From 1f9f316e2e5b91112704ae12184d86c7bcc5d70c Mon Sep 17 00:00:00 2001 From: nor0x Date: Thu, 1 Feb 2024 11:13:47 +0100 Subject: [PATCH 1/8] =?UTF-8?q?codesign=20+=20notarization=20=E2=9C=8D?= =?UTF-8?q?=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit #25 and #26 --- .github/workflows/release.yml | 6 +++ scripts/Dots.entitlements | 10 +++++ scripts/build-macos.sh | 74 +++++++++++++++++++++++++++++++++-- version.txt | 2 +- 4 files changed, 87 insertions(+), 5 deletions(-) create mode 100644 scripts/Dots.entitlements diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2c9a696..c8e5b42 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,12 @@ on: tags: - '*' +env: + APPLE_ID: ${{ secrets.APPLE_ID }} + TEAM_ID: ${{ secrets.TEAM_ID }} + APP_SPECIFIC_PWD: ${{ secrets.APP_SPECIFIC_PWD }} + SIGNING_IDENTITY: ${{ secrets.SIGNING_IDENTITY }} + jobs: build-macos: runs-on: macos-14 diff --git a/scripts/Dots.entitlements b/scripts/Dots.entitlements new file mode 100644 index 0000000..384b033 --- /dev/null +++ b/scripts/Dots.entitlements @@ -0,0 +1,10 @@ + + + + + com.apple.security.cs.allow-jit + + com.apple.security.automation.apple-events + + + \ No newline at end of file diff --git a/scripts/build-macos.sh b/scripts/build-macos.sh index c1688dd..1baee53 100644 --- a/scripts/build-macos.sh +++ b/scripts/build-macos.sh @@ -13,6 +13,42 @@ cp -Rf bin/Release/net8.0-macos/osx-arm64/Dots.app/Contents/MacOS bin/Release/ne cp -Rf bin/Release/net8.0-macos/osx-arm64/Dots.app/Contents/MonoBundle bin/Release/net8.0-macos/osx-arm64/publish/Dots.app/Contents cp bin/Release/net8.0-macos/osx-arm64/Dots.app/Contents/PkgInfo bin/Release/net8.0-macos/osx-arm64/publish/Dots.app/Contents/ +echo "codesign Dots for macOS arm64" +APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/ne8.0-macos/osx-arm64/publish/Dots.app" +ENTITLEMENTS="/Users/runner/work/Dots/Dots/scripts/Dots.entitlements" + +echo "[INFO]______________[INFO] Signing app files" +find "$APP_NAME/Contents/MacOS/"|while read fname; do + if [[ -f $fname ]]; then + echo "[INFO]______________[INFO] Signing $fname" + codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$fname" + fi +done + +echo "[INFO]______________[INFO] Signing all files in APP_NAME/Contents/MonoBundle" +find "$APP_NAME/Contents/MonoBundle/"|while read fname; do + if [[ -f $fname ]]; then + echo "[INFO]______________[INFO] Signing $fname" + codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$fname" + fi +done + +echo "[INFO]______________[INFO] Signing app file" + +codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$APP_NAME" + +echo "[INFO]______________dittoing Dots for macOS x64" +cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish +macosx64file=$(echo Dots-$version-macos-x64.zip) +ditto -c -k --sequesterRsrc --keepParent Dots.app $macosx64file + + +echo "dittoing Dots for macOS arm64" +cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-arm64/publish +macosarm64file=$(echo Dots-$version-macos-arm64.zip) +ditto -c -k --sequesterRsrc --keepParent Dots.app $macosarm64file +xcrun notarytool submit $macosarm64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose + echo "Building Dots for macOS x64" dotnet msbuild -t:BundleApp -property:Configuration=Release -p:UseAppHost=true -p:RuntimeIdentifier=osx-x64 @@ -23,12 +59,42 @@ cp -Rf bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/MacOS bin/Release/net8 cp -Rf bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/MonoBundle bin/Release/net8.0-macos/osx-x64/publish/Dots.app/Contents cp bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/PkgInfo bin/Release/net8.0-macos/osx-x64/publish/Dots.app/Contents/ + +echo "codesign Dots for macOS x64" +APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/ne8.0-macos/osx-x64/publish/Dots.app" +ENTITLEMENTS="/Users/runner/work/Dots/Dots/scripts/Dots.entitlements" + +echo "[INFO]______________[INFO] Signing app files" +find "$APP_NAME/Contents/MacOS/"|while read fname; do + if [[ -f $fname ]]; then + echo "[INFO]______________[INFO] Signing $fname" + codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$fname" + fi +done + +echo "[INFO]______________[INFO] Signing all files in APP_NAME/Contents/MonoBundle" +find "$APP_NAME/Contents/MonoBundle/"|while read fname; do + if [[ -f $fname ]]; then + echo "[INFO]______________[INFO] Signing $fname" + codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$fname" + fi +done + +echo "[INFO]______________[INFO] Signing app file" + +codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$APP_NAME" + +echo "[INFO]______________dittoing Dots for macOS x64" +cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish +macosx64file=$(echo Dots-$version-macos-x64.zip) +ditto -c -k --sequesterRsrc --keepParent Dots.app $macosx64file + + echo "dittoing Dots for macOS x64" cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish macosx64file=$(echo Dots-$version-macos-x64.zip) ditto -c -k --sequesterRsrc --keepParent Dots.app $macosx64file +xcrun notarytool submit $macosx64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose + + -echo "dittoing Dots for macOS arm64" -cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-arm64/publish -macosarm64file=$(echo Dots-$version-macos-arm64.zip) -ditto -c -k --sequesterRsrc --keepParent Dots.app $macosarm64file \ No newline at end of file diff --git a/version.txt b/version.txt index 359a5b9..f93ea0c 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -2.0.0 \ No newline at end of file +2.0.2 \ No newline at end of file From c488336161fc8d32e696ddbeaa1a3109053c1d96 Mon Sep 17 00:00:00 2001 From: nor0x Date: Thu, 1 Feb 2024 11:22:42 +0100 Subject: [PATCH 2/8] versions in csproj --- scripts/build-macos.sh | 4 ++++ scripts/build-windows.sh | 6 +++++- src/Dots.csproj | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/build-macos.sh b/scripts/build-macos.sh index 1baee53..ab2e2ce 100644 --- a/scripts/build-macos.sh +++ b/scripts/build-macos.sh @@ -1,6 +1,10 @@ cd .. version=$(cat version.txt) cd /Users/runner/work/Dots/Dots/src/ +echo "setting and in Dots.csproj to $version" +sed -i '' "s/CFBundleVersion>.*$version.*$version in Dots.csproj to $version" +sed -i '' "s/Version>.*$versionnet8.0 WinExe Assets/appicon.ico + 2.0.0 From 1998f736a074945805463158d10f94d96d6ace77 Mon Sep 17 00:00:00 2001 From: nor0x Date: Thu, 1 Feb 2024 11:33:56 +0100 Subject: [PATCH 3/8] =?UTF-8?q?clean=20up=20macos=20build=20script=20?= =?UTF-8?q?=F0=9F=A7=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/build-macos.sh | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/scripts/build-macos.sh b/scripts/build-macos.sh index ab2e2ce..91f322c 100644 --- a/scripts/build-macos.sh +++ b/scripts/build-macos.sh @@ -41,18 +41,13 @@ echo "[INFO]______________[INFO] Signing app file" codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$APP_NAME" -echo "[INFO]______________dittoing Dots for macOS x64" -cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish -macosx64file=$(echo Dots-$version-macos-x64.zip) -ditto -c -k --sequesterRsrc --keepParent Dots.app $macosx64file - - echo "dittoing Dots for macOS arm64" cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-arm64/publish macosarm64file=$(echo Dots-$version-macos-arm64.zip) ditto -c -k --sequesterRsrc --keepParent Dots.app $macosarm64file xcrun notarytool submit $macosarm64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose + echo "Building Dots for macOS x64" dotnet msbuild -t:BundleApp -property:Configuration=Release -p:UseAppHost=true -p:RuntimeIdentifier=osx-x64 @@ -63,7 +58,6 @@ cp -Rf bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/MacOS bin/Release/net8 cp -Rf bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/MonoBundle bin/Release/net8.0-macos/osx-x64/publish/Dots.app/Contents cp bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/PkgInfo bin/Release/net8.0-macos/osx-x64/publish/Dots.app/Contents/ - echo "codesign Dots for macOS x64" APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/ne8.0-macos/osx-x64/publish/Dots.app" ENTITLEMENTS="/Users/runner/work/Dots/Dots/scripts/Dots.entitlements" @@ -88,12 +82,6 @@ echo "[INFO]______________[INFO] Signing app file" codesign --force --timestamp --options=runtime --entitlements "$ENTITLEMENTS" --sign "$SIGNING_IDENTITY" "$APP_NAME" -echo "[INFO]______________dittoing Dots for macOS x64" -cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish -macosx64file=$(echo Dots-$version-macos-x64.zip) -ditto -c -k --sequesterRsrc --keepParent Dots.app $macosx64file - - echo "dittoing Dots for macOS x64" cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish macosx64file=$(echo Dots-$version-macos-x64.zip) From fdb87c358c111a09bc7a96554deb5ade15812285 Mon Sep 17 00:00:00 2001 From: nor0x Date: Thu, 1 Feb 2024 11:43:48 +0100 Subject: [PATCH 4/8] =?UTF-8?q?cd=20=F0=9F=93=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/build-macos.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build-macos.sh b/scripts/build-macos.sh index 91f322c..4e6636c 100644 --- a/scripts/build-macos.sh +++ b/scripts/build-macos.sh @@ -47,7 +47,7 @@ macosarm64file=$(echo Dots-$version-macos-arm64.zip) ditto -c -k --sequesterRsrc --keepParent Dots.app $macosarm64file xcrun notarytool submit $macosarm64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose - +cd /Users/runner/work/Dots/Dots/src/ echo "Building Dots for macOS x64" dotnet msbuild -t:BundleApp -property:Configuration=Release -p:UseAppHost=true -p:RuntimeIdentifier=osx-x64 From d3a41742f6d4903b8d4a86e886fdf7e88ae74332 Mon Sep 17 00:00:00 2001 From: nor0x Date: Thu, 1 Feb 2024 12:16:24 +0100 Subject: [PATCH 5/8] =?UTF-8?q?windows=20folder=20=F0=9F=93=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/build-windows.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/build-windows.sh b/scripts/build-windows.sh index ce68e88..388c46d 100644 --- a/scripts/build-windows.sh +++ b/scripts/build-windows.sh @@ -1,6 +1,5 @@ cd .. version=$(cat version.txt) -cd /Users/runner/work/Dots/Dots/src/ echo "setting in Dots.csproj to $version" sed -i '' "s/Version>.*$version Date: Thu, 1 Feb 2024 12:23:09 +0100 Subject: [PATCH 6/8] log windows dir --- scripts/build-windows.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/build-windows.sh b/scripts/build-windows.sh index 388c46d..253ab26 100644 --- a/scripts/build-windows.sh +++ b/scripts/build-windows.sh @@ -1,4 +1,5 @@ cd .. +ls version=$(cat version.txt) echo "setting in Dots.csproj to $version" From 5ad69062f7771b39e3959ec2f1614aa87b604a88 Mon Sep 17 00:00:00 2001 From: nor0x Date: Thu, 1 Feb 2024 12:24:51 +0100 Subject: [PATCH 7/8] cd src --- scripts/build-windows.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/build-windows.sh b/scripts/build-windows.sh index 253ab26..6028f39 100644 --- a/scripts/build-windows.sh +++ b/scripts/build-windows.sh @@ -1,7 +1,6 @@ cd .. -ls version=$(cat version.txt) - +cd src echo "setting in Dots.csproj to $version" sed -i '' "s/Version>.*$version Date: Thu, 1 Feb 2024 15:52:27 +0100 Subject: [PATCH 8/8] wait for notarization service + typo --- scripts/build-macos.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/build-macos.sh b/scripts/build-macos.sh index 4e6636c..335b021 100644 --- a/scripts/build-macos.sh +++ b/scripts/build-macos.sh @@ -18,7 +18,7 @@ cp -Rf bin/Release/net8.0-macos/osx-arm64/Dots.app/Contents/MonoBundle bin/Relea cp bin/Release/net8.0-macos/osx-arm64/Dots.app/Contents/PkgInfo bin/Release/net8.0-macos/osx-arm64/publish/Dots.app/Contents/ echo "codesign Dots for macOS arm64" -APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/ne8.0-macos/osx-arm64/publish/Dots.app" +APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-arm64/publish/Dots.app" ENTITLEMENTS="/Users/runner/work/Dots/Dots/scripts/Dots.entitlements" echo "[INFO]______________[INFO] Signing app files" @@ -45,7 +45,7 @@ echo "dittoing Dots for macOS arm64" cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-arm64/publish macosarm64file=$(echo Dots-$version-macos-arm64.zip) ditto -c -k --sequesterRsrc --keepParent Dots.app $macosarm64file -xcrun notarytool submit $macosarm64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose +xcrun notarytool submit $macosarm64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose --wait cd /Users/runner/work/Dots/Dots/src/ echo "Building Dots for macOS x64" @@ -59,7 +59,7 @@ cp -Rf bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/MonoBundle bin/Release cp bin/Release/net8.0-macos/osx-x64/Dots.app/Contents/PkgInfo bin/Release/net8.0-macos/osx-x64/publish/Dots.app/Contents/ echo "codesign Dots for macOS x64" -APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/ne8.0-macos/osx-x64/publish/Dots.app" +APP_NAME="/Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish/Dots.app" ENTITLEMENTS="/Users/runner/work/Dots/Dots/scripts/Dots.entitlements" echo "[INFO]______________[INFO] Signing app files" @@ -86,7 +86,7 @@ echo "dittoing Dots for macOS x64" cd /Users/runner/work/Dots/Dots/src/bin/Release/net8.0-macos/osx-x64/publish macosx64file=$(echo Dots-$version-macos-x64.zip) ditto -c -k --sequesterRsrc --keepParent Dots.app $macosx64file -xcrun notarytool submit $macosx64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose +xcrun notarytool submit $macosx64file --apple-id $APPLE_ID --team-id $TEAM_ID --password $APP_SPECIFIC_PWD --verbose --wait