From a596a1ddb67d37baa22f979f15fd75f48130f9b2 Mon Sep 17 00:00:00 2001
From: Alessandro Muntoni <muntoni.alessandro@gmail.com>
Date: Wed, 7 Jun 2023 15:03:09 +0200
Subject: [PATCH] not using archived actions anymore on CreateRelease workflow

---
 .github/workflows/CreateRelease.yml           | 22 +----------
 scripts/macOS/2_deploy.sh                     | 22 ++++++++++-
 .../macOS/internal/2c_notarize_appbundle.sh   | 39 +++++++++++++++++++
 .../macOS/internal/{2c_dmg.sh => 2d_dmg.sh}   |  0
 4 files changed, 61 insertions(+), 22 deletions(-)
 create mode 100644 scripts/macOS/internal/2c_notarize_appbundle.sh
 rename scripts/macOS/internal/{2c_dmg.sh => 2d_dmg.sh} (100%)

diff --git a/.github/workflows/CreateRelease.yml b/.github/workflows/CreateRelease.yml
index 63bc27f0d..8b63f8910 100644
--- a/.github/workflows/CreateRelease.yml
+++ b/.github/workflows/CreateRelease.yml
@@ -90,27 +90,7 @@ jobs:
     - name: Deploy
       shell: bash
       run: |
-        bash scripts/${{ runner.os }}/2_deploy.sh --cert_pssw='${{ secrets.WIN_CERTIFICATE_PSSW }}' --cert_id=${{ secrets.MACOS_CERT_ID }}
-    - name: Get AppBundle Name
-      if: runner.os == 'macOS'
-      id: abn
-      shell: bash
-      run: |
-        cd install
-        NAME=$(ls -d MeshLab*)
-        echo "app_bundle_name=$NAME" >> $GITHUB_OUTPUT
-    - name: Notarize macOS
-      if: runner.os == 'macOS'
-      uses: devbotsxyz/xcode-notarize@v1
-      with:
-        product-path: "install/${{steps.abn.outputs.app_bundle_name}}"
-        appstore-connect-username: ${{ secrets.MACOS_NOTARIZATION_USER }}
-        appstore-connect-password: ${{ secrets.MACOS_NOTARIZATION_PSSW }}
-    - name: Staple Release macOS
-      if: runner.os == 'macOS'
-      uses: devbotsxyz/xcode-staple@v1
-      with:
-        product-path: "install/${{steps.abn.outputs.app_bundle_name}}"
+        bash scripts/${{ runner.os }}/2_deploy.sh --cert_pssw='${{ secrets.WIN_CERTIFICATE_PSSW }}' --cert_id=${{ secrets.MACOS_CERT_ID }} --notarization_user=${{ secrets.MACOS_NOTARIZATION_USER }} --notarization_pssw='${{ secrets.MACOS_NOTARIZATION_PSSW }}'
     - name: Upload MeshLab Portable
       uses: actions/upload-artifact@v3
       with:
diff --git a/scripts/macOS/2_deploy.sh b/scripts/macOS/2_deploy.sh
index b3a3a791a..16007fef3 100755
--- a/scripts/macOS/2_deploy.sh
+++ b/scripts/macOS/2_deploy.sh
@@ -6,7 +6,10 @@ INSTALL_PATH=$SCRIPTS_PATH/../../install
 QT_DIR_OPTION=""
 PACKAGES_PATH=$SCRIPTS_PATH/../../packages
 SIGN=false
+NOTARIZE=false
 CERT_ID=""
+NOT_USER=""
+NOT_PASSWORD=""
 
 #checking for parameters
 for i in "$@"
@@ -31,6 +34,17 @@ case $i in
         fi
         shift # past argument=value
         ;;
+    -nu=*|--notarization_user=*)
+        if [ -z "${i#*=}" ]; then
+            NOTARIZE=true
+            NOT_USER="${i#*=}"
+        fi
+        shift # past argument=value
+        ;;
+    -np=*|--notarization_password=*)
+        NOT_PASSWORD="${i#*=}"
+        shift # past argument=value
+        ;;
     *)
         # unknown option
         ;;
@@ -47,6 +61,12 @@ if [ "$SIGN" = true ] ; then
     echo "======= AppBundle Signed ======="
 fi
 
-bash $SCRIPTS_PATH/internal/2c_dmg.sh -i=$INSTALL_PATH -p=$PACKAGES_PATH
+if [ "$NOTARIZE" = true ] ; then
+    bash $SCRIPTS_PATH/internal/2c_notarize_appbundle.sh -i=$INSTALL_PATH -nu=$NOT_USER -np=$NOT_PASSWORD
+
+    echo "======= AppBundle Notarized ======="
+fi
+
+bash $SCRIPTS_PATH/internal/2d_dmg.sh -i=$INSTALL_PATH -p=$PACKAGES_PATH
 
 echo "======= DMG Created ======="
\ No newline at end of file
diff --git a/scripts/macOS/internal/2c_notarize_appbundle.sh b/scripts/macOS/internal/2c_notarize_appbundle.sh
new file mode 100644
index 000000000..902122bab
--- /dev/null
+++ b/scripts/macOS/internal/2c_notarize_appbundle.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+SCRIPTS_PATH="$(dirname "$(realpath "$0")")"/..
+
+INSTALL_PATH=$SCRIPTS_PATH/../../install
+NOT_USER=""
+NOT_PASSWORD=""
+
+#checking for parameters
+for i in "$@"
+do
+case $i in
+    -i=*|--install_path=*)
+        INSTALL_PATH="${i#*=}"
+        shift # past argument=value
+        ;;
+    -nu=*|--notarization_user=*)
+        NOT_USER="${i#*=}"
+        shift # past argument=value
+        ;;
+    -np=*|--notarization_password=*)
+        NOT_PASSWORD="${i#*=}"
+        shift # past argument=value
+        ;;
+    *)
+        # unknown option
+        ;;
+esac
+done
+
+xcrun notarytool store-credentials "notarytool-profile" --apple-id "$NOT_USER" --password "$NOT_PASSWORD"
+
+ditto -c -k --keepParent "$INSTALL_PATH/meshlab.app" "$INSTALL_PATH/notarization.zip"
+
+xcrun notarytool submit "install/notarization.zip" --keychain-profile "notarytool-profile" --wait
+
+xcrun stapler staple "$INSTALL_PATH/meshlab.app"
+
+rm -rf $INSTALL_PATH/notarization.zip
\ No newline at end of file
diff --git a/scripts/macOS/internal/2c_dmg.sh b/scripts/macOS/internal/2d_dmg.sh
similarity index 100%
rename from scripts/macOS/internal/2c_dmg.sh
rename to scripts/macOS/internal/2d_dmg.sh