-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrelease.sh
More file actions
executable file
·248 lines (222 loc) · 9.29 KB
/
Copy pathrelease.sh
File metadata and controls
executable file
·248 lines (222 loc) · 9.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
#!/bin/bash
# Full release pipeline for Uncommitted.
#
# Usage:
# ./release.sh 0.5.0 # build, sign, notarize, GitHub release
# ./release.sh 0.5.0 --dry-run # build only, ad-hoc sign, no upload
#
# Prerequisites:
# - .env.local with UNCOMMITTED_SIGN_IDENTITY and
# UNCOMMITTED_NOTARY_KEYCHAIN_PROFILE (see .env.example)
# - `gh` CLI authenticated for thimo/uncommitted
# - Sparkle EdDSA key in Keychain (via generate_keys, one-time)
#
# Without .env.local the script falls back to ad-hoc signing — useful
# for testing the build pipeline before the Apple Developer cert lands.
set -euo pipefail
cd "$(dirname "$0")"
# ---------------------------------------------------------------------------
# Args
# ---------------------------------------------------------------------------
VERSION="${1:-}"
if [ -z "$VERSION" ]; then
echo "Usage: $0 <version> e.g. $0 0.5.0" >&2
exit 1
fi
DRY_RUN=false
for arg in "$@"; do
[ "$arg" = "--dry-run" ] && DRY_RUN=true
done
# ---------------------------------------------------------------------------
# Load signing credentials (optional — graceful fallback)
# ---------------------------------------------------------------------------
SIGN_IDENTITY=""
NOTARY_PROFILE=""
if [ -f .env.local ]; then
# shellcheck disable=SC1091
set -a; source .env.local; set +a
SIGN_IDENTITY="${UNCOMMITTED_SIGN_IDENTITY:-}"
NOTARY_PROFILE="${UNCOMMITTED_NOTARY_KEYCHAIN_PROFILE:-}"
fi
if [ -n "$SIGN_IDENTITY" ]; then
echo "==> Signing identity: $SIGN_IDENTITY"
else
echo "==> No UNCOMMITTED_SIGN_IDENTITY — ad-hoc signing only."
fi
# ---------------------------------------------------------------------------
# Version bump in Info.plist
# ---------------------------------------------------------------------------
# CFBundleVersion = monotonically increasing build number from git.
# Sparkle uses this (not CFBundleShortVersionString) for comparisons.
BUILD_NUMBER=$(git rev-list --count HEAD)
echo "==> Version $VERSION (build $BUILD_NUMBER)"
/usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString $VERSION" Resources/Info.plist
/usr/libexec/PlistBuddy -c "Set :CFBundleVersion $BUILD_NUMBER" Resources/Info.plist
# ---------------------------------------------------------------------------
# Build universal binary (separate arches + lipo)
# ---------------------------------------------------------------------------
echo "==> Building arm64"
swift build -c release --arch arm64
echo "==> Building x86_64"
swift build -c release --arch x86_64
echo "==> Creating universal binary"
mkdir -p build
lipo -create -output build/uncommitted-universal \
.build/arm64-apple-macosx/release/uncommitted \
.build/x86_64-apple-macosx/release/uncommitted
lipo -info build/uncommitted-universal
# ---------------------------------------------------------------------------
# Render icon
# ---------------------------------------------------------------------------
echo "==> Rendering icon"
swift Resources/make-icon.swift build/Uncommitted.iconset >/dev/null
iconutil -c icns build/Uncommitted.iconset -o build/Uncommitted.icns
# ---------------------------------------------------------------------------
# Assemble .app bundle
# ---------------------------------------------------------------------------
APP="build/Uncommitted.app"
echo "==> Assembling $APP"
rm -rf "$APP"
mkdir -p "$APP/Contents/MacOS" "$APP/Contents/Resources"
cp build/uncommitted-universal "$APP/Contents/MacOS/uncommitted"
install_name_tool -add_rpath @executable_path/../Frameworks \
"$APP/Contents/MacOS/uncommitted" 2>/dev/null || true
cp Resources/Info.plist "$APP/Contents/Info.plist"
cp build/Uncommitted.icns "$APP/Contents/Resources/Uncommitted.icns"
printf "APPL????" > "$APP/Contents/PkgInfo"
# SPM resource bundles (use arm64 build — identical across arches).
SPM_BUNDLE=".build/arm64-apple-macosx/release/Uncommitted_Uncommitted.bundle"
if [ -d "$SPM_BUNDLE" ]; then
cp -R "$SPM_BUNDLE" "$APP/Contents/Resources/"
fi
# Sparkle framework (from SPM binary artifact — lives inside an xcframework).
SPARKLE_FW=".build/artifacts/sparkle/Sparkle/Sparkle.xcframework/macos-arm64_x86_64/Sparkle.framework"
if [ -d "$SPARKLE_FW" ]; then
echo "==> Embedding Sparkle framework"
mkdir -p "$APP/Contents/Frameworks"
cp -R "$SPARKLE_FW" "$APP/Contents/Frameworks/"
fi
# ---------------------------------------------------------------------------
# Code signing
# ---------------------------------------------------------------------------
if [ -n "$SIGN_IDENTITY" ]; then
echo "==> Signing with Developer ID (hardened runtime + timestamp)"
codesign --force --deep \
--sign "$SIGN_IDENTITY" \
--entitlements Resources/Uncommitted.entitlements \
--options runtime \
--timestamp \
"$APP"
else
echo "==> Ad-hoc signing"
codesign --force --deep --sign - "$APP"
fi
codesign --verify --verbose "$APP" 2>&1 | head -5
# ---------------------------------------------------------------------------
# Zip for distribution (ditto preserves code sig + extended attrs)
# ---------------------------------------------------------------------------
ZIP_NAME="Uncommitted-${VERSION}.zip"
ZIP_PATH="build/$ZIP_NAME"
echo "==> Creating $ZIP_PATH"
rm -f "$ZIP_PATH"
(cd build && ditto -c -k --keepParent Uncommitted.app "$ZIP_NAME")
# ---------------------------------------------------------------------------
# Notarize + staple (gated)
# ---------------------------------------------------------------------------
if [ -n "$SIGN_IDENTITY" ] && [ -n "$NOTARY_PROFILE" ] && [ "$DRY_RUN" = false ]; then
echo "==> Submitting to notarytool…"
xcrun notarytool submit "$ZIP_PATH" \
--keychain-profile "$NOTARY_PROFILE" \
--wait
echo "==> Stapling ticket"
xcrun stapler staple "$APP"
# Re-zip with the stapled ticket included.
echo "==> Re-zipping with stapled ticket"
rm -f "$ZIP_PATH"
(cd build && ditto -c -k --keepParent Uncommitted.app "$ZIP_NAME")
echo "==> Gatekeeper check"
spctl --assess --type execute --verbose "$APP" 2>&1 || true
fi
# ---------------------------------------------------------------------------
# Sparkle appcast
# ---------------------------------------------------------------------------
SPARKLE_BIN=".build/artifacts/sparkle/Sparkle/bin"
if [ -x "$SPARKLE_BIN/generate_appcast" ] && [ "$DRY_RUN" = false ]; then
echo "==> Generating appcast.xml"
"$SPARKLE_BIN/generate_appcast" \
--download-url-prefix "https://github.com/thimo/uncommitted/releases/download/v${VERSION}/" \
--link "https://github.com/thimo/uncommitted/releases/tag/v${VERSION}" \
--maximum-deltas 0 \
build/
if [ -f build/appcast.xml ]; then
# generate_appcast applies --download-url-prefix to every item, including
# historical zips in build/, so each old item's enclosure ends up pointing
# at this release's tag (e.g. v0.7.1/Uncommitted-0.6.2.zip — 404). Rewrite
# each Uncommitted-<v>.zip URL so the tag in the path matches the
# version in the filename.
sed -E -i '' 's|/releases/download/v[^/]+/Uncommitted-([^"]+)\.zip|/releases/download/v\1/Uncommitted-\1.zip|g' build/appcast.xml
cp build/appcast.xml appcast.xml
echo " appcast.xml updated in repo root."
fi
else
echo " Skipping appcast — generate_appcast not found or --dry-run."
fi
# ---------------------------------------------------------------------------
# GitHub release
# ---------------------------------------------------------------------------
if [ "$DRY_RUN" = true ]; then
echo
echo "Done (dry run). Artifact: $ZIP_PATH"
exit 0
fi
if command -v gh &>/dev/null; then
TAG="v${VERSION}"
echo "==> Creating GitHub release $TAG"
# Extract the entry for this version from CHANGELOG.md as the release
# body, so users see curated user-facing notes (also picked up by
# Sparkle's update prompt via the appcast). Falls back to
# `--generate-notes` if the changelog has no entry yet.
NOTES_FILE=""
if [ -f CHANGELOG.md ]; then
NOTES_FILE=$(mktemp -t "uncommitted-${VERSION}-notes.XXXXXX.md")
awk -v v="${VERSION}" '
$0 ~ "^## v" v "( |$)" { found = 1; next }
found && /^## v/ { exit }
found { print }
' CHANGELOG.md > "$NOTES_FILE"
if [ ! -s "$NOTES_FILE" ]; then
rm -f "$NOTES_FILE"
NOTES_FILE=""
fi
fi
if git rev-parse "$TAG" &>/dev/null; then
echo " Tag exists — uploading to existing release."
gh release upload "$TAG" "$ZIP_PATH" --clobber
if [ -n "$NOTES_FILE" ]; then
gh release edit "$TAG" --notes-file "$NOTES_FILE"
fi
elif [ -n "$NOTES_FILE" ]; then
gh release create "$TAG" "$ZIP_PATH" \
--title "Uncommitted ${VERSION}" \
--notes-file "$NOTES_FILE"
else
gh release create "$TAG" "$ZIP_PATH" \
--title "Uncommitted ${VERSION}" \
--generate-notes
fi
[ -n "$NOTES_FILE" ] && rm -f "$NOTES_FILE"
echo " https://github.com/thimo/uncommitted/releases/tag/$TAG"
else
echo " gh CLI not found — upload $ZIP_PATH manually."
fi
# ---------------------------------------------------------------------------
# Commit version bump + appcast
# ---------------------------------------------------------------------------
if ! git diff --quiet Resources/Info.plist appcast.xml 2>/dev/null; then
git add Resources/Info.plist
[ -f appcast.xml ] && git add appcast.xml
git commit -m "Release v${VERSION}"
echo "==> Committed. Push to main when ready."
fi
echo
echo "Done. Uncommitted ${VERSION} at $ZIP_PATH"