LuckyWorld/scripts/mac_build.sh

#!/bin/bash

# Get the user's home directory
USER_HOME="$HOME"

# Set up Unreal Engine paths
UE_ROOT="/Users/Shared/Epic Games/UE_5.5"
UE_EDITOR="$UE_ROOT/Engine/Binaries/Mac/UnrealEditor.app/Contents/MacOS/UnrealEditor"
UE_UAT="$UE_ROOT/Engine/Build/BatchFiles/RunUAT.command"

# Set up project paths
PROJECT_ROOT="$(pwd)"
PROJECT_FILE="$PROJECT_ROOT/LuckyWorld.uproject"
ARCHIVE_DIR="$PROJECT_ROOT/Builds"

# Check for entitlements file
if [ -f "$PROJECT_ROOT/LuckyWorld.entitlements" ]; then
  ENTITLEMENTS_FILE="$PROJECT_ROOT/LuckyWorld.entitlements"
elif [ -f "$PROJECT_ROOT/LuckyRobots.entitlements" ]; then
  ENTITLEMENTS_FILE="$PROJECT_ROOT/LuckyRobots.entitlements"
else
  echo "Warning: No entitlements file found. This might affect notarization."
  ENTITLEMENTS_FILE=""
fi

# For debugging: print paths and config
echo "Project root: $PROJECT_ROOT"
echo "Project file: $PROJECT_FILE"
echo "Archive directory: $ARCHIVE_DIR"
echo "Entitlements file: $ENTITLEMENTS_FILE"

# Clean up previous build artifacts
rm -rf DerivedDataCache Intermediate Binaries Saved

# Generate project files
"$UE_ROOT/Engine/Build/BatchFiles/Mac/GenerateProjectFiles.sh" -project="$PROJECT_FILE" -game -engine

# Run the build command
"$UE_UAT" -ScriptsForProject="$PROJECT_FILE" Turnkey \
  -command=VerifySdk \
  -platform=Mac \
  -UpdateIfNeeded \
  -EditorIO \
  -EditorIOPort=59484 \
  -project="$PROJECT_FILE" \
  BuildCookRun \
  -nop4 \
  -utf8output \
  -cook \
  -project="$PROJECT_FILE" \
  -target=LuckyWorld \
  -unrealexe="$UE_EDITOR" \
  -platform=Mac \
  -installed \
  -stage \
  -archive \
  -package \
  -build \
  -iterativecooking \
  -pak \
  -iostore \
  -compressed \
  -prereqs \
  -archivedirectory="$ARCHIVE_DIR" \
  -CrashReporter \
  -clientconfig=Shipping \
  # -nocompile \
  # -nocompileuat \
  # -nocompileeditor \
  # -skipbuildeditor \

  # enable these if you want to test build without pak and iostore (you're just testing the build)
  # -skipiostore \
  # -skippak \ (disable -pak and -iostore)

echo ""
echo "🦾 Build completed. Application path:"
APP_PATH=$(find "$ARCHIVE_DIR" -name "*.app" -type d | head -n 1)
echo "$APP_PATH"

if [ -n "$APP_PATH" ]; then
  echo ""
  echo "🔍 Binary files that will need signing:"
  DYLIB_COUNT=$(find "$APP_PATH" -name "*.dylib" | wc -l)
  SO_COUNT=$(find "$APP_PATH" -name "*.so" | wc -l)
  FRAMEWORKS=$(find "$APP_PATH" -path "*.framework/*" -type f -perm +111 | wc -l)
  EXECUTABLES=$(find "$APP_PATH" -type f -perm +111 -not -path "*.framework/*" -not -name "*.dylib" -not -name "*.so" | wc -l)
  
  echo "- $DYLIB_COUNT .dylib libraries"
  echo "- $SO_COUNT .so libraries"
  echo "- $FRAMEWORKS framework executables"
  echo "- $EXECUTABLES other executables"
  echo "Total binary files: $((DYLIB_COUNT + SO_COUNT + FRAMEWORKS + EXECUTABLES))"

  echo ""
  echo "🔍 Checking for PhysX and other special libraries (often need special handling):"
  find "$APP_PATH" -name "*PhysX*" -o -name "*APEX*"
fi

# Bundle ID'yi proje ayarlarında güncelle
echo ""
echo "🔧 Updating bundle ID in UE config..."
CONFIG_FILE="$PROJECT_ROOT/Config/DefaultGame.ini"
if [ -f "$CONFIG_FILE" ]; then
  # Mevcut bölümü kontrol et veya ekle
  if grep -q "\[/Script/MacTargetPlatform\.MacTargetSettings\]" "$CONFIG_FILE"; then
    # Bölüm var, ayarı güncelleyebiliriz
    sed -i '' 's/BundleIdentifier=.*/BundleIdentifier=com.luckyrobots.luckyworld/g' "$CONFIG_FILE"
  else
    # Bölüm yok, eklememiz gerekiyor
    echo "" >> "$CONFIG_FILE"
    echo "[/Script/MacTargetPlatform.MacTargetSettings]" >> "$CONFIG_FILE"
    echo "BundleIdentifier=com.luckyrobots.luckyworld" >> "$CONFIG_FILE"
  fi
  echo "Updated bundle ID in project config"
fi

# Build sonrası işlemler - bundle ID ayarlama
echo ""
echo "🔧 Performing post-build fix for bundle ID..."
if [ -n "$APP_PATH" ]; then
  INFO_PLIST="$APP_PATH/Contents/Info.plist"
  if [ -f "$INFO_PLIST" ]; then
    echo "Setting bundle identifier to com.luckyrobots.luckyworld"
    /usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier com.luckyrobots.luckyworld" "$INFO_PLIST"
    echo "Updated bundle ID: $(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "$INFO_PLIST")"
  else
    echo "⚠️ Info.plist not found at $INFO_PLIST"
  fi
fi

# Recursive imzalama fonksiyonu - tüm binary dosyaları imzalar
function sign_recursively() {
  local app_path="$1"
  local entitlements_file="$2"
  local counter=0
  local total=0
  local failed=0
  
  # Önce toplam dosya sayısını hesapla
  # Tüm binary dosyaları bul (executable, dylib, so, çerçeveler)
  echo "Scanning for binary files..."
  
  # Executable binary files (libraries, executables)
  binaries=$(find "$app_path" -type f \( -name "*.dylib" -o -name "*.so" -o -perm +111 \) | sort)
  total=$(echo "$binaries" | wc -l)
  
  echo "Found $total binary files to sign"
  
  # Helper binary dosyaları imzala (tercih sırasına göre)
  echo "Signing all binary files (libraries and executables)..."
  echo "$binaries" | while read -r binary; do
    counter=$((counter + 1))
    
    # Her 20 dosyada bir ilerleme göster
    if [ $((counter % 20)) -eq 0 ] || [ $counter -eq 1 ] || [ $counter -eq $total ]; then
      echo "Progress: $counter/$total - Signing: $binary"
    fi
    
    # Skip if not a regular file (symbolic links etc)
    if [ ! -f "$binary" ]; then
      continue
    fi
    
    # Dosya türünü kontrol et
    file_info=$(file "$binary")
    
    # Sadece Mach-O dosyalarını imzala
    if ! echo "$file_info" | grep -q "Mach-O"; then
      continue
    fi
    
    if [[ "$binary" == *CrashReportClient* ]]; then
      echo "🛠️ Special handling for CrashReportClient: $binary"
    fi
    
    # Timestamp ve runtime options ile imzala
    codesign --force --options runtime --deep --sign - --timestamp --entitlements "$entitlements_file" "$binary" 2>&1 || {
      echo "⚠️ Failed to sign: $binary"
      failed=$((failed + 1))
    }
  done
  
  # Başvuru için ENTITLEMENTS içeriğini göster
  echo "Using entitlements file for signatures:"
  cat "$entitlements_file"
  
  # Tüm nested app'leri bul ve imzala
  nested_apps=$(find "$app_path" -name "*.app" -type d)
  
  if [ -n "$nested_apps" ]; then
    echo "Signing nested applications..."
    echo "$nested_apps" | while read -r nested_app; do
      if [ "$nested_app" != "$app_path" ]; then
        echo "Signing nested app: $nested_app"
        
        # İmzalamadan önce Info.plist varsa Bundle ID ayarla
        nested_info="$nested_app/Contents/Info.plist"
        if [ -f "$nested_info" ]; then
          echo "Setting bundle identifier for nested app"
          /usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier com.luckyrobots.luckyworld.nested" "$nested_info" 2>/dev/null || true
        fi
        
        codesign --force --options runtime --deep --sign - --timestamp --entitlements "$entitlements_file" "$nested_app" 2>&1 || {
          echo "⚠️ Failed to sign nested app: $nested_app"
          failed=$((failed + 1))
        }
      fi
    done
  fi
  
  # Asıl uygulamayı imzala
  echo "Signing main application: $app_path"
  codesign --force --options runtime --deep --sign - --timestamp --entitlements "$entitlements_file" "$app_path" 2>&1 || {
    echo "⚠️ Failed to sign main app: $app_path"
    failed=$((failed + 1))
  }
  
  echo "✅ Signing completed: $counter files processed, $failed failures"
  
  # İmzalama durumunu kontrol et
  echo "Verifying signatures..."
  codesign -vvv --deep --strict "$app_path"
  
  # Hardened Runtime ve diğer güvenlik ayarları kontrol et
  echo "Checking security settings (Hardened Runtime, etc.):"
  codesign -d --entitlements - "$app_path" | grep -i "runtime\|hardened\|security"
  
  # Spesifik olarak CrashReportClient'i kontrol et (sorunlu dosya)
  crash_reporter=$(find "$app_path" -path "*CrashReportClient.app/Contents/MacOS/CrashReportClient" -type f | head -1)
  if [ -n "$crash_reporter" ]; then
    echo "Checking CrashReportClient specifically:"
    codesign -d --entitlements - "$crash_reporter" | grep -i "runtime\|hardened\|security"
  fi
}

# Kütüphaneleri kontrol et ve gerekirse post-processing yap
echo ""
echo "🔍 Performing comprehensive signing and hardening of all binaries..."
if [ -n "$APP_PATH" ] && [ -n "$ENTITLEMENTS_FILE" ]; then
  # Recursive olarak tüm binary dosyaları imzala
  sign_recursively "$APP_PATH" "$ENTITLEMENTS_FILE"
  
  # Son olarak ana uygulamayı tekrar imzala
  echo "Final signing of main app bundle"
  codesign --force --options runtime --deep --sign - --timestamp --entitlements "$ENTITLEMENTS_FILE" "$APP_PATH"
  
  echo "✅ All binaries signed successfully with Hardened Runtime enabled"
else
  echo "❌ App path or entitlements file not found, cannot perform comprehensive signing"
  echo "App path: $APP_PATH"
  echo "Entitlements file: $ENTITLEMENTS_FILE"
fi

echo ""
echo "✅ Build and post-processing completed successfully!"