[16776] | 1 | #!/bin/bash
|
---|
| 2 |
|
---|
[17487] | 3 | ## Expected environment, passed from GitHub secrets:
|
---|
| 4 | # https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
|
---|
| 5 | # APPLE_ID_PW Password for the Apple ID
|
---|
| 6 | # CERT_MACOS_P12 Certificate used for code signing, base64 encoded
|
---|
| 7 | # CERT_MACOS_PW Password for that certificate
|
---|
| 8 |
|
---|
[16776] | 9 | set -Eeou pipefail
|
---|
| 10 |
|
---|
| 11 | # Don't show one time passwords
|
---|
| 12 | set +x
|
---|
| 13 |
|
---|
[17487] | 14 | APPLE_ID="thomas.skowron@fossgis.de"
|
---|
[16776] | 15 | IMPORT_AND_UNLOCK_KEYCHAIN=${IMPORT_AND_UNLOCK_KEYCHAIN:-1}
|
---|
| 16 |
|
---|
| 17 | if [ -z "${1-}" ]
|
---|
| 18 | then
|
---|
| 19 | echo "Usage: $0 josm_revision"
|
---|
| 20 | exit 1
|
---|
| 21 | fi
|
---|
| 22 |
|
---|
| 23 | echo "Building JOSM.app"
|
---|
| 24 |
|
---|
[17239] | 25 | mkdir app
|
---|
[16776] | 26 |
|
---|
[17487] | 27 | if [ -z "$CERT_MACOS_P12" ] || [ -z "$CERT_MACOS_PW" ] || [ -z "$APPLE_ID_PW" ]
|
---|
| 28 | then
|
---|
| 29 | echo "CERT_MACOS_P12, CERT_MACOS_PW and APPLE_ID_PW are not set in the environment."
|
---|
| 30 | echo "I will create a JOSM.app but I won't attempt to sign and notarize it."
|
---|
| 31 | SIGNAPP=false
|
---|
| 32 | else
|
---|
[16776] | 33 | echo "Preparing certificates/keychain for signing…"
|
---|
| 34 |
|
---|
| 35 | KEYCHAIN=build.keychain
|
---|
[17373] | 36 | KEYCHAINPATH=~/Library/Keychains/$KEYCHAIN-db
|
---|
[17487] | 37 | KEYCHAIN_PW=$(head /dev/urandom | base64 | head -c 20)
|
---|
[16776] | 38 | CERTIFICATE_P12=certificate.p12
|
---|
| 39 |
|
---|
[17487] | 40 | echo "$CERT_MACOS_P12" | base64 --decode > $CERTIFICATE_P12
|
---|
| 41 | security create-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
|
---|
[16776] | 42 | security default-keychain -s $KEYCHAIN
|
---|
[17487] | 43 | security unlock-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
|
---|
| 44 | security import $CERTIFICATE_P12 -k $KEYCHAIN -P "$CERT_MACOS_PW" -T /usr/bin/codesign
|
---|
| 45 | security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" $KEYCHAIN
|
---|
[16776] | 46 | rm $CERTIFICATE_P12
|
---|
[17487] | 47 | SIGNAPP=true
|
---|
[16776] | 48 | echo "Signing preparation done."
|
---|
| 49 | fi
|
---|
| 50 |
|
---|
[17487] | 51 | if $SIGNAPP; then
|
---|
| 52 | JPACKAGEOPTIONS="--mac-sign --mac-signing-keychain $KEYCHAINPATH"
|
---|
| 53 | else
|
---|
| 54 | JPACKAGEOPTIONS=""
|
---|
| 55 | fi
|
---|
| 56 |
|
---|
[17373] | 57 | echo "Building and signin app"
|
---|
[17487] | 58 | jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \
|
---|
[17373] | 59 | --main-class org.openstreetmap.josm.gui.MainApplication \
|
---|
| 60 | --icon ./native/macosx/JOSM.icns --type app-image --dest app \
|
---|
[17546] | 61 | --java-options "--add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED" \
|
---|
| 62 | --java-options "--add-exports=java.desktop/com.sun.imageio.plugins.jpeg=ALL-UNNAMED" \
|
---|
| 63 | --java-options "--add-exports=java.desktop/com.sun.imageio.spi=ALL-UNNAMED" \
|
---|
| 64 | --java-options "--add-opens=java.base/java.lang=ALL-UNNAMED" \
|
---|
| 65 | --java-options "--add-opens=java.base/java.nio=ALL-UNNAMED" \
|
---|
| 66 | --java-options "--add-opens=java.base/jdk.internal.loader=ALL-UNNAMED" \
|
---|
| 67 | --java-options "--add-opens=java.base/jdk.internal.ref=ALL-UNNAMED" \
|
---|
| 68 | --java-options "--add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED" \
|
---|
| 69 | --java-options "--add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED" \
|
---|
| 70 | --java-options "--add-opens=java.prefs/java.util.prefs=ALL-UNNAMED" \
|
---|
[17487] | 71 | --app-version "$1" \
|
---|
[17373] | 72 | --copyright "JOSM, and all its integral parts, are released under the GNU General Public License v2 or later" \
|
---|
| 73 | --vendor "https://josm.openstreetmap.de" \
|
---|
| 74 | --mac-sign \
|
---|
| 75 | --mac-package-identifier de.openstreetmap.josm \
|
---|
| 76 | --mac-package-signing-prefix de.openstreetmap.josm \
|
---|
| 77 | --mac-signing-keychain $KEYCHAINPATH \
|
---|
| 78 | --file-associations native/macosx/bz2.properties \
|
---|
| 79 | --file-associations native/macosx/geojson.properties \
|
---|
| 80 | --file-associations native/macosx/gpx.properties \
|
---|
| 81 | --file-associations native/macosx/gz.properties \
|
---|
| 82 | --file-associations native/macosx/jos.properties \
|
---|
| 83 | --file-associations native/macosx/joz.properties \
|
---|
| 84 | --file-associations native/macosx/osm.properties \
|
---|
| 85 | --file-associations native/macosx/zip.properties \
|
---|
| 86 | --add-modules java.base,java.datatransfer,java.desktop,java.logging,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.sql,java.transaction.xa,java.xml,jdk.crypto.ec,jdk.jfr,jdk.jsobject,jdk.unsupported,jdk.unsupported.desktop,jdk.xml.dom
|
---|
[16776] | 87 |
|
---|
[17373] | 88 | echo "Building done."
|
---|
[16776] | 89 |
|
---|
[17487] | 90 | if $SIGNAPP; then
|
---|
| 91 | echo "Preparing for notarization"
|
---|
| 92 | ditto -c -k --zlibCompressionLevel 9 --keepParent app/JOSM.app app/JOSM.zip
|
---|
[16776] | 93 |
|
---|
[17487] | 94 | echo "Uploading to Apple"
|
---|
| 95 | xcrun altool --notarize-app -f app/JOSM.zip -p "$APPLE_ID_PW" -u "$APPLE_ID" --primary-bundle-id de.openstreetmap.josm
|
---|
[17711] | 96 | fi
|
---|