# This build file contains rules related to deployment. # # The following variables are used by the rules: # # `version`: Current version (for release notes) # `keyfile`: OpenSSL signing key (for deployment) # `notarize_user`: Apple ID (for notarization) # `notarize_pass`: Password (for notarization) # `notarize_bundle_id`: Primary bundle identifier (for notarization) rule notarize_submit command = xcrun altool --notarize-app -u $notarize_user -p $notarize_pass --output-format xml > $out~ -f $in --primary-bundle-id $notarize_bundle_id -t osx && mv $out~ $out description = Submit notarization request for ‘$in’… rule notarize_status command = bin/notarize_await "xcrun altool --notarization-info '$$(plutil -extract notarization-upload.RequestUUID xml1 -o - $in|sed -n 's/.*\(.*\)<\/string>.*/\1/p')' -u $notarize_user -p $notarize_pass --output-format xml" > $out~ && mv $out~ $out description = Waiting for notarization… rule notarize_staple command = xcrun stapler staple $in && touch $out && spctl -a -v $in description = Notarize (staple) ‘$in’… rule zip_archive command = /usr/bin/ditto -ck --keepParent --norsrc --noextattr --noacl --noqtn $in $out~ && mv $out~ $out description = Create zip archive for ‘$in’… rule tbz_archive command = COPYFILE_DISABLE=1 tar $bzip2_flag -cf $out~ -C "$$(dirname $in)" "$$(basename $in)" && mv $out~ $out description = Create tbz archive for ‘$in’… generator = true rule sign_archive command = set -o pipefail; bash -c 'openssl dgst -dss1 -sign $keyfile $in'|openssl > $out~ enc -base64 && mv $out~ $out description = Sign ‘$in’… pool = console rule update_changes command = bin/update_changes -t "v${version}" $in > $in~ && mv $in~ $in && mate -wl5 $in && touch $out description = Update changes for ${version}… generator = true rule git_commit command = git commit -vem"Checkin release notes for ${version}" $in && touch $out description = Commit release notes… generator = true rule git_tag command = printf 'Deployment build\n%s\nSDK: %s (requires %s)\n%s\n' "$$(xcrun clang --version)" "$$(xcrun --show-sdk-version)" "$APP_MIN_OS" "$$("$capnp_prefix/bin/capnp" --version)" | git tag -a "v${version}" -F - && touch $out description = Tag release v${version}… generator = true rule git_push_tag command = git push origin "v${version}" && touch $out description = Push tag for v${version}… generator = true