samirpatil2000
217 lines
9.6 KiB
Bash
Executable File
217 lines
9.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# OpenScreen macOS Build Script
|
|
# Produces: release/<version>/OpenScreen-Mac-<arch>-<version>.dmg
|
|
#
|
|
# Usage: chmod +x scripts/build_macos.sh && ./scripts/build_macos.sh
|
|
#
|
|
|
|
set -euo pipefail
|
|
|
|
# ── Load .env ─────────────────────────────────────────────────────────
|
|
PROJECT_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
|
ENV_FILE="${PROJECT_ROOT}/.env"
|
|
|
|
if [ -f "$ENV_FILE" ]; then
|
|
set -a
|
|
source "$ENV_FILE"
|
|
set +a
|
|
else
|
|
echo "ERROR: .env file not found at ${ENV_FILE}"
|
|
echo "Create one with APP_NAME, SIGN_IDENTITY, NOTARY_PROFILE, etc."
|
|
exit 1
|
|
fi
|
|
|
|
# ── Config ────────────────────────────────────────────────────────────
|
|
VERSION=$(node -p "require('${PROJECT_ROOT}/package.json').version")
|
|
RELEASE_DIR="${PROJECT_ROOT}/release/${VERSION}"
|
|
ENTITLEMENTS="${PROJECT_ROOT}/macos.entitlements"
|
|
ARCHS=("arm64" "x64")
|
|
|
|
# ── Colors ────────────────────────────────────────────────────────────
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
CYAN='\033[0;36m'
|
|
NC='\033[0m' # No Color
|
|
BOLD='\033[1m'
|
|
|
|
print_step() { echo -e "\n${CYAN}${BOLD}▸ $1${NC}"; }
|
|
print_ok() { echo -e "${GREEN}✓ $1${NC}"; }
|
|
print_warn() { echo -e "${YELLOW}⚠ $1${NC}"; }
|
|
print_err() { echo -e "${RED}✗ $1${NC}"; }
|
|
|
|
# ── Preflight ─────────────────────────────────────────────────────────
|
|
echo -e "\n${BOLD}╔══════════════════════════════════════════╗${NC}"
|
|
echo -e "${BOLD}║ ${APP_NAME} macOS Build Script v${VERSION} ║${NC}"
|
|
echo -e "${BOLD}╚══════════════════════════════════════════╝${NC}"
|
|
|
|
print_step "Checking prerequisites..."
|
|
|
|
if [[ "$(uname)" != "Darwin" ]]; then
|
|
print_err "This script must be run on macOS."
|
|
exit 1
|
|
fi
|
|
print_ok "Running on macOS ($(uname -m))"
|
|
|
|
if ! command -v node &> /dev/null; then
|
|
print_err "Node.js not found. Please install Node.js first."
|
|
exit 1
|
|
fi
|
|
print_ok "Node.js found: $(node -v)"
|
|
|
|
if ! command -v npm &> /dev/null; then
|
|
print_err "npm not found."
|
|
exit 1
|
|
fi
|
|
print_ok "npm found: $(npm -v)"
|
|
|
|
# Check signing identity
|
|
if ! security find-identity -v -p codesigning | grep -q "$SIGN_IDENTITY"; then
|
|
print_err "Signing identity not found: ${SIGN_IDENTITY}"
|
|
print_err "Run 'security find-identity -v -p codesigning' to see available identities."
|
|
exit 1
|
|
fi
|
|
print_ok "Signing identity found: ${SIGN_IDENTITY}"
|
|
|
|
# Check notary profile
|
|
if ! xcrun notarytool history --keychain-profile "$NOTARY_PROFILE" &> /dev/null; then
|
|
print_err "Notary profile '${NOTARY_PROFILE}' not found in keychain."
|
|
print_err "Run: xcrun notarytool store-credentials \"${NOTARY_PROFILE}\" --apple-id \"${APPLE_ID}\" --team-id \"${TEAM_ID}\""
|
|
exit 1
|
|
fi
|
|
print_ok "Notary profile found: ${NOTARY_PROFILE}"
|
|
|
|
# Check entitlements
|
|
if [ ! -f "$ENTITLEMENTS" ]; then
|
|
print_err "Entitlements file not found: ${ENTITLEMENTS}"
|
|
exit 1
|
|
fi
|
|
print_ok "Entitlements file found"
|
|
|
|
# ── Clean ─────────────────────────────────────────────────────────────
|
|
cd "$PROJECT_ROOT"
|
|
|
|
print_step "Cleaning previous build artifacts..."
|
|
rm -rf dist dist-electron "${RELEASE_DIR}"
|
|
print_ok "Clean complete"
|
|
|
|
# ── Install Dependencies ─────────────────────────────────────────────
|
|
print_step "Installing dependencies..."
|
|
npm ci
|
|
print_ok "Dependencies installed"
|
|
|
|
# ── Build Vite + Electron ────────────────────────────────────────────
|
|
print_step "Building Vite + Electron... (this may take a minute)"
|
|
npx tsc && npx vite build
|
|
print_ok "Vite + Electron build complete"
|
|
|
|
# ── Package, Sign, Notarize per Architecture ─────────────────────────
|
|
for ARCH in "${ARCHS[@]}"; do
|
|
echo ""
|
|
echo -e "${BOLD}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
|
|
echo -e "${BOLD} Building for: ${ARCH}${NC}"
|
|
echo -e "${BOLD}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
|
|
|
|
# ── Package with electron-builder ─────────────────────────────
|
|
print_step "[${ARCH}] Packaging with electron-builder..."
|
|
|
|
# Build .app only (--dir), electron-builder handles codesigning
|
|
# with hardenedRuntime + entitlements from electron-builder.json5
|
|
CSC_NAME="$CSC_NAME" npx electron-builder --mac --${ARCH} --dir
|
|
|
|
# Find the .app bundle
|
|
APP_BUNDLE=$(find "${RELEASE_DIR}" -maxdepth 2 -name "*.app" -type d | grep -i "${ARCH}\|mac" | head -n1)
|
|
if [ -z "$APP_BUNDLE" ]; then
|
|
# Fallback: find any .app in the output
|
|
APP_BUNDLE=$(find "${RELEASE_DIR}" -maxdepth 2 -name "*.app" -type d | head -n1)
|
|
fi
|
|
|
|
if [ -z "$APP_BUNDLE" ]; then
|
|
print_err "[${ARCH}] Could not find .app bundle in ${RELEASE_DIR}"
|
|
exit 1
|
|
fi
|
|
print_ok "[${ARCH}] App bundle: $(basename "$APP_BUNDLE")"
|
|
|
|
# ── Verify codesign on .app ───────────────────────────────────
|
|
print_step "[${ARCH}] Verifying .app code signature..."
|
|
codesign --verify --deep --strict "$APP_BUNDLE" 2>&1 || print_warn "[${ARCH}] Deep verify had warnings (may be expected pre-notarization)"
|
|
print_ok "[${ARCH}] .app signature verified"
|
|
|
|
# ── Create DMG ────────────────────────────────────────────────
|
|
DMG_NAME="${APP_NAME}-Mac-${ARCH}-${VERSION}.dmg"
|
|
DMG_OUTPUT="${RELEASE_DIR}/${DMG_NAME}"
|
|
DMG_STAGING="${RELEASE_DIR}/dmg-staging-${ARCH}"
|
|
|
|
print_step "[${ARCH}] Creating DMG..."
|
|
|
|
rm -f "$DMG_OUTPUT"
|
|
rm -rf "$DMG_STAGING"
|
|
|
|
# Stage: app + Applications shortcut for drag-to-install
|
|
mkdir -p "$DMG_STAGING"
|
|
cp -R "$APP_BUNDLE" "$DMG_STAGING/"
|
|
ln -s /Applications "$DMG_STAGING/Applications"
|
|
|
|
hdiutil create \
|
|
-srcfolder "$DMG_STAGING" \
|
|
-volname "${APP_NAME}" \
|
|
-fs HFS+ \
|
|
-fsargs "-c c=64,a=16,e=16" \
|
|
-format UDBZ \
|
|
"$DMG_OUTPUT"
|
|
|
|
print_ok "[${ARCH}] DMG created: ${DMG_NAME}"
|
|
rm -rf "$DMG_STAGING"
|
|
|
|
# ── Sign DMG ──────────────────────────────────────────────────
|
|
print_step "[${ARCH}] Signing DMG..."
|
|
codesign --force --sign "$SIGN_IDENTITY" --timestamp "$DMG_OUTPUT"
|
|
print_ok "[${ARCH}] DMG signed"
|
|
|
|
# ── Notarize DMG ──────────────────────────────────────────────
|
|
print_step "[${ARCH}] Notarizing DMG with Apple... (this may take several minutes)"
|
|
xcrun notarytool submit "$DMG_OUTPUT" \
|
|
--keychain-profile "$NOTARY_PROFILE" \
|
|
--wait
|
|
print_ok "[${ARCH}] DMG notarized"
|
|
|
|
# ── Staple ────────────────────────────────────────────────────
|
|
print_step "[${ARCH}] Stapling notarization ticket..."
|
|
xcrun stapler staple "$DMG_OUTPUT"
|
|
print_ok "[${ARCH}] Ticket stapled"
|
|
|
|
# ── Validate ──────────────────────────────────────────────────
|
|
print_step "[${ARCH}] Validating stapled DMG..."
|
|
xcrun stapler validate "$DMG_OUTPUT"
|
|
print_ok "[${ARCH}] Validation passed"
|
|
|
|
done
|
|
|
|
# ── Clean up unpacked dirs (keep only DMGs) ───────────────────────────
|
|
print_step "Cleaning up intermediate directories..."
|
|
find "${RELEASE_DIR}" -maxdepth 1 -type d ! -name "$(basename "$RELEASE_DIR")" -exec rm -rf {} + 2>/dev/null || true
|
|
print_ok "Cleanup complete"
|
|
|
|
# ── Done ──────────────────────────────────────────────────────────────
|
|
echo ""
|
|
echo -e "${GREEN}${BOLD}════════════════════════════════════════════${NC}"
|
|
echo -e "${GREEN}${BOLD} Build & Notarization Complete!${NC}"
|
|
echo -e "${GREEN}${BOLD}════════════════════════════════════════════${NC}"
|
|
echo ""
|
|
|
|
for ARCH in "${ARCHS[@]}"; do
|
|
DMG_NAME="${APP_NAME}-Mac-${ARCH}-${VERSION}.dmg"
|
|
DMG_PATH="${RELEASE_DIR}/${DMG_NAME}"
|
|
if [ -f "$DMG_PATH" ]; then
|
|
DMG_SIZE=$(du -h "$DMG_PATH" | cut -f1)
|
|
echo -e " 📦 ${BOLD}${ARCH}:${NC} ${DMG_PATH}"
|
|
echo -e " 📏 ${BOLD}Size:${NC} ${DMG_SIZE}"
|
|
echo ""
|
|
fi
|
|
done
|
|
|
|
echo -e " ${GREEN}All DMGs are fully signed, notarized, and stapled!${NC}"
|
|
echo -e " ${GREEN}Ready for distribution outside the Mac App Store.${NC}"
|
|
echo ""
|