1+ #! /bin/bash
2+
3+ # Set default log level if not provided
4+ LOG_LEVEL=${LOG_LEVEL:- " normal"
5+
6+ # Function to log based on level
7+ log () {
8+ local level=$1
9+ local message=$2
10+
11+ case " $LOG_LEVEL " in
12+ " minimal"
13+ # Only show essential or error messages
14+ if [ " $level " = " essential" || [ " $level " = " error" ; then
15+ echo " $message "
16+ fi
17+ ;;
18+ " none"
19+ # Show nothing except errors
20+ if [ " $level " = " error" ; then
21+ echo " $message " >&2
22+ fi
23+ ;;
24+ * )
25+ # Normal logging - show everything
26+ echo " $message "
27+ ;;
28+ esac
29+ }
30+
31+ # Check required environment variables
32+ required_vars=(
33+ " CERT_APPLICATION_NAME"
34+ " CERT_INSTALLER_NAME"
35+ " APPLE_ID"
36+ " TEAM_ID"
37+ " APP_SPECIFIC_PASSWORD"
38+ )
39+
40+ for var in " ${required_vars[@]} " ; do
41+ if [ -z " ${! var} " ; then
42+ log " error" " Error: $var is not set"
43+ exit 1
44+ fi
45+ done
46+
47+ # Get VERSION from environment or use default
48+ VERSION=${VERSION:- " 0.1.0"
49+
50+ # Move to the project root directory
51+ pushd ../../ > /dev/null
52+
53+ # Ensure .release directory exists and is clean
54+ mkdir -p .release
55+ log " normal" " Ensuring .release directory exists and is accessible"
56+
57+ # Build the release version
58+ log " essential" " Building release version..."
59+ swift build -c release --product lume > /dev/null
60+
61+ # Sign the binary with hardened runtime entitlements
62+ log " essential" " Signing binary with entitlements..."
63+ codesign --force --options runtime \
64+ --entitlement ./resources/lume.entitlements \
65+ --sign " $CERT_APPLICATION_NAME "
66+ .build/release/lume 2> /dev/null
67+
68+ # Create a temporary directory for packaging
69+ TEMP_ROOT=$( mktemp -d)
70+ mkdir -p " $TEMP_ROOT /usr/local/bin"
71+ cp -f .build/release/lume " $TEMP_ROOT /usr/local/bin/"
72+
73+ # Build the installer package
74+ log " essential" " Building installer package..."
75+ pkgbuild --root " $TEMP_ROOT "
76+ --identifier " com.trycua.lume"
77+ --version " 1.0"
78+ --install-location " /"
79+ --sign " $CERT_INSTALLER_NAME "
80+ ./.release/lume.pkg 2> /dev/null
81+
82+ # Submit for notarization using stored credentials
83+ log " essential" " Submitting for notarization..."
84+ if [ " $LOG_LEVEL " = " minimal" || [ " $LOG_LEVEL " = " none" ; then
85+ # Minimal output - capture ID but hide details
86+ NOTARY_OUTPUT=$( xcrun notarytool submit ./.release/lume.pkg \
87+ --apple-id " ${APPLE_ID} "
88+ --team-id " ${TEAM_ID} "
89+ --password " ${APP_SPECIFIC_PASSWORD} "
90+ --wait 2>&1 )
91+
92+ # Just show success or failure
93+ if echo " $NOTARY_OUTPUT " | grep -q " status: Accepted" ; then
94+ log " essential" " Notarization successful!"
95+ else
96+ log " error" " Notarization failed. Please check logs."
97+ fi
98+ else
99+ # Normal verbose output
100+ xcrun notarytool submit ./.release/lume.pkg \
101+ --apple-id " ${APPLE_ID} "
102+ --team-id " ${TEAM_ID} "
103+ --password " ${APP_SPECIFIC_PASSWORD} "
104+ --wait
105+ fi
106+
107+ # Staple the notarization ticket
108+ log " essential" " Stapling notarization ticket..."
109+ xcrun stapler staple ./.release/lume.pkg > /dev/null 2>&1
110+
111+ # Create temporary directory for package extraction
112+ EXTRACT_ROOT=$( mktemp -d)
113+ PKG_PATH=" $( pwd) "
114+
115+ # Extract the pkg using xar
116+ cd " $EXTRACT_ROOT "
117+ xar -xf " $PKG_PATH " > /dev/null 2>&1
118+
119+ # Verify Payload exists before proceeding
120+ if [ ! -f " Payload" ; then
121+ log " error" " Error: Payload file not found after xar extraction"
122+ exit 1
123+ fi
124+
125+ # Create a directory for the extracted contents
126+ mkdir -p extracted
127+ cd extracted
128+
129+ # Extract the Payload
130+ cat ../Payload | gunzip -dc | cpio -i > /dev/null 2>&1
131+
132+ # Verify the binary exists
133+ if [ ! -f " usr/local/bin/lume" ; then
134+ log " error" " Error: lume binary not found in expected location"
135+ exit 1
136+ fi
137+
138+ # Get the release directory absolute path
139+ RELEASE_DIR=" $( realpath " $( dirname " $PKG_PATH " ) " ) "
140+ log " normal" " Using release directory: $RELEASE_DIR "
141+
142+ # Copy extracted lume to the release directory
143+ cp -f usr/local/bin/lume " $RELEASE_DIR /lume"
144+
145+ # Create symbolic link in /usr/local/bin if not in minimal mode
146+ if [ " $LOG_LEVEL " != " minimal" && [ " $LOG_LEVEL " != " none" ; then
147+ log " normal" " Creating symbolic link..."
148+ sudo ln -sf " $RELEASE_DIR /lume"
149+ fi
150+
151+ # Get architecture and create OS identifier
152+ ARCH=$( uname -m)
153+ OS_IDENTIFIER=" darwin-${ARCH} "
154+
155+ # Create versioned archives of the package with OS identifier in the name
156+ log " essential" " Creating archives in $RELEASE_DIR ..."
157+ cd " $RELEASE_DIR "
158+
159+ # Clean up any existing artifacts first to avoid conflicts
160+ rm -f lume-* .tar.gz lume-* .pkg.tar.gz
161+
162+ # Create version-specific archives
163+ log " essential" " Creating version-specific archives (${VERSION} )..."
164+ # Package the binary
165+ tar -czf " lume-${VERSION} -${OS_IDENTIFIER} .tar.gz" > /dev/null 2>&1
166+ # Package the installer
167+ tar -czf " lume-${VERSION} -${OS_IDENTIFIER} .pkg.tar.gz" > /dev/null 2>&1
168+
169+ # Create sha256 checksum file
170+ log " essential" " Generating checksums..."
171+ shasum -a 256 lume-* .tar.gz > checksums.txt
172+ log " essential" " Package created successfully with checksums generated."
173+
174+ # Show what's in the release directory
175+ log " essential" " Files in release directory:"
176+ ls -la " $RELEASE_DIR "
177+
178+ # Ensure correct permissions
179+ chmod 644 " $RELEASE_DIR " * .tar.gz " $RELEASE_DIR " * .pkg.tar.gz " $RELEASE_DIR "
180+
181+ popd > /dev/null
182+
183+ # Clean up
184+ rm -rf " $TEMP_ROOT "
185+ rm -rf " $EXTRACT_ROOT "
186+
187+ log " essential" " Build and packaging completed successfully."
0 commit comments