diff --git a/.gitea/workflows/test-macos-build.yml b/.gitea/workflows/test-macos-build.yml index 549132ed..abd9ca86 100644 --- a/.gitea/workflows/test-macos-build.yml +++ b/.gitea/workflows/test-macos-build.yml @@ -516,24 +516,91 @@ jobs: # Submit for notarization debug_log "Submitting app for notarization..." - xcrun notarytool submit "$ZIP_PATH" \ + + # First submit the app to get the request UUID + SUBMIT_OUTPUT=$(xcrun notarytool submit "$ZIP_PATH" \ + --key "$API_KEY_FILE" \ + --key-id "${{ secrets.NOTARY_API_KEY_ID }}" \ + --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}") + + echo "$SUBMIT_OUTPUT" | tee -a "$DEBUG_LOG_PATH" + + # Extract the request UUID + REQUEST_UUID=$(echo "$SUBMIT_OUTPUT" | grep -o "id: [a-z0-9-]*" | cut -d' ' -f2) + + if [ -z "$REQUEST_UUID" ]; then + debug_log "ERROR: Failed to extract request UUID" + echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV + exit 1 + fi + + debug_log "Notarization request submitted with UUID: $REQUEST_UUID" + debug_log "Waiting for notarization to complete (this may take several minutes)..." + + # Wait for notarization to complete with verbose output + WAIT_COUNTER=1 + while true; do + if [ $WAIT_COUNTER -gt 60 ]; then + debug_log "ERROR: Notarization wait timeout after 60 minutes" + echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV + exit 1 + fi + + # Sleep for 60 seconds between checks + if [ $WAIT_COUNTER -gt 1 ]; then + debug_log "Waiting 60 seconds before checking again (attempt $WAIT_COUNTER)..." + sleep 60 + fi + + INFO_OUTPUT=$(xcrun notarytool info "$REQUEST_UUID" \ + --key "$API_KEY_FILE" \ + --key-id "${{ secrets.NOTARY_API_KEY_ID }}" \ + --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}") + + echo "$INFO_OUTPUT" | tee -a "$DEBUG_LOG_PATH" + + # Extract status + REQUEST_STATUS=$(echo "$INFO_OUTPUT" | grep -o "status: [A-Za-z]*" | cut -d' ' -f2) + + debug_log "Current notarization status: $REQUEST_STATUS" + + if [ "$REQUEST_STATUS" == "Accepted" ]; then + debug_log "Notarization completed successfully!" + break + elif [ "$REQUEST_STATUS" == "Invalid" ] || [ "$REQUEST_STATUS" == "Rejected" ]; then + debug_log "ERROR: Notarization failed with status: $REQUEST_STATUS" + + # Get log URL if available + LOG_URL=$(echo "$INFO_OUTPUT" | grep -o "LogFileURL: [^ ]*" | cut -d' ' -f2) + if [ -n "$LOG_URL" ]; then + debug_log "Downloading log file from: $LOG_URL" + curl -s "$LOG_URL" | tee "$WORK_DIR/notarization_log.json" | tee -a "$DEBUG_LOG_PATH" + fi + + echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV + exit 1 + fi + + WAIT_COUNTER=$((WAIT_COUNTER+1)) + done + + # Get detailed logs at the end + xcrun notarytool log "$REQUEST_UUID" \ --key "$API_KEY_FILE" \ --key-id "${{ secrets.NOTARY_API_KEY_ID }}" \ --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" \ - --wait > "$WORK_DIR/notarization_output.txt" 2>&1 + "$WORK_DIR/notarization_details.json" - cat "$WORK_DIR/notarization_output.txt" | tee -a "$DEBUG_LOG_PATH" - - # Check if notarization was successful - REQUEST_STATUS=$(grep -o "status: .*" "$WORK_DIR/notarization_output.txt" | cut -d ' ' -f2) + debug_log "Detailed notarization log saved to $WORK_DIR/notarization_details.json" + cat "$WORK_DIR/notarization_details.json" | tee -a "$DEBUG_LOG_PATH" + # Check if notarization was successful if [[ "$REQUEST_STATUS" == "Accepted" ]]; then debug_log "Notarization successful" echo "NOTARIZATION_RESULT=true" >> $GITHUB_ENV else debug_log "ERROR: Notarization failed or timed out" debug_log "Notarization status: $REQUEST_STATUS" - cat "$WORK_DIR/notarization_output.txt" echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV exit 1 fi