publish-macos.sh (3888B)
1 #!/bin/bash 2 set -euo pipefail 3 4 REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" 5 SECRETS="$REPO_ROOT/.asc/secrets.sh" 6 7 if [[ ! -f "$SECRETS" ]]; then 8 echo "Error: $SECRETS not found. See Scripts/secrets.sh.example for the required format." 9 exit 1 10 fi 11 12 source "$SECRETS" 13 14 APP_ID="6759801710" 15 SCHEME="Listless macOS" 16 ARCHIVE_PATH="/tmp/Listless-mac-latest.xcarchive" 17 EXPORT_PATH="/tmp/Listless-mac-export" 18 EXPORT_PLIST="/tmp/Listless-mac-ExportOptions.plist" 19 PKG_PATH="$EXPORT_PATH/Listless.pkg" 20 SIGNING_DIR="$REPO_ROOT/.asc/macos-signing" 21 DEV_P12="$REPO_ROOT/.asc/dev.p12" 22 APP_P12="$SIGNING_DIR/app-headless.p12" 23 INSTALLER_P12="$SIGNING_DIR/installer-headless.p12" 24 TMP_KEYCHAIN="$REPO_ROOT/.asc/build.keychain-db" 25 26 cd "$REPO_ROOT" 27 28 if ! git diff --quiet || ! git diff --cached --quiet; then 29 echo "Error: Git repository is dirty. Commit or stash changes before publishing." 30 exit 1 31 fi 32 33 echo "==> Setting up temporary keychain..." 34 security delete-keychain "$TMP_KEYCHAIN" 2>/dev/null || true 35 security create-keychain -p "$TMP_KEYCHAIN_PASS" "$TMP_KEYCHAIN" 36 security unlock-keychain -p "$TMP_KEYCHAIN_PASS" "$TMP_KEYCHAIN" 37 security set-keychain-settings -lut 21600 "$TMP_KEYCHAIN" 38 security import "$DEV_P12" -k "$TMP_KEYCHAIN" -P "$DEV_P12_PASS" \ 39 -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 40 security import "$APP_P12" -k "$TMP_KEYCHAIN" -P "$DIST_P12_PASS" \ 41 -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 42 security import "$INSTALLER_P12" -k "$TMP_KEYCHAIN" -P "$DIST_P12_PASS" \ 43 -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 44 security set-key-partition-list -S apple-tool:,apple:,codesign:,productbuild: \ 45 -s -k "$TMP_KEYCHAIN_PASS" "$TMP_KEYCHAIN" 46 security list-keychains -d user -s "$TMP_KEYCHAIN" ~/Library/Keychains/login.keychain-db 47 48 cleanup_keychain() { 49 echo "==> Restoring keychain search list..." 50 security list-keychains -d user -s ~/Library/Keychains/login.keychain-db 51 security default-keychain -d user -s ~/Library/Keychains/login.keychain-db 52 security delete-keychain "$TMP_KEYCHAIN" 2>/dev/null || true 53 } 54 trap cleanup_keychain EXIT 55 56 echo "==> Archiving $SCHEME..." 57 xcodebuild \ 58 -scheme "$SCHEME" \ 59 -project Listless.xcodeproj \ 60 -configuration Release \ 61 -destination 'generic/platform=macOS' \ 62 -archivePath "$ARCHIVE_PATH" \ 63 archive 64 65 echo "==> Writing export options..." 66 cat > "$EXPORT_PLIST" <<PLIST 67 <?xml version="1.0" encoding="UTF-8"?> 68 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" 69 "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 70 <plist version="1.0"> 71 <dict> 72 <key>method</key> 73 <string>app-store-connect</string> 74 <key>signingStyle</key> 75 <string>manual</string> 76 <key>teamID</key> 77 <string>$TEAM_ID</string> 78 <key>signingCertificate</key> 79 <string>3rd Party Mac Developer Application</string> 80 <key>installerSigningCertificate</key> 81 <string>3rd Party Mac Developer Installer</string> 82 <key>provisioningProfiles</key> 83 <dict> 84 <key>net.inqk.listless</key> 85 <string>Listless macOS Distribution</string> 86 </dict> 87 <key>destination</key> 88 <string>export</string> 89 <key>stripSwiftSymbols</key> 90 <true/> 91 <key>manageAppVersionAndBuildNumber</key> 92 <false/> 93 </dict> 94 </plist> 95 PLIST 96 97 echo "==> Exporting PKG..." 98 xcodebuild \ 99 -exportArchive \ 100 -archivePath "$ARCHIVE_PATH" \ 101 -exportPath "$EXPORT_PATH" \ 102 -exportOptionsPlist "$EXPORT_PLIST" 103 104 echo "==> Uploading to App Store Connect..." 105 mkdir -p "$REPO_ROOT/private_keys" 106 cp "$REPO_ROOT/.asc/AuthKey_${KEY_ID}.p8" "$REPO_ROOT/private_keys/" 107 xcrun iTMSTransporter \ 108 -m upload \ 109 -assetFile "$PKG_PATH" \ 110 -apiKey "$KEY_ID" \ 111 -apiIssuer "$ISSUER_ID" \ 112 -v informational 113 rm -f "$REPO_ROOT/private_keys/AuthKey_${KEY_ID}.p8" 114 rmdir "$REPO_ROOT/private_keys" 2>/dev/null || true 115 116 echo "==> Done!"