diff --git a/.gitea/actions/macos-notarize/action.yml b/.gitea/actions/macos-notarize/action.yml index ccc7b63a..429874c5 100644 --- a/.gitea/actions/macos-notarize/action.yml +++ b/.gitea/actions/macos-notarize/action.yml @@ -256,7 +256,33 @@ runs: echo "Notarization command output:" echo "$NOTARY_OUTPUT" echo "Notarization exit status: $NOTARY_STATUS" - + + # Extract submission ID for log retrieval if needed + SUBMISSION_ID=$(echo "$NOTARY_OUTPUT" | grep -o "id: [a-f0-9\-]*" | head -1 | cut -d ' ' -f 2) + echo "Submission ID: $SUBMISSION_ID" + + # Check for invalid status and get detailed logs + if [ $NOTARY_STATUS -eq 0 ] && echo "$NOTARY_OUTPUT" | grep -q "Invalid"; then + echo "⚠️ Notarization returned Invalid status. Checking detailed logs..." + if [ -n "$SUBMISSION_ID" ]; then + echo "📋 Fetching detailed logs for submission ID: $SUBMISSION_ID" + LOGS_OUTPUT=$(xcrun notarytool log "$SUBMISSION_ID" \ + --key ~/private_keys/AuthKey_${API_KEY_ID}.p8 \ + --key-id "$API_KEY_ID" \ + --issuer "$API_ISSUER_ID" 2>&1) + + echo "==== DETAILED NOTARIZATION LOGS ====" + echo "$LOGS_OUTPUT" + echo "==================================" + + # Extract specific issues for easier debugging + echo "🔍 Extracting specific issues from logs..." + echo "$LOGS_OUTPUT" | grep -A 3 "issues" + else + echo "❌ Could not extract submission ID from notarization output" + fi + fi + # Enhanced check for notarization success if [ $NOTARY_STATUS -eq 0 ] && echo "$NOTARY_OUTPUT" | grep -q -E "success|accepted"; then echo "✅ Notarization completed successfully!" @@ -279,7 +305,33 @@ runs: echo "::set-output name=notarized::true" else echo "❌ Notarization failed or did not complete properly" - echo "Please check the notarization logs for details" + echo "Please check the notarization logs above for details" + + # Show current bundle ID in Info.plist + echo "📋 Current bundle ID information:" + if [ -f "${{ inputs.app-path }}/Contents/Info.plist" ]; then + echo "Info.plist content for bundle ID:" + /usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "${{ inputs.app-path }}/Contents/Info.plist" || echo "Could not read bundle ID from Info.plist" + echo "Full Info.plist excerpt:" + plutil -p "${{ inputs.app-path }}/Contents/Info.plist" | grep -i bundle + else + echo "Info.plist not found at expected location: ${{ inputs.app-path }}/Contents/Info.plist" + fi + + # Check for mismatched bundle ID + if [ "$BUNDLE_ID" != "$(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "${{ inputs.app-path }}/Contents/Info.plist" 2>/dev/null)" ]; then + echo "⚠️ WARNING: Bundle ID mismatch detected between workflow and app!" + echo " - Workflow/input bundle ID: $BUNDLE_ID" + echo " - Actual app bundle ID: $(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "${{ inputs.app-path }}/Contents/Info.plist" 2>/dev/null || echo "Could not read")" + echo "This mismatch could cause notarization problems." + fi + + # Check for code signature issues in internal components + echo "🔍 Checking for code signature issues in app components..." + find "${{ inputs.app-path }}" -type f -name "*.dylib" -o -name "*.so" | head -5 | while read -r lib; do + echo "Checking signature on: $lib" + codesign -vvv "$lib" || echo "⚠️ Signature issue with: $lib" + done fi # Clean up @@ -307,6 +359,32 @@ runs: echo "$NOTARY_OUTPUT" echo "Notarization exit status: $NOTARY_STATUS" + # Extract submission ID for log retrieval if needed + SUBMISSION_ID=$(echo "$NOTARY_OUTPUT" | grep -o "id: [a-f0-9\-]*" | head -1 | cut -d ' ' -f 2) + echo "Submission ID: $SUBMISSION_ID" + + # Check for invalid status and get detailed logs + if [ $NOTARY_STATUS -eq 0 ] && echo "$NOTARY_OUTPUT" | grep -q "Invalid"; then + echo "⚠️ Notarization returned Invalid status. Checking detailed logs..." + if [ -n "$SUBMISSION_ID" ]; then + echo "📋 Fetching detailed logs for submission ID: $SUBMISSION_ID" + LOGS_OUTPUT=$(xcrun notarytool log "$SUBMISSION_ID" \ + --apple-id "$APPLE_ID" \ + --password "$APP_PASSWORD" \ + --team-id "$APPLE_TEAM_ID" 2>&1) + + echo "==== DETAILED NOTARIZATION LOGS ====" + echo "$LOGS_OUTPUT" + echo "==================================" + + # Extract specific issues for easier debugging + echo "🔍 Extracting specific issues from logs..." + echo "$LOGS_OUTPUT" | grep -A 3 "issues" + else + echo "❌ Could not extract submission ID from notarization output" + fi + fi + # Enhanced check for notarization success if [ $NOTARY_STATUS -eq 0 ] && echo "$NOTARY_OUTPUT" | grep -q -E "success|accepted"; then echo "✅ Notarization completed successfully!" @@ -329,7 +407,18 @@ runs: echo "::set-output name=notarized::true" else echo "❌ Notarization failed or did not complete properly" - echo "Please check the notarization logs for details" + echo "Please check the notarization logs above for details" + + # Show current bundle ID in Info.plist + echo "📋 Current bundle ID information:" + if [ -f "${{ inputs.app-path }}/Contents/Info.plist" ]; then + echo "Info.plist content for bundle ID:" + /usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "${{ inputs.app-path }}/Contents/Info.plist" || echo "Could not read bundle ID from Info.plist" + echo "Full Info.plist excerpt:" + plutil -p "${{ inputs.app-path }}/Contents/Info.plist" | grep -i bundle + else + echo "Info.plist not found at expected location: ${{ inputs.app-path }}/Contents/Info.plist" + fi fi else echo "⚠️ Missing notarization credentials. Skipping notarization." diff --git a/.gitea/workflows/test-macos-build.yml b/.gitea/workflows/test-macos-build.yml index b30c5f90..887c9046 100644 --- a/.gitea/workflows/test-macos-build.yml +++ b/.gitea/workflows/test-macos-build.yml @@ -85,6 +85,16 @@ jobs: # Export APP_PATH for next steps to use echo "APP_PATH=$MAIN_APP_PATH" >> "$GITHUB_ENV" + + # Extract bundle ID from Info.plist + if [ -f "$MAIN_APP_PATH/Contents/Info.plist" ]; then + BUNDLE_ID=$(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "$MAIN_APP_PATH/Contents/Info.plist") + echo "Detected bundle ID from app: $BUNDLE_ID" + echo "BUNDLE_ID=$BUNDLE_ID" >> "$GITHUB_ENV" + else + echo "WARNING: Could not find Info.plist in app bundle. Using default bundle ID." + echo "BUNDLE_ID=com.YourCompany.LuckyWorld" >> "$GITHUB_ENV" + fi shell: bash # Use the macos-notarize action to sign and notarize the app @@ -101,7 +111,7 @@ jobs: notary-api-key-id: ${{ secrets.NOTARY_API_KEY_ID }} notary-api-key-issuer-id: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }} notary-api-key-path: ${{ secrets.NOTARY_API_KEY_PATH }} - bundle-id: 'com.luckyrobots.luckyworld' + bundle-id: ${{ env.BUNDLE_ID }} fallback-to-adhoc: 'true' # Upload signed app if available