1 | #!/bin/bash
|
---|
2 |
|
---|
3 | ## Expected environment, passed from GitHub secrets:
|
---|
4 | # https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
|
---|
5 | # APPLE_ID_PW Password for the Apple ID
|
---|
6 | # CERT_MACOS_P12 Certificate used for code signing, base64 encoded
|
---|
7 | # CERT_MACOS_PW Password for that certificate
|
---|
8 |
|
---|
9 | set -Eeou pipefail
|
---|
10 |
|
---|
11 | # Don't show one time passwords
|
---|
12 | set +x
|
---|
13 |
|
---|
14 | APPLE_ID="thomas.skowron@fossgis.de"
|
---|
15 | IMPORT_AND_UNLOCK_KEYCHAIN=${IMPORT_AND_UNLOCK_KEYCHAIN:-1}
|
---|
16 |
|
---|
17 | if [ -z "${1-}" ]
|
---|
18 | then
|
---|
19 | echo "Usage: $0 josm_revision"
|
---|
20 | exit 1
|
---|
21 | fi
|
---|
22 |
|
---|
23 | echo "Building JOSM.app"
|
---|
24 |
|
---|
25 | mkdir app
|
---|
26 |
|
---|
27 | if [ -z "$CERT_MACOS_P12" ] || [ -z "$CERT_MACOS_PW" ] || [ -z "$APPLE_ID_PW" ]
|
---|
28 | then
|
---|
29 | echo "CERT_MACOS_P12, CERT_MACOS_PW and APPLE_ID_PW are not set in the environment."
|
---|
30 | echo "I will create a JOSM.app but I won't attempt to sign and notarize it."
|
---|
31 | SIGNAPP=false
|
---|
32 | else
|
---|
33 | echo "Preparing certificates/keychain for signing…"
|
---|
34 |
|
---|
35 | KEYCHAIN=build.keychain
|
---|
36 | KEYCHAINPATH=~/Library/Keychains/$KEYCHAIN-db
|
---|
37 | KEYCHAIN_PW=$(head /dev/urandom | base64 | head -c 20)
|
---|
38 | CERTIFICATE_P12=certificate.p12
|
---|
39 |
|
---|
40 | echo "$CERT_MACOS_P12" | base64 --decode > $CERTIFICATE_P12
|
---|
41 | security create-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
|
---|
42 | security default-keychain -s $KEYCHAIN
|
---|
43 | security unlock-keychain -p "$KEYCHAIN_PW" $KEYCHAIN
|
---|
44 | security import $CERTIFICATE_P12 -k $KEYCHAIN -P "$CERT_MACOS_PW" -T /usr/bin/codesign
|
---|
45 | security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PW" $KEYCHAIN
|
---|
46 | rm $CERTIFICATE_P12
|
---|
47 | SIGNAPP=true
|
---|
48 | echo "Signing preparation done."
|
---|
49 | fi
|
---|
50 |
|
---|
51 | if $SIGNAPP; then
|
---|
52 | JPACKAGEOPTIONS="--mac-sign --mac-signing-keychain $KEYCHAINPATH"
|
---|
53 | else
|
---|
54 | JPACKAGEOPTIONS=""
|
---|
55 | fi
|
---|
56 |
|
---|
57 | echo "Building and signin app"
|
---|
58 | jpackage $JPACKAGEOPTIONS -n "JOSM" --input dist --main-jar josm-custom.jar \
|
---|
59 | --main-class org.openstreetmap.josm.gui.MainApplication \
|
---|
60 | --icon ./native/macosx/JOSM.icns --type app-image --dest app \
|
---|
61 | --java-options "-Xmx8192m" \
|
---|
62 | --app-version "$1" \
|
---|
63 | --copyright "JOSM, and all its integral parts, are released under the GNU General Public License v2 or later" \
|
---|
64 | --vendor "https://josm.openstreetmap.de" \
|
---|
65 | --mac-sign \
|
---|
66 | --mac-package-identifier de.openstreetmap.josm \
|
---|
67 | --mac-package-signing-prefix de.openstreetmap.josm \
|
---|
68 | --mac-signing-keychain $KEYCHAINPATH \
|
---|
69 | --file-associations native/macosx/bz2.properties \
|
---|
70 | --file-associations native/macosx/geojson.properties \
|
---|
71 | --file-associations native/macosx/gpx.properties \
|
---|
72 | --file-associations native/macosx/gz.properties \
|
---|
73 | --file-associations native/macosx/jos.properties \
|
---|
74 | --file-associations native/macosx/joz.properties \
|
---|
75 | --file-associations native/macosx/osm.properties \
|
---|
76 | --file-associations native/macosx/zip.properties \
|
---|
77 | --add-modules java.base,java.datatransfer,java.desktop,java.logging,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.sql,java.transaction.xa,java.xml,jdk.crypto.ec,jdk.jfr,jdk.jsobject,jdk.unsupported,jdk.unsupported.desktop,jdk.xml.dom
|
---|
78 |
|
---|
79 | echo "Building done."
|
---|
80 |
|
---|
81 | if $SIGNAPP; then
|
---|
82 | echo "Preparing for notarization"
|
---|
83 | ditto -c -k --zlibCompressionLevel 9 --keepParent app/JOSM.app app/JOSM.zip
|
---|
84 |
|
---|
85 | echo "Uploading to Apple"
|
---|
86 | xcrun altool --notarize-app -f app/JOSM.zip -p "$APPLE_ID_PW" -u "$APPLE_ID" --primary-bundle-id de.openstreetmap.josm
|
---|
87 | fi
|
---|