fix(actions): enhance macOS notarization workflow by adding request UUID extraction, improved status checking, and detailed logging for notarization process
Some checks failed
Test macOS Build Action / test-macos-build (push) Failing after 30m38s
Some checks failed
Test macOS Build Action / test-macos-build (push) Failing after 30m38s
This commit is contained in:
parent
500a7dc1c3
commit
622b10e10d
@ -516,24 +516,91 @@ jobs:
|
|||||||
|
|
||||||
# Submit for notarization
|
# Submit for notarization
|
||||||
debug_log "Submitting app for notarization..."
|
debug_log "Submitting app for notarization..."
|
||||||
xcrun notarytool submit "$ZIP_PATH" \
|
|
||||||
|
# First submit the app to get the request UUID
|
||||||
|
SUBMIT_OUTPUT=$(xcrun notarytool submit "$ZIP_PATH" \
|
||||||
|
--key "$API_KEY_FILE" \
|
||||||
|
--key-id "${{ secrets.NOTARY_API_KEY_ID }}" \
|
||||||
|
--issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}")
|
||||||
|
|
||||||
|
echo "$SUBMIT_OUTPUT" | tee -a "$DEBUG_LOG_PATH"
|
||||||
|
|
||||||
|
# Extract the request UUID
|
||||||
|
REQUEST_UUID=$(echo "$SUBMIT_OUTPUT" | grep -o "id: [a-z0-9-]*" | cut -d' ' -f2)
|
||||||
|
|
||||||
|
if [ -z "$REQUEST_UUID" ]; then
|
||||||
|
debug_log "ERROR: Failed to extract request UUID"
|
||||||
|
echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
debug_log "Notarization request submitted with UUID: $REQUEST_UUID"
|
||||||
|
debug_log "Waiting for notarization to complete (this may take several minutes)..."
|
||||||
|
|
||||||
|
# Wait for notarization to complete with verbose output
|
||||||
|
WAIT_COUNTER=1
|
||||||
|
while true; do
|
||||||
|
if [ $WAIT_COUNTER -gt 60 ]; then
|
||||||
|
debug_log "ERROR: Notarization wait timeout after 60 minutes"
|
||||||
|
echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Sleep for 60 seconds between checks
|
||||||
|
if [ $WAIT_COUNTER -gt 1 ]; then
|
||||||
|
debug_log "Waiting 60 seconds before checking again (attempt $WAIT_COUNTER)..."
|
||||||
|
sleep 60
|
||||||
|
fi
|
||||||
|
|
||||||
|
INFO_OUTPUT=$(xcrun notarytool info "$REQUEST_UUID" \
|
||||||
|
--key "$API_KEY_FILE" \
|
||||||
|
--key-id "${{ secrets.NOTARY_API_KEY_ID }}" \
|
||||||
|
--issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}")
|
||||||
|
|
||||||
|
echo "$INFO_OUTPUT" | tee -a "$DEBUG_LOG_PATH"
|
||||||
|
|
||||||
|
# Extract status
|
||||||
|
REQUEST_STATUS=$(echo "$INFO_OUTPUT" | grep -o "status: [A-Za-z]*" | cut -d' ' -f2)
|
||||||
|
|
||||||
|
debug_log "Current notarization status: $REQUEST_STATUS"
|
||||||
|
|
||||||
|
if [ "$REQUEST_STATUS" == "Accepted" ]; then
|
||||||
|
debug_log "Notarization completed successfully!"
|
||||||
|
break
|
||||||
|
elif [ "$REQUEST_STATUS" == "Invalid" ] || [ "$REQUEST_STATUS" == "Rejected" ]; then
|
||||||
|
debug_log "ERROR: Notarization failed with status: $REQUEST_STATUS"
|
||||||
|
|
||||||
|
# Get log URL if available
|
||||||
|
LOG_URL=$(echo "$INFO_OUTPUT" | grep -o "LogFileURL: [^ ]*" | cut -d' ' -f2)
|
||||||
|
if [ -n "$LOG_URL" ]; then
|
||||||
|
debug_log "Downloading log file from: $LOG_URL"
|
||||||
|
curl -s "$LOG_URL" | tee "$WORK_DIR/notarization_log.json" | tee -a "$DEBUG_LOG_PATH"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
WAIT_COUNTER=$((WAIT_COUNTER+1))
|
||||||
|
done
|
||||||
|
|
||||||
|
# Get detailed logs at the end
|
||||||
|
xcrun notarytool log "$REQUEST_UUID" \
|
||||||
--key "$API_KEY_FILE" \
|
--key "$API_KEY_FILE" \
|
||||||
--key-id "${{ secrets.NOTARY_API_KEY_ID }}" \
|
--key-id "${{ secrets.NOTARY_API_KEY_ID }}" \
|
||||||
--issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" \
|
--issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" \
|
||||||
--wait > "$WORK_DIR/notarization_output.txt" 2>&1
|
"$WORK_DIR/notarization_details.json"
|
||||||
|
|
||||||
cat "$WORK_DIR/notarization_output.txt" | tee -a "$DEBUG_LOG_PATH"
|
debug_log "Detailed notarization log saved to $WORK_DIR/notarization_details.json"
|
||||||
|
cat "$WORK_DIR/notarization_details.json" | tee -a "$DEBUG_LOG_PATH"
|
||||||
|
|
||||||
# Check if notarization was successful
|
# Check if notarization was successful
|
||||||
REQUEST_STATUS=$(grep -o "status: .*" "$WORK_DIR/notarization_output.txt" | cut -d ' ' -f2)
|
|
||||||
|
|
||||||
if [[ "$REQUEST_STATUS" == "Accepted" ]]; then
|
if [[ "$REQUEST_STATUS" == "Accepted" ]]; then
|
||||||
debug_log "Notarization successful"
|
debug_log "Notarization successful"
|
||||||
echo "NOTARIZATION_RESULT=true" >> $GITHUB_ENV
|
echo "NOTARIZATION_RESULT=true" >> $GITHUB_ENV
|
||||||
else
|
else
|
||||||
debug_log "ERROR: Notarization failed or timed out"
|
debug_log "ERROR: Notarization failed or timed out"
|
||||||
debug_log "Notarization status: $REQUEST_STATUS"
|
debug_log "Notarization status: $REQUEST_STATUS"
|
||||||
cat "$WORK_DIR/notarization_output.txt"
|
|
||||||
echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV
|
echo "NOTARIZATION_RESULT=false" >> $GITHUB_ENV
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user