Merge macos build script #479'

kernelkind (2):
      macos packaging
      macos build script

.gitignore

@@ -10,6 +10,7 @@ cache
 /dist
 .direnv/
 src/camera.rs
+scripts/macos_build_secrets.sh
 *.patch
 *.txt
 /tags

Cargo.toml

@@ -86,6 +86,10 @@ android-activity = { version = "0.4", features = [ "native-activity" ] }
 winit = { version = "0.29", features = [ "android-native-activity" ] }
 #winit = { git="https://github.com/rust-windowing/winit.git", rev = "2a58b785fed2a3746f7c7eebce95bce67ddfd27c", features = ["android-native-activity"] }
 
+[package.metadata.bundle]
+identifier = "com.damus.notedeck"
+icon = ["assets/app_icon.icns"]
+
 [package.metadata.android]
 package = "com.damus.app"
 apk_name = "damus"

entitlements.plist

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.app-sandbox</key>
+    <false/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.network.client</key>
+    <true/>
+</dict>
+</plist>

scripts/macos_build.sh

@@ -0,0 +1,95 @@
+#!/bin/bash
+
+set -e  # Exit immediately if a command exits with a non-zero status
+set -u  # Treat unset variables as an error
+set -o pipefail  # Catch errors in pipelines
+
+# Ensure the script is running in the correct directory
+REQUIRED_DIR="notedeck"
+CURRENT_DIR=$(basename "$PWD")
+
+if [ "$CURRENT_DIR" != "$REQUIRED_DIR" ]; then
+    echo "Error: This script must be run from the '$REQUIRED_DIR' directory."
+    exit 1
+fi
+
+# Load environment variables from macos_build_secrets.sh
+SECRETS_FILE="./scripts/macos_build_secrets.sh"
+if [ ! -f "$SECRETS_FILE" ]; then
+    echo "Error: Secrets file '$SECRETS_FILE' not found. Please create it with the required variables." >&2
+    exit 1
+fi
+
+# Source the secrets
+source "$SECRETS_FILE"
+
+# Ensure all required variables are set
+REQUIRED_VARS=(NOTEDECK_APPLE_RELEASE_CERT_ID NOTEDECK_RELEASE_APPLE_ID NOTEDECK_APPLE_APP_SPECIFIC_PW NOTEDECK_APPLE_TEAM_ID)
+for VAR in "${REQUIRED_VARS[@]}"; do
+    if [ -z "${!VAR:-}" ]; then
+        echo "Error: Required variable '$VAR' is not set in $SECRETS_FILE." >&2
+        exit 1
+    fi
+done
+
+# Ensure required tools are installed
+if ! command -v cargo &> /dev/null; then
+    echo "Error: cargo is not installed." >&2
+    exit 1
+fi
+
+if ! command -v xcrun &> /dev/null; then
+    echo "Error: xcrun is not installed." >&2
+    exit 1
+fi
+
+if ! command -v create-dmg &> /dev/null; then
+    echo "Error: create-dmg is not installed." >&2
+    exit 1
+fi
+
+# Build the .app bundle
+echo "Building .app bundle..."
+cargo bundle --release
+
+# Sign the app
+echo "Codesigning the app..."
+codesign \
+  --deep \
+  --force \
+  --verify \
+  --options runtime \
+  --entitlements entitlements.plist \
+  --sign "$NOTEDECK_APPLE_RELEASE_CERT_ID" \
+  target/release/bundle/osx/notedeck.app
+
+# Create a zip for notarization
+echo "Creating zip for notarization..."
+zip -r notedeck.zip target/release/bundle/osx/notedeck.app
+
+# Submit for notarization
+echo "Submitting for notarization..."
+xcrun notarytool submit \
+  --apple-id "$NOTEDECK_RELEASE_APPLE_ID" \
+  --password "$NOTEDECK_APPLE_APP_SPECIFIC_PW" \
+  --team-id "$NOTEDECK_APPLE_TEAM_ID" \
+  --wait \
+  notedeck.zip
+
+# Staple the notarization
+echo "Stapling notarization to the app..."
+xcrun stapler staple target/release/bundle/osx/notedeck.app
+
+echo "Removing notedeck.zip"
+rm notedeck.zip
+
+# Create the .dmg package
+echo "Creating .dmg package..."
+mkdir -p dist
+create-dmg \
+  --window-size 600 400 \
+  --app-drop-link 400 100 \
+  dist/notedeck.dmg \
+  target/release/bundle/osx/notedeck.app
+
+echo "Build and signing process completed successfully."