From 4c23f4bceaa688416e793c91f7dcc18d9781e9b3 Mon Sep 17 00:00:00 2001
From: pajlada <rasmus.karlsson@pajlada.com>
Date: Sat, 29 Apr 2023 16:07:20 +0200
Subject: [PATCH] Allow for local macOS signed builds (#4582)

Split up the CreateDMG.sh macos script to two scripts:
MacDeploy.sh - this calls macdeployqt on the built app
CreateDMG.sh - this calls dmgbuild on the built & deployed app

Add a `SKIP_VENV` environment variable to CreateDMG.sh, this can be used to use the system version of dmgbuild
Add the ability to codesign the created dmg and its contents using the `MACOS_CODESIGN_CERTIFICATE` environment variable
Moved the output name logic from CreateDMG to the `OUTPUT_DMG_PATH` environment variable

The nightly release create job also doesn't remove artifacts now, it only replaces artifacts that are conflicting.
The downside to this is that if we change the name of an artifact, we need to manually delete the old artifact.
The upside to this is that we can now upload artifacts that are not handled in the same CI job.
---
 .CI/CreateDMG.sh            | 52 +++++++++++++++++++++----------------
 .CI/MacDeploy.sh            | 39 ++++++++++++++++++++++++++++
 .github/workflows/build.yml |  7 +++--
 3 files changed, 73 insertions(+), 25 deletions(-)
 create mode 100755 .CI/MacDeploy.sh

diff --git a/.CI/CreateDMG.sh b/.CI/CreateDMG.sh
index 5eaddc071..7174eb605 100755
--- a/.CI/CreateDMG.sh
+++ b/.CI/CreateDMG.sh
@@ -1,32 +1,38 @@
-#!/bin/sh
+#!/usr/bin/env bash
 
-if [ -d bin/chatterino.app ] && [ ! -d chatterino.app ]; then
-    >&2 echo "Moving bin/chatterino.app down one directory"
-    mv bin/chatterino.app chatterino.app
+set -eo pipefail
+
+if [ ! -d chatterino.app ]; then
+    echo "ERROR: No 'chatterino.app' dir found in the build directory. Make sure you've run ./CI/MacDeploy.sh"
+    exit 1
 fi
 
-if [ -n "$Qt5_DIR" ]; then
-    echo "Using Qt DIR from Qt5_DIR: $Qt5_DIR"
-    _QT_DIR="$Qt5_DIR"
-elif [ -n "$Qt6_DIR" ]; then
-    echo "Using Qt DIR from Qt6_DIR: $Qt6_DIR"
-    _QT_DIR="$Qt6_DIR"
+if [ -z "$OUTPUT_DMG_PATH" ]; then
+    echo "ERROR: Must specify the path for where to save the final .dmg. Make sure you've set the OUTPUT_DMG_PATH environment variable."
+    exit 1
 fi
 
-if [ -n "$_QT_DIR" ]; then
-    export PATH="${_QT_DIR}/bin:$PATH"
-else
-    echo "No Qt environment variable set, assuming system-installed Qt"
+if [ -z "$SKIP_VENV" ]; then
+    echo "Creating python3 virtual environment"
+    python3 -m venv venv
+    echo "Entering python3 virtual environment"
+    . venv/bin/activate
+    echo "Installing dmgbuild"
+    python3 -m pip install dmgbuild
+fi
+
+if [ -n "$MACOS_CODESIGN_CERTIFICATE" ]; then
+    echo "Codesigning force deep inside the app"
+    codesign -s "$MACOS_CODESIGN_CERTIFICATE" --deep --force chatterino.app
+    echo "Done!"
 fi
 
-echo "Running MACDEPLOYQT"
-macdeployqt chatterino.app
-echo "Creating python3 virtual environment"
-python3 -m venv venv
-echo "Entering python3 virtual environment"
-. venv/bin/activate
-echo "Installing dmgbuild"
-python3 -m pip install dmgbuild
 echo "Running dmgbuild.."
-dmgbuild --settings ./../.CI/dmg-settings.py -D app=./chatterino.app Chatterino2 chatterino-macos-Qt-$1.dmg
+dmgbuild --settings ./../.CI/dmg-settings.py -D app=./chatterino.app Chatterino2 "$OUTPUT_DMG_PATH"
 echo "Done!"
+
+if [ -n "$MACOS_CODESIGN_CERTIFICATE" ]; then
+    echo "Codesigning the dmg"
+    codesign -s "$MACOS_CODESIGN_CERTIFICATE" --deep --force "$OUTPUT_DMG_PATH"
+    echo "Done!"
+fi
diff --git a/.CI/MacDeploy.sh b/.CI/MacDeploy.sh
new file mode 100755
index 000000000..c798bfe16
--- /dev/null
+++ b/.CI/MacDeploy.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Bundle relevant qt & system dependencies into the ./chatterino.app folder
+
+set -eo pipefail
+
+if [ -d bin/chatterino.app ] && [ ! -d chatterino.app ]; then
+    >&2 echo "Moving bin/chatterino.app down one directory"
+    mv bin/chatterino.app chatterino.app
+fi
+
+if [ -n "$Qt5_DIR" ]; then
+    echo "Using Qt DIR from Qt5_DIR: $Qt5_DIR"
+    _QT_DIR="$Qt5_DIR"
+elif [ -n "$Qt6_DIR" ]; then
+    echo "Using Qt DIR from Qt6_DIR: $Qt6_DIR"
+    _QT_DIR="$Qt6_DIR"
+fi
+
+if [ -n "$_QT_DIR" ]; then
+    export PATH="${_QT_DIR}/bin:$PATH"
+else
+    echo "No Qt environment variable set, assuming system-installed Qt"
+fi
+
+echo "Running MACDEPLOYQT"
+
+_macdeployqt_args=()
+
+if [ -n "$MACOS_CODESIGN_CERTIFICATE" ]; then
+    _macdeployqt_args+=("-codesign=$MACOS_CODESIGN_CERTIFICATE")
+fi
+
+macdeployqt chatterino.app "${_macdeployqt_args[@]}"
+
+if [ -n "$MACOS_CODESIGN_CERTIFICATE" ]; then
+    # Validate that chatterino.app was codesigned correctly
+    codesign -v chatterino.app
+fi
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 92a368a36..31f4e5bf7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -336,12 +336,15 @@ jobs:
 
       - name: Package (MacOS)
         if: startsWith(matrix.os, 'macos')
+        env:
+          OUTPUT_DMG_PATH: chatterino-macos-Qt-${{ matrix.qt-version}}.dmg
         run: |
           ls -la
           pwd
           ls -la build || true
           cd build
-          sh ./../.CI/CreateDMG.sh ${{ matrix.qt-version }}
+          ./../.CI/MacDeploy.sh
+          ./../.CI/CreateDMG.sh
         shell: bash
 
       - name: Upload artifact (MacOS)
@@ -439,7 +442,7 @@ jobs:
       - name: Create release
         uses: ncipollo/release-action@v1.12.0
         with:
-          removeArtifacts: true
+          replacesArtifacts: true
           allowUpdates: true
           artifactErrorsFailBuild: true
           artifacts: "release-artifacts/*"