diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d5c677c5c..219f1371b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: Build
+name: Build
on:
workflow_dispatch:
@@ -9,22 +9,22 @@ on:
jobs:
build-windows:
runs-on: windows-latest
- env:
- VCPKG_BINARY_SOURCES: "clear;x-gha,readwrite"
+ env:
+ VCPKG_BINARY_SOURCES: "clear;x-gha,readwrite"
steps:
- name: Checkout branch
uses: actions/checkout@v4
-
+
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
- channel: 'stable'
+ channel: "stable"
- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
-
+
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
@@ -33,7 +33,7 @@ jobs:
- name: Install the Rust dependencies
run: cargo install 'flutter_rust_bridge_codegen' rinf protoc-gen-prost
-
+
- name: Activate Protobuf
run: flutter pub global activate protoc_plugin
@@ -41,17 +41,17 @@ jobs:
run: flutter pub get
- name: Generate message files
- run: rinf message
+ run: rinf message
- name: Build Windows
run: flutter build windows --release --verbose
-
+
- uses: benjlevesque/short-sha@v3.0
id: short-sha
with:
length: 7
-
- - name: Upload artifact
+
+ - name: Upload artifact
uses: actions/upload-artifact@v4
with:
path: build/windows/x64/runner/Release/
@@ -69,19 +69,19 @@ jobs:
with:
pattern: Rune-*-windows
path: artifacts
-
+
- uses: benjlevesque/short-sha@v3.0
id: short-sha
with:
length: 7
-
+
- name: Build Zip for Release
uses: thedoctor0/zip-release@master
with:
type: "zip"
filename: Rune-${{ github.ref_name }}-${{ steps.short-sha.outputs.sha }}-windows-amd64.zip
directory: artifacts
-
+
- name: Release
uses: ncipollo/release-action@v1
with:
@@ -105,13 +105,13 @@ jobs:
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
- channel: 'stable'
+ channel: "stable"
- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
-
+
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
@@ -120,7 +120,7 @@ jobs:
- name: Install the Rust dependencies
run: cargo install 'flutter_rust_bridge_codegen' rinf protoc-gen-prost
-
+
- name: Activate Protobuf
run: flutter pub global activate protoc_plugin
@@ -128,7 +128,7 @@ jobs:
run: flutter pub get
- name: Generate message files
- run: rinf message
+ run: rinf message
- name: Build linux
run: flutter build linux --release --verbose
@@ -137,8 +137,8 @@ jobs:
id: short-sha
with:
length: 7
-
- - name: Upload artifact
+
+ - name: Upload artifact
uses: actions/upload-artifact@v4
with:
path: build/linux/x64/release/bundle/
@@ -161,17 +161,17 @@ jobs:
# https://github.com/actions/runner/issues/2033
chown -R $(id -u):$(id -g) $PWD
git config --global --add safe.directory '*'
-
+
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
- channel: 'stable'
+ channel: "stable"
- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
-
+
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
@@ -180,7 +180,7 @@ jobs:
- name: Install the Rust dependencies
run: cargo install 'flutter_rust_bridge_codegen' rinf protoc-gen-prost
-
+
- name: Activate Protobuf
run: flutter pub global activate protoc_plugin
@@ -188,7 +188,7 @@ jobs:
run: flutter pub get
- name: Generate message files
- run: rinf message
+ run: rinf message
- name: Build linux
run: flutter build linux --release --verbose
@@ -197,14 +197,13 @@ jobs:
id: short-sha
with:
length: 7
-
+
- name: Copy Steam Launch Scripts
run: |
chmod +x scripts/steam/*
cp -r scripts/steam/* build/linux/x64/release/bundle/
-
- - name: Upload artifact
+ - name: Upload artifact
uses: actions/upload-artifact@v4
with:
path: build/linux/x64/release/bundle/
@@ -227,14 +226,14 @@ jobs:
id: short-sha
with:
length: 7
-
+
- name: Build Zip for Release
uses: thedoctor0/zip-release@master
with:
type: "zip"
filename: Rune-${{ github.ref_name }}-${{ steps.short-sha.outputs.sha }}-linux-amd64.zip
directory: artifacts
-
+
- name: Release
uses: ncipollo/release-action@v1
with:
@@ -261,14 +260,14 @@ jobs:
id: short-sha
with:
length: 7
-
+
- name: Build Zip for Release
uses: thedoctor0/zip-release@master
with:
type: "zip"
filename: Rune-${{ github.ref_name }}-${{ steps.short-sha.outputs.sha }}-steam-sniper-amd64.zip
directory: artifacts
-
+
- name: Release
uses: ncipollo/release-action@v1
with:
@@ -277,7 +276,7 @@ jobs:
replacesArtifacts: false
omitBodyDuringUpdate: true
makeLatest: true
-
+
build-macos:
runs-on: macos-latest
steps:
@@ -285,23 +284,23 @@ jobs:
uses: actions/checkout@v4
with:
lfs: true
-
+
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
- channel: 'stable'
-
+ channel: "stable"
+
- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@stable
-
+
- uses: Swatinem/rust-cache@v2
-
+
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
version: "26.x"
repo-token: ${{ secrets.GITHUB_TOKEN }}
-
+
- uses: benjlevesque/short-sha@v3.0
id: short-sha
with:
@@ -312,13 +311,16 @@ jobs:
DEVELOPER_ID_APPLICATION_P12_BASE64_MAC: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_BASE64_MAC }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+ BUILD_NOTARIZED_PROVISION_PROFILE: ${{ secrets.BUILD_NOTARIZED_PROVISION_PROFILE }}
run: |
# create variables
DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH=$RUNNER_TEMP/build_developerID_application_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/rune-signing.keychain-db
+ PP_PATH=$RUNNER_TEMP/Rune_Notarized.provisionprofile
# import certificate and provisioning profile from secrets
echo -n "$DEVELOPER_ID_APPLICATION_P12_BASE64_MAC" | base64 --decode --output $DEVELOPER_ID_APPLICATION_CERTIFICATE_PATH
+ echo -n "$BUILD_NOTARIZED_PROVISION_PROFILE" | base64 --decode --output $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
@@ -331,7 +333,10 @@ jobs:
security list-keychain -d user -s $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
- - name: All
+ # apply provisioning profile
+ mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+ cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+ - name: All
run: |
brew install just
just macos-ci-all
@@ -350,7 +355,7 @@ jobs:
otool -L Rune.app/Contents/MacOS/Rune | grep lmdb
install_name_tool -change /opt/homebrew/opt/lmdb/lib/liblmdb.dylib @executable_path/../Frameworks/liblmdb.dylib Rune.app/Contents/MacOS/Rune
working-directory: build/macos/Build/Products/Release
-
+
- name: Upload artifact macOS DMG
uses: actions/upload-artifact@v4
with:
@@ -367,6 +372,108 @@ jobs:
fi
rm -f .env
+ build-and-release-mac-app-store:
+ runs-on: macos-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v4
+ with:
+ lfs: true
+
+ - name: Setup Flutter
+ uses: subosito/flutter-action@v2
+ with:
+ channel: "stable"
+
+ - name: Setup Rust toolchain
+ uses: dtolnay/rust-toolchain@stable
+
+ - uses: Swatinem/rust-cache@v2
+
+ - name: Install Protoc
+ uses: arduino/setup-protoc@v3
+ with:
+ version: "26.x"
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+ - uses: benjlevesque/short-sha@v3.0
+ id: short-sha
+ with:
+ length: 7
+
+ - name: Install certificates
+ env:
+ APPLE_DISTRIBUTION_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_CERTIFICATE }}
+ APPLE_DISTRIBUTION_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_PASSWORD }}
+ APPLE_DISTRIBUTION_SIGNING_IDENTITY: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_IDENTITY }}
+ MAC_DEVELOPER_INSTALLER_CERTIFICATE: ${{ secrets.MAC_DEVELOPER_INSTALLER_CERTIFICATE }}
+ MAC_DEVELOPER_INSTALLER_PASSWORD: ${{ secrets.MAC_DEVELOPER_INSTALLER_PASSWORD }}
+ MAC_DEVELOPER_INSTALLER_SIGNING_IDENTITY: ${{ secrets.MAC_DEVELOPER_INSTALLER_SIGNING_IDENTITY }}
+ APP_STORE_CONNECT_API_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
+ APP_STORE_CONNECT_APP_APPLE_ID: ${{ secrets.APP_STORE_CONNECT_APP_APPLE_ID }}
+ APP_STORE_CONNECT_ISSUER: ${{ secrets.APP_STORE_CONNECT_ISSUER }}
+ APP_STORE_CONNECT_PUBLIC_ID: ${{ secrets.APP_STORE_CONNECT_PUBLIC_ID }}
+ APP_STORE_CONNECT_KEYID: ${{ secrets.APP_STORE_CONNECT_KEYID }}
+ KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+ BUILD_APP_STORE_PROVISION_PROFILE: ${{ secrets.BUILD_APP_STORE_PROVISION_PROFILE }}
+ run: |
+ # create variables
+ APPLE_DISTRIBUTION_CERTIFICATE_PATH=$RUNNER_TEMP/build_apple_distribution_certificate.p12
+ MAC_DEVELOPER_INSTALLER_CERTIFICATE_PATH=$RUNNER_TEMP/build_mac_developer_installer_certificate.p12
+ KEYCHAIN_PATH=$RUNNER_TEMP/rune-signing.keychain-db
+ PP_PATH=$RUNNER_TEMP/Rune_App_Store.provisionprofile
+
+ # import certificate and provisioning profile from secrets
+ echo -n "$APPLE_DISTRIBUTION_CERTIFICATE" | base64 --decode --output $APPLE_DISTRIBUTION_CERTIFICATE_PATH
+ echo -n "$MAC_DEVELOPER_INSTALLER_CERTIFICATE" | base64 --decode --output $MAC_DEVELOPER_INSTALLER_CERTIFICATE_PATH
+ echo -n "$BUILD_APP_STORE_PROVISION_PROFILE" | base64 --decode --output $PP_PATH
+
+ # create temporary keychain
+ security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+ # security default-keychain -s $KEYCHAIN_PATH
+ security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+ security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+ # import certificate to keychain
+ security import $APPLE_DISTRIBUTION_CERTIFICATE_PATH -P "$APPLE_DISTRIBUTION_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+ security import $MAC_DEVELOPER_INSTALLER_CERTIFICATE_PATH -P "$MAC_DEVELOPER_INSTALLER_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+ security list-keychain -d user -s $KEYCHAIN_PATH
+ security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+ # import App Store Connect API Key
+ echo "$APP_STORE_CONNECT_API_KEY" | base64 --decode --output $RUNNER_TEMP/AuthKey_$APP_STORE_CONNECT_KEYID.p8
+
+ # apply provisioning profile
+ mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+ cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+ - name: All
+ run: |
+ export RUNE_APPSTORE_BUILD_VERSION=$(echo "$REF_NAME" | sed -E 's/^v([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
+ brew install just
+ just macos-ci-all-appstore
+ env:
+ APPLE_DISTRIBUTION_SIGNING_IDENTITY: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_IDENTITY }}
+ MAC_DEVELOPER_INSTALLER_SIGNING_IDENTITY: ${{ secrets.MAC_DEVELOPER_INSTALLER_SIGNING_IDENTITY }}
+ APP_STORE_CONNECT_APP_APPLE_ID: ${{ secrets.APP_STORE_CONNECT_APP_APPLE_ID }}
+ APP_STORE_CONNECT_ISSUER: ${{ secrets.APP_STORE_CONNECT_ISSUER }}
+ APP_STORE_CONNECT_PUBLIC_ID: ${{ secrets.APP_STORE_CONNECT_PUBLIC_ID }}
+ APP_STORE_CONNECT_KEYID: ${{ secrets.APP_STORE_CONNECT_KEYID }}
+ KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+ REF_NAME: ${{ github.ref_name }}
+ SHA: ${{ steps.short-sha.outputs.sha }}
+ RUNE_APPSTORE_BUILD_NUMBER: ${{ github.run_number }}
+
+ - name: Clean up
+ if: ${{ always() }}
+ run: |
+ just macos-ci-clean
+ if [ -f "$RUNNER_TEMP/rune-signing.keychain-db" ]; then
+ echo "$RUNNER_TEMP/rune-signing.keychain-db"
+ security delete-keychain $RUNNER_TEMP/rune-signing.keychain-db
+ fi
+ rm -f .env
+ rm -f $RUNNER_TEMP/*.p8
+
release-macos:
permissions:
contents: write
@@ -379,7 +486,7 @@ jobs:
with:
pattern: Rune-*-macOS
path: artifacts
-
+
- name: Release
uses: ncipollo/release-action@v1
with:
diff --git a/Justfile b/Justfile
index 17923d062..5d24694b7 100644
--- a/Justfile
+++ b/Justfile
@@ -5,6 +5,12 @@ macos-ci-all: macos-ci-clean macos-ci-install
./scripts/macos_5_codesign_and_notarize.sh
./scripts/macos_6_create_dmg.sh
+macos-ci-all-appstore: macos-ci-clean macos-ci-install
+ ./scripts/macos_2_appstore_build.sh
+ ./scripts/macos_3_prepare_before_sign.sh
+ ./scripts/macos_4_replace_dylib.sh
+ ./scripts/macos_5_codesign_and_submit_to_appstore.sh
+
macos-ci-clean:
./scripts/macos_7_clean.sh
@@ -23,4 +29,3 @@ macos-build:
./scripts/macos_2_build.sh
macos-build-all: macos-install macos-build
-
diff --git a/macos/Runner.xcodeproj/project.pbxproj b/macos/Runner.xcodeproj/project.pbxproj
index ca36dce9b..95000969b 100644
--- a/macos/Runner.xcodeproj/project.pbxproj
+++ b/macos/Runner.xcodeproj/project.pbxproj
@@ -289,7 +289,6 @@
33CC10EC2044A3C60003C045 = {
CreatedOnToolsVersion = 9.2;
LastSwiftMigration = 1100;
- ProvisioningStyle = Automatic;
SystemCapabilities = {
com.apple.Sandbox = {
enabled = 1;
@@ -590,9 +589,13 @@
buildSettings = {
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
CLANG_ENABLE_MODULES = YES;
- CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
- CODE_SIGN_STYLE = Automatic;
+ CODE_SIGN_ENTITLEMENTS = Runner/Release.entitlements;
+ CODE_SIGN_IDENTITY = "Apple Development";
+ "CODE_SIGN_IDENTITY[sdk=macosx*]" = "3rd Party Mac Developer Application";
+ CODE_SIGN_STYLE = Manual;
COMBINE_HIDPI_IMAGES = YES;
+ DEVELOPMENT_TEAM = "";
+ "DEVELOPMENT_TEAM[sdk=macosx*]" = LG57TUQ726;
ENABLE_HARDENED_RUNTIME = YES;
INFOPLIST_FILE = Runner/Info.plist;
INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.music";
@@ -609,6 +612,7 @@
MACOSX_DEPLOYMENT_TARGET = 10.14.6;
PRODUCT_BUNDLE_IDENTIFIER = ci.not.rune;
PROVISIONING_PROFILE_SPECIFIER = "";
+ "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "Rune App Store";
SWIFT_VERSION = 5.0;
};
name = Profile;
@@ -733,8 +737,10 @@
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
CLANG_ENABLE_MODULES = YES;
CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements;
+ "CODE_SIGN_IDENTITY[sdk=macosx*]" = "Apple Development";
CODE_SIGN_STYLE = Automatic;
COMBINE_HIDPI_IMAGES = YES;
+ DEVELOPMENT_TEAM = LG57TUQ726;
ENABLE_HARDENED_RUNTIME = YES;
INFOPLIST_FILE = Runner/Info.plist;
INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.music";
@@ -763,8 +769,12 @@
ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
CLANG_ENABLE_MODULES = YES;
CODE_SIGN_ENTITLEMENTS = Runner/Release.entitlements;
- CODE_SIGN_STYLE = Automatic;
+ CODE_SIGN_IDENTITY = "Apple Development";
+ "CODE_SIGN_IDENTITY[sdk=macosx*]" = "3rd Party Mac Developer Application";
+ CODE_SIGN_STYLE = Manual;
COMBINE_HIDPI_IMAGES = YES;
+ DEVELOPMENT_TEAM = "";
+ "DEVELOPMENT_TEAM[sdk=macosx*]" = LG57TUQ726;
ENABLE_HARDENED_RUNTIME = YES;
INFOPLIST_FILE = Runner/Info.plist;
INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.music";
@@ -781,6 +791,7 @@
MACOSX_DEPLOYMENT_TARGET = 10.14.6;
PRODUCT_BUNDLE_IDENTIFIER = ci.not.rune;
PROVISIONING_PROFILE_SPECIFIER = "";
+ "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "Rune App Store";
SWIFT_VERSION = 5.0;
};
name = Release;
diff --git a/macos/Runner/Info.plist b/macos/Runner/Info.plist
index 268f0603b..c6047847b 100644
--- a/macos/Runner/Info.plist
+++ b/macos/Runner/Info.plist
@@ -20,6 +20,10 @@
$(FLUTTER_BUILD_NAME)
CFBundleVersion
$(FLUTTER_BUILD_NUMBER)
+ ITSAppUsesNonExemptEncryption
+
+ LSApplicationCategoryType
+ public.app-category.music
LSMinimumSystemVersion
$(MACOSX_DEPLOYMENT_TARGET)
NSHumanReadableCopyright
@@ -28,7 +32,5 @@
MainMenu
NSPrincipalClass
NSApplication
- LSApplicationCategoryType
- public.app-category.music
diff --git a/macos/Runner/Release.entitlements b/macos/Runner/Release.entitlements
index a281b2447..d433cefc8 100644
--- a/macos/Runner/Release.entitlements
+++ b/macos/Runner/Release.entitlements
@@ -2,6 +2,12 @@
+ keychain-access-groups
+
+ com.apple.developer.team-identifier
+ LG57TUQ726
+ com.apple.application-identifier
+ LG57TUQ726.ci.not.rune
com.apple.security.app-sandbox
com.apple.security.automation.apple-events
diff --git a/scripts/macos_2_appstore_build.sh b/scripts/macos_2_appstore_build.sh
new file mode 100755
index 000000000..c93048a19
--- /dev/null
+++ b/scripts/macos_2_appstore_build.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env sh
+
+set -e
+
+cd "$(dirname "$0")"
+cd ..
+
+# Create backup of project.pbxproj
+cp macos/Runner.xcodeproj/project.pbxproj macos/Runner.xcodeproj/project.pbxproj.backup
+
+# Patch macos/Runner.xcodeproj/project.pbxproj and macos/Runner/Release.entitlements to replace bundle ID
+sed -i '' 's/PRODUCT_BUNDLE_IDENTIFIER = ci.not.rune;/PRODUCT_BUNDLE_IDENTIFIER = ci.not.rune.appstore;/g' macos/Runner.xcodeproj/project.pbxproj
+sed -i '' 's/LG57TUQ726.ci.not.rune<\/string>/LG57TUQ726.ci.not.rune.appstore<\/string>/g' macos/Runner/Release.entitlements
+
+flutter pub get
+rinf message
+cd macos
+pod update
+cd ..
+flutter build macos --build-number $RUNE_APPSTORE_BUILD_NUMBER --build-name $RUNE_APPSTORE_BUILD_VERSION --release
+chmod -R +x build/macos/Build/Products/Release/Rune.app
+xattr -cr build/macos/Build/Products/Release/Rune.app
+
+# Restore original project.pbxproj
+mv macos/Runner.xcodeproj/project.pbxproj.backup macos/Runner.xcodeproj/project.pbxproj
diff --git a/scripts/macos_3_prepare_before_sign.sh b/scripts/macos_3_prepare_before_sign.sh
index 9cb15f59e..ad9f62072 100755
--- a/scripts/macos_3_prepare_before_sign.sh
+++ b/scripts/macos_3_prepare_before_sign.sh
@@ -8,5 +8,6 @@ cd ..
rm -rf temp_macos
mkdir temp_macos
-cp -R build/macos/Build/Products/Release/Rune.app temp_macos
-cp macos/Runner/Release.entitlements temp_macos
\ No newline at end of file
+ditto build/macos/Build/Products/Release/Rune.app temp_macos/Rune.app
+cp macos/Runner/Release.entitlements temp_macos
+cp ~/Library/MobileDevice/Provisioning\ Profiles/*.provisionprofile temp_macos/Rune.app/Contents/embedded.provisionprofile
diff --git a/scripts/macos_5_codesign_and_notarize.sh b/scripts/macos_5_codesign_and_notarize.sh
index dfeebf1c2..6c10b5165 100755
--- a/scripts/macos_5_codesign_and_notarize.sh
+++ b/scripts/macos_5_codesign_and_notarize.sh
@@ -11,7 +11,21 @@ echo "Codesign: ----------------------------"
# DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY must use Developer ID Application certificate, or app cannot be notarized
# /usr/bin/codesign --deep --force -s "$DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY" --options runtime player.app -v
-/usr/bin/codesign --deep --force -s "$DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY" --entitlements Release.entitlements --options runtime Rune.app -v
+/usr/bin/codesign \
+ --deep \
+ --force \
+ -s "$DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY" \
+ --options runtime \
+ -v \
+ Rune.app
+
+/usr/bin/codesign \
+ --force \
+ -s "$DEVELOPER_ID_APPLICATION_SIGNING_IDENTITY" \
+ --entitlements Release.entitlements \
+ --options runtime \
+ -v \
+ Rune.app
echo "Notarize: ----------------------------"
diff --git a/scripts/macos_5_codesign_and_submit_to_appstore.sh b/scripts/macos_5_codesign_and_submit_to_appstore.sh
new file mode 100755
index 000000000..258b02d3f
--- /dev/null
+++ b/scripts/macos_5_codesign_and_submit_to_appstore.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env sh
+
+set -e
+
+cd "$(dirname "$0")"
+cd ..
+cd temp_macos
+
+echo "Codesign: ----------------------------"
+
+/usr/bin/codesign \
+ --deep \
+ --force \
+ -s "$APPLE_DISTRIBUTION_SIGNING_IDENTITY" \
+ --options runtime \
+ -v \
+ Rune.app
+
+/usr/bin/codesign \
+ --force \
+ -s "$APPLE_DISTRIBUTION_SIGNING_IDENTITY" \
+ --entitlements Release.entitlements \
+ --options runtime \
+ -v \
+ Rune.app
+
+echo "Package: ----------------------------"
+
+xcrun productbuild \
+ --sign "$MAC_DEVELOPER_INSTALLER_SIGNING_IDENTITY" \
+ --component Rune.app \
+ /Applications \
+ Rune.pkg
+
+echo "Upload to App Store Connect: ----------------------------"
+
+API_PRIVATE_KEYS_DIR=$RUNNER_TEMP \
+xcrun altool \
+ --upload-package Rune.pkg \
+ --type osx \
+ --apiKey "$APP_STORE_CONNECT_KEYID" \
+ --apiIssuer "$APP_STORE_CONNECT_ISSUER" \
+ --asc-public-id "$APP_STORE_CONNECT_PUBLIC_ID" \
+ --apple-id "$APP_STORE_CONNECT_APP_APPLE_ID" \
+ --bundle-id "ci.not.rune.appstore" \
+ --bundle-short-version-string "$RUNE_APPSTORE_BUILD_VERSION" \
+ --bundle-version "$RUNE_APPSTORE_BUILD_NUMBER" \
+ --verbose