marketing-shibata50/cmux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Log notarization failures in release workflow

Browse source
This commit is contained in:
Lawrence Chen 2026-01-28 22:44:48 -08:00
parent 0959648643
commit 9b3adf1c68
1 changed files with 32 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

34
.github/workflows/release.yml vendored
View file

@ -105,7 +105,22 @@ jobs:
ZIP_SUBMIT="cmuxterm-notary.zip"
DMG_RELEASE="cmuxterm-macos.dmg"
ditto -c -k --sequesterRsrc --keepParent "$APP_PATH" "$ZIP_SUBMIT"
xcrun notarytool submit "$ZIP_SUBMIT" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait
APP_SUBMIT_JSON="$(xcrun notarytool submit "$ZIP_SUBMIT" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait --output-format json)"
APP_SUBMIT_ID="$(python3 - <<'PY'
import json,sys
print(json.loads(sys.stdin.read())["id"])
PY
<<<"$APP_SUBMIT_JSON")"
APP_STATUS="$(python3 - <<'PY'
import json,sys
print(json.loads(sys.stdin.read())["status"])
PY
<<<"$APP_SUBMIT_JSON")"
if [ "$APP_STATUS" != "Accepted" ]; then
echo "App notarization failed with status: $APP_STATUS" >&2
xcrun notarytool log "$APP_SUBMIT_ID" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" || true
exit 1
fi
xcrun stapler staple "$APP_PATH"
xcrun stapler validate "$APP_PATH"
spctl -a -vv --type execute "$APP_PATH"
@ -115,7 +130,22 @@ jobs:
ln -s /Applications "$STAGING_DIR/Applications"
hdiutil create -volname "cmuxterm" -srcfolder "$STAGING_DIR" -ov -format UDZO "$DMG_RELEASE"
rm -rf "$STAGING_DIR"
xcrun notarytool submit "$DMG_RELEASE" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait
DMG_SUBMIT_JSON="$(xcrun notarytool submit "$DMG_RELEASE" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" --wait --output-format json)"
DMG_SUBMIT_ID="$(python3 - <<'PY'
import json,sys
print(json.loads(sys.stdin.read())["id"])
PY
<<<"$DMG_SUBMIT_JSON")"
DMG_STATUS="$(python3 - <<'PY'
import json,sys
print(json.loads(sys.stdin.read())["status"])
PY
<<<"$DMG_SUBMIT_JSON")"
if [ "$DMG_STATUS" != "Accepted" ]; then
echo "DMG notarization failed with status: $DMG_STATUS" >&2
xcrun notarytool log "$DMG_SUBMIT_ID" --apple-id "$APPLE_ID" --team-id "$APPLE_TEAM_ID" --password "$APPLE_APP_SPECIFIC_PASSWORD" || true
exit 1
fi
xcrun stapler staple "$DMG_RELEASE"
xcrun stapler validate "$DMG_RELEASE"