fix(actions): improve notarization script with detailed logging and bundle ID checks
Some checks failed
Test macOS Build Action / test-macos-build (push) Has been cancelled
Some checks failed
Test macOS Build Action / test-macos-build (push) Has been cancelled
This commit is contained in:
parent
db463a2ece
commit
67a9934251
@ -256,7 +256,33 @@ runs:
|
||||
echo "Notarization command output:"
|
||||
echo "$NOTARY_OUTPUT"
|
||||
echo "Notarization exit status: $NOTARY_STATUS"
|
||||
|
||||
|
||||
# Extract submission ID for log retrieval if needed
|
||||
SUBMISSION_ID=$(echo "$NOTARY_OUTPUT" | grep -o "id: [a-f0-9\-]*" | head -1 | cut -d ' ' -f 2)
|
||||
echo "Submission ID: $SUBMISSION_ID"
|
||||
|
||||
# Check for invalid status and get detailed logs
|
||||
if [ $NOTARY_STATUS -eq 0 ] && echo "$NOTARY_OUTPUT" | grep -q "Invalid"; then
|
||||
echo "⚠️ Notarization returned Invalid status. Checking detailed logs..."
|
||||
if [ -n "$SUBMISSION_ID" ]; then
|
||||
echo "📋 Fetching detailed logs for submission ID: $SUBMISSION_ID"
|
||||
LOGS_OUTPUT=$(xcrun notarytool log "$SUBMISSION_ID" \
|
||||
--key ~/private_keys/AuthKey_${API_KEY_ID}.p8 \
|
||||
--key-id "$API_KEY_ID" \
|
||||
--issuer "$API_ISSUER_ID" 2>&1)
|
||||
|
||||
echo "==== DETAILED NOTARIZATION LOGS ===="
|
||||
echo "$LOGS_OUTPUT"
|
||||
echo "=================================="
|
||||
|
||||
# Extract specific issues for easier debugging
|
||||
echo "🔍 Extracting specific issues from logs..."
|
||||
echo "$LOGS_OUTPUT" | grep -A 3 "issues"
|
||||
else
|
||||
echo "❌ Could not extract submission ID from notarization output"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Enhanced check for notarization success
|
||||
if [ $NOTARY_STATUS -eq 0 ] && echo "$NOTARY_OUTPUT" | grep -q -E "success|accepted"; then
|
||||
echo "✅ Notarization completed successfully!"
|
||||
@ -279,7 +305,33 @@ runs:
|
||||
echo "::set-output name=notarized::true"
|
||||
else
|
||||
echo "❌ Notarization failed or did not complete properly"
|
||||
echo "Please check the notarization logs for details"
|
||||
echo "Please check the notarization logs above for details"
|
||||
|
||||
# Show current bundle ID in Info.plist
|
||||
echo "📋 Current bundle ID information:"
|
||||
if [ -f "${{ inputs.app-path }}/Contents/Info.plist" ]; then
|
||||
echo "Info.plist content for bundle ID:"
|
||||
/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "${{ inputs.app-path }}/Contents/Info.plist" || echo "Could not read bundle ID from Info.plist"
|
||||
echo "Full Info.plist excerpt:"
|
||||
plutil -p "${{ inputs.app-path }}/Contents/Info.plist" | grep -i bundle
|
||||
else
|
||||
echo "Info.plist not found at expected location: ${{ inputs.app-path }}/Contents/Info.plist"
|
||||
fi
|
||||
|
||||
# Check for mismatched bundle ID
|
||||
if [ "$BUNDLE_ID" != "$(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "${{ inputs.app-path }}/Contents/Info.plist" 2>/dev/null)" ]; then
|
||||
echo "⚠️ WARNING: Bundle ID mismatch detected between workflow and app!"
|
||||
echo " - Workflow/input bundle ID: $BUNDLE_ID"
|
||||
echo " - Actual app bundle ID: $(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "${{ inputs.app-path }}/Contents/Info.plist" 2>/dev/null || echo "Could not read")"
|
||||
echo "This mismatch could cause notarization problems."
|
||||
fi
|
||||
|
||||
# Check for code signature issues in internal components
|
||||
echo "🔍 Checking for code signature issues in app components..."
|
||||
find "${{ inputs.app-path }}" -type f -name "*.dylib" -o -name "*.so" | head -5 | while read -r lib; do
|
||||
echo "Checking signature on: $lib"
|
||||
codesign -vvv "$lib" || echo "⚠️ Signature issue with: $lib"
|
||||
done
|
||||
fi
|
||||
|
||||
# Clean up
|
||||
@ -307,6 +359,32 @@ runs:
|
||||
echo "$NOTARY_OUTPUT"
|
||||
echo "Notarization exit status: $NOTARY_STATUS"
|
||||
|
||||
# Extract submission ID for log retrieval if needed
|
||||
SUBMISSION_ID=$(echo "$NOTARY_OUTPUT" | grep -o "id: [a-f0-9\-]*" | head -1 | cut -d ' ' -f 2)
|
||||
echo "Submission ID: $SUBMISSION_ID"
|
||||
|
||||
# Check for invalid status and get detailed logs
|
||||
if [ $NOTARY_STATUS -eq 0 ] && echo "$NOTARY_OUTPUT" | grep -q "Invalid"; then
|
||||
echo "⚠️ Notarization returned Invalid status. Checking detailed logs..."
|
||||
if [ -n "$SUBMISSION_ID" ]; then
|
||||
echo "📋 Fetching detailed logs for submission ID: $SUBMISSION_ID"
|
||||
LOGS_OUTPUT=$(xcrun notarytool log "$SUBMISSION_ID" \
|
||||
--apple-id "$APPLE_ID" \
|
||||
--password "$APP_PASSWORD" \
|
||||
--team-id "$APPLE_TEAM_ID" 2>&1)
|
||||
|
||||
echo "==== DETAILED NOTARIZATION LOGS ===="
|
||||
echo "$LOGS_OUTPUT"
|
||||
echo "=================================="
|
||||
|
||||
# Extract specific issues for easier debugging
|
||||
echo "🔍 Extracting specific issues from logs..."
|
||||
echo "$LOGS_OUTPUT" | grep -A 3 "issues"
|
||||
else
|
||||
echo "❌ Could not extract submission ID from notarization output"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Enhanced check for notarization success
|
||||
if [ $NOTARY_STATUS -eq 0 ] && echo "$NOTARY_OUTPUT" | grep -q -E "success|accepted"; then
|
||||
echo "✅ Notarization completed successfully!"
|
||||
@ -329,7 +407,18 @@ runs:
|
||||
echo "::set-output name=notarized::true"
|
||||
else
|
||||
echo "❌ Notarization failed or did not complete properly"
|
||||
echo "Please check the notarization logs for details"
|
||||
echo "Please check the notarization logs above for details"
|
||||
|
||||
# Show current bundle ID in Info.plist
|
||||
echo "📋 Current bundle ID information:"
|
||||
if [ -f "${{ inputs.app-path }}/Contents/Info.plist" ]; then
|
||||
echo "Info.plist content for bundle ID:"
|
||||
/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "${{ inputs.app-path }}/Contents/Info.plist" || echo "Could not read bundle ID from Info.plist"
|
||||
echo "Full Info.plist excerpt:"
|
||||
plutil -p "${{ inputs.app-path }}/Contents/Info.plist" | grep -i bundle
|
||||
else
|
||||
echo "Info.plist not found at expected location: ${{ inputs.app-path }}/Contents/Info.plist"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "⚠️ Missing notarization credentials. Skipping notarization."
|
||||
|
||||
@ -85,6 +85,16 @@ jobs:
|
||||
|
||||
# Export APP_PATH for next steps to use
|
||||
echo "APP_PATH=$MAIN_APP_PATH" >> "$GITHUB_ENV"
|
||||
|
||||
# Extract bundle ID from Info.plist
|
||||
if [ -f "$MAIN_APP_PATH/Contents/Info.plist" ]; then
|
||||
BUNDLE_ID=$(/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "$MAIN_APP_PATH/Contents/Info.plist")
|
||||
echo "Detected bundle ID from app: $BUNDLE_ID"
|
||||
echo "BUNDLE_ID=$BUNDLE_ID" >> "$GITHUB_ENV"
|
||||
else
|
||||
echo "WARNING: Could not find Info.plist in app bundle. Using default bundle ID."
|
||||
echo "BUNDLE_ID=com.YourCompany.LuckyWorld" >> "$GITHUB_ENV"
|
||||
fi
|
||||
shell: bash
|
||||
|
||||
# Use the macos-notarize action to sign and notarize the app
|
||||
@ -101,7 +111,7 @@ jobs:
|
||||
notary-api-key-id: ${{ secrets.NOTARY_API_KEY_ID }}
|
||||
notary-api-key-issuer-id: ${{ secrets.NOTARY_API_KEY_ISSUER_ID }}
|
||||
notary-api-key-path: ${{ secrets.NOTARY_API_KEY_PATH }}
|
||||
bundle-id: 'com.luckyrobots.luckyworld'
|
||||
bundle-id: ${{ env.BUNDLE_ID }}
|
||||
fallback-to-adhoc: 'true'
|
||||
|
||||
# Upload signed app if available
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user