 cp -Rf bin/Release/net8.0-macos/osx-arm64/Dots.app/Contents/MonoBundle bin/Release/net8.0-macos/osx-arm64/publish/Dots.app/Contents
 cp bin/Release/net8.0-macos/osx-arm64/Dots.app/Contents/PkgInfo bin/Release/net8.0-macos/osx-arm64/publish/Dots.app/Contents/
 
+echo "codesign Dots for macOS arm64"
+APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-arm64/publish/Dots.app"
+ENTITLEMENTS="/Users/runner/work/Dots/Dots/scripts/Dots.entitlements"
+
+echo "[INFO]______________[INFO] Signing app files"
+find "$APP_NAME/Contents/MacOS/"|while read fname; do
+    if [[ -f $fname ]]; then
+        echo "[INFO]______________[INFO] Signing $fname"
+        codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$fname"
+    fi
+done
+
+echo "[INFO]______________[INFO] Signing all files in APP_NAME/Contents/MonoBundle"
+find "$APP_NAME/Contents/MonoBundle/"|while read fname; do
+    if [[ -f $fname ]]; then
+        echo "[INFO]______________[INFO] Signing $fname"
+        codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$fname"
+    fi
+done
+
+echo "[INFO]______________[INFO] Signing app file"
+
+codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$APP_NAME"
+
+echo "dittoing Dots for macOS arm64"
+cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-arm64/publish
+macosarm64file=$(echo Dots-$version-macos-arm64.zip)
+ditto -c -k --sequesterRsrc --keepParent Dots.app $macosarm64file
+xcrun notarytool submit $macosarm64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose --wait
+
+cd /Users/runner/work/Dots/Dots/src/
 echo "Building Dots for macOS x64"
 dotnet msbuild -t:BundleApp -property:Configuration=Release -p:UseAppHost=true -p:RuntimeIdentifier=osx-x64
 
@@ -23,12 +58,35 @@ cp -Rf bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/MacOS bin/Release/net8
 cp -Rf bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/MonoBundle bin/Release/net8.0-macos/osx-x64/publish/Dots.app/Contents
 cp bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/PkgInfo bin/Release/net8.0-macos/osx-x64/publish/Dots.app/Contents/
 
+echo "codesign Dots for macOS x64"
+APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish/Dots.app"
+ENTITLEMENTS="/Users/runner/work/Dots/Dots/scripts/Dots.entitlements"
+
+echo "[INFO]______________[INFO] Signing app files"
+find "$APP_NAME/Contents/MacOS/"|while read fname; do
+    if [[ -f $fname ]]; then
+        echo "[INFO]______________[INFO] Signing $fname"
+        codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$fname"
+    fi
+done
+
+echo "[INFO]______________[INFO] Signing all files in APP_NAME/Contents/MonoBundle"
+find "$APP_NAME/Contents/MonoBundle/"|while read fname; do
+    if [[ -f $fname ]]; then
+        echo "[INFO]______________[INFO] Signing $fname"
+        codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$fname"
+    fi
+done
+
+echo "[INFO]______________[INFO] Signing app file"
+
+codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$APP_NAME"
+
 echo "dittoing Dots for macOS x64"
 cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish
 macosx64file=$(echo Dots-$version-macos-x64.zip)
 ditto -c -k --sequesterRsrc --keepParent Dots.app $macosx64file
+xcrun notarytool submit $macosx64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose --wait
+
+
 
-echo "dittoing Dots for macOS arm64"
-cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-arm64/publish
-macosarm64file=$(echo Dots-$version-macos-arm64.zip)
-ditto -c -k --sequesterRsrc --keepParent Dots.app $macosarm64file

scripts/build-windows.sh

@@ -1,7 +1,10 @@
 cd ..
 version=$(cat version.txt)
-
 cd src
+echo "setting <Version> in Dots.csproj to $version"
+sed -i '' "s/Version>.*</Version>$version</g" Dots.csproj
+
+
 dotnet restore
 
 echo "Building Dots for Windows x64"

src/Dots.csproj

@@ -12,6 +12,7 @@
     <TargetFramework>net8.0</TargetFramework>
     <OutputType>WinExe</OutputType>
     <ApplicationIcon>Assets/appicon.ico</ApplicationIcon>
+    <Version>2.0.0</Version>
   </PropertyGroup>
 
   <PropertyGroup Condition="$([MSBuild]::IsOSPlatform('Windows')) and '$(Configuration)' == 'Release'">

version.txt

@@ -1 +1 @@
-2.0.0
+2.0.2