diff --git a/.gitea/workflows/test-signing.yml b/.gitea/workflows/test-signing.yml index 3852b4be..8c20e2fe 100644 --- a/.gitea/workflows/test-signing.yml +++ b/.gitea/workflows/test-signing.yml @@ -35,13 +35,22 @@ jobs: echo "Created entitlements file:" cat LuckyRobots.entitlements + + # Move entitlements to home directory to ensure consistent access + cp LuckyRobots.entitlements ~/LuckyRobots.entitlements shell: bash - name: Download and Extract Artifact id: extract-artifact run: | + # Working with absolute paths to eliminate path inconsistencies + WORKSPACE_DIR="$(pwd)" + BUILDS_DIR="$WORKSPACE_DIR/Builds" + EXTRACT_DIR="$WORKSPACE_DIR/temp_extract" + # Create directories - mkdir -p Builds/Mac + mkdir -p "$BUILDS_DIR/Mac" + mkdir -p "$EXTRACT_DIR" # Download specific artifact echo "Downloading build artifact..." @@ -50,45 +59,69 @@ jobs: ARTIFACT_URL="https://luckyrobots.com/LuckyRobots/LuckyWorld/actions/runs/84/artifacts/LuckyRobots-macOS" echo "Using artifact URL: $ARTIFACT_URL" + BUILD_ZIP="$WORKSPACE_DIR/build.zip" # Download the artifact - curl -L "$ARTIFACT_URL" -o build.zip + curl -L "$ARTIFACT_URL" -o "$BUILD_ZIP" # First unzip - Outer artifact zip file echo "Extracting outer zip file..." - unzip -o build.zip -d temp_extract/ + unzip -o "$BUILD_ZIP" -d "$EXTRACT_DIR" # List the contents of temp_extract echo "Contents of temp_extract:" - ls -la temp_extract/ + ls -la "$EXTRACT_DIR" - # Second unzip - Inner macOS app package - echo "Extracting inner zip file..." - INNER_ZIP=$(find temp_extract -name "*.zip" | head -1) + # Handle case where the artifact might have different structure + # Try to find any zip files recursively + echo "Searching for zip files in extract directory..." + ZIP_FILES=$(find "$EXTRACT_DIR" -name "*.zip" -type f) + echo "Found ZIP files: $ZIP_FILES" - if [[ -z "$INNER_ZIP" ]]; then - echo "Could not find inner zip in artifact" - exit 1 + # Create target directory for Mac app + TARGET_DIR="$BUILDS_DIR/Mac" + mkdir -p "$TARGET_DIR" + + # Extract all found zip files + for ZIP_FILE in $ZIP_FILES; do + echo "Extracting: $ZIP_FILE to $TARGET_DIR" + unzip -o "$ZIP_FILE" -d "$TARGET_DIR" + done + + # Look for LuckyWorld-Mac-Shipping.app specifically + if [ -d "$TARGET_DIR/LuckyWorld-Mac-Shipping.app" ]; then + APP_PATH="$TARGET_DIR/LuckyWorld-Mac-Shipping.app" + echo "Found specific app: $APP_PATH" + else + # Try to find any .app bundle recursively + echo "Searching for .app bundles in all directories..." + APP_PATH=$(find "$BUILDS_DIR" -name "*.app" -type d | head -1) + + if [ -z "$APP_PATH" ]; then + echo "Could not find any .app bundle. Looking in other directories..." + APP_PATH=$(find "$WORKSPACE_DIR" -name "*.app" -type d | head -1) + fi fi - echo "Found inner zip: $INNER_ZIP" - unzip -o "$INNER_ZIP" -d Builds/Mac/ - - # Recursive search for .app directory - echo "Searching for .app bundle..." - APP_PATH=$(find Builds -type d -name "*.app" -print 2>/dev/null | head -1) - - if [[ -z "$APP_PATH" ]]; then - echo "Could not find app bundle in extracted files" + if [ -z "$APP_PATH" ]; then + echo "ERROR: Could not find any .app bundle" echo "Contents of Builds directory:" - find Builds -type d | sort - echo "All directories in workspace:" - find . -type d -maxdepth 4 | grep -v "node_modules\|.git" | sort + find "$BUILDS_DIR" -type d | sort + echo "Contents of extracted files:" + find "$EXTRACT_DIR" -type f | sort exit 1 fi - echo "Found app bundle: $APP_PATH" - echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT + echo "Found app bundle at: $APP_PATH" + # Make a local copy to ensure access + LOCAL_APP="$WORKSPACE_DIR/LuckyWorld.app" + echo "Creating accessible copy at: $LOCAL_APP" + + # Remove if exists + rm -rf "$LOCAL_APP" + cp -R "$APP_PATH" "$LOCAL_APP" + + echo "app_path=$LOCAL_APP" >> $GITHUB_OUTPUT shell: bash - name: Validate App Path @@ -103,22 +136,18 @@ jobs: exit 1 fi + # Ensure the path is absolute + if [[ "$APP_PATH" != /* ]]; then + APP_PATH="$(pwd)/$APP_PATH" + echo "Converted to absolute path: $APP_PATH" + fi + echo "Will sign and notarize: $APP_PATH" echo "Contents of app bundle:" ls -la "$APP_PATH" echo "app_path=$APP_PATH" >> $GITHUB_OUTPUT shell: bash - - name: Setup for Signing - id: setup-signing - env: - API_KEY_PATH: ${{ secrets.NOTARY_API_KEY_PATH }} - run: | - # Decode the API key from Base64 secret - echo "$API_KEY_PATH" | base64 --decode > api_key.p8 - echo "api_key_file=$(pwd)/api_key.p8" >> $GITHUB_OUTPUT - shell: bash - - name: Sign macOS App uses: lando/code-sign-action@v3 id: sign-app @@ -127,7 +156,7 @@ jobs: certificate-data: ${{ secrets.MACOS_CERTIFICATE }} certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }} apple-team-id: "${{ secrets.APPLE_TEAM_ID }}" - options: --force --options runtime --deep --timestamp --entitlements ./LuckyRobots.entitlements + options: --force --options runtime --deep --timestamp --entitlements ~/LuckyRobots.entitlements - name: Notarize macOS App run: | @@ -136,17 +165,19 @@ jobs: NOTARIZE_APP_PATH="./LuckyRobots-notarize.zip" ditto -c -k --keepParent "$APP_PATH" "$NOTARIZE_APP_PATH" - API_KEY_FILE="${{ steps.setup-signing.outputs.api_key_file }}" + # Set up API key + API_KEY_PATH="$(pwd)/api_key.p8" + echo "${{ secrets.NOTARY_API_KEY_PATH }}" | base64 --decode > "$API_KEY_PATH" # Submit for notarization using API key echo "Submitting for notarization with API key..." - xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_FILE" --key-id "${{ secrets.NOTARY_API_KEY_ID }}" --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" --wait + xcrun notarytool submit "$NOTARIZE_APP_PATH" --key "$API_KEY_PATH" --key-id "${{ secrets.NOTARY_API_KEY_ID }}" --issuer "${{ secrets.NOTARY_API_KEY_ISSUER_ID }}" --wait # Staple the ticket to the application xcrun stapler staple "$APP_PATH" # Clean up the API key file - rm -f "$API_KEY_FILE" + rm -f "$API_KEY_PATH" rm -f "$NOTARIZE_APP_PATH" shell: bash @@ -155,17 +186,18 @@ jobs: # Package the signed and notarized app APP_PATH="${{ steps.validate-app.outputs.app_path }}" APP_NAME=$(basename "$APP_PATH") - DIR_PATH=$(dirname "$APP_PATH") + WORKSPACE_DIR="$(pwd)" + OUTPUT_DIR="$WORKSPACE_DIR/TestSignedApps" # Create test output directory - mkdir -p TestSignedApps + mkdir -p "$OUTPUT_DIR" echo "Creating test package..." - (cd "$DIR_PATH" && zip -r "../../TestSignedApps/Test-$APP_NAME.zip" "$APP_NAME") - echo "Created test package: TestSignedApps/Test-$APP_NAME.zip" + ditto -c -k --keepParent "$APP_PATH" "$OUTPUT_DIR/Test-$APP_NAME.zip" + echo "Created test package: $OUTPUT_DIR/Test-$APP_NAME.zip" echo "Test packaged apps:" - ls -la TestSignedApps/ + ls -la "$OUTPUT_DIR" shell: bash - name: Upload Test Signed App