Class: Everywhere::Commands::Release
- Inherits:
-
Dry::CLI::Command
- Object
- Dry::CLI::Command
- Everywhere::Commands::Release
- Defined in:
- lib/everywhere/commands/release.rb
Overview
Produce a signed, notarized, stapled, distributable artifact + release.json.
every release wraps the existing signing engine
(cli/support/macos/notarize.sh) rather than reimplementing
codesign/notarytool, and emits the machine-readable receipt every build
surface (local, CI, Platform) must produce. See
platform/docs/build-engine.md §4, §7, §9.
Today only the macos builder is live; the target is parameterized so ios/android/windows/linux slot in as builders later.
Constant Summary collapse
- NOTARIZE =
File.("../../../support/macos/notarize.sh", __dir__)
Instance Method Summary collapse
Instance Method Details
#call(root: ".", target: "macos-arm64", channel: "direct", ruby: nil, entry: "native_boot.rb", app_name: nil, shell_dir: nil, env_file: nil, skip_build: false) ⇒ Object
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
# File 'lib/everywhere/commands/release.rb', line 36 def call(root: ".", target: "macos-arm64", channel: "direct", ruby: nil, entry: "native_boot.rb", app_name: nil, shell_dir: nil, env_file: nil, skip_build: false, **) root_path = File.(root) config = Everywhere::Config.load(root_path) app_name ||= config.name ruby ||= config.build_ruby || "4.0.6" preflight!(target) framework = config.remote? ? nil : Framework.detect(root_path) dist_dir = File.("dist", root_path) # 1. Produce (or reuse) the signed-for-dev .app via the build path. The # notarize step below re-signs it inside-out with the Developer ID. unless skip_build UI.step("building #{UI.bold(app_name)} for #{UI.cyan(target)}") Build.new.call(root: root, ruby: ruby, entry: entry, app_name: app_name, shell_dir: shell_dir, **) end app_dir = Dir[File.join(dist_dir, "*.app")].max_by { |d| File.mtime(d) } UI.die!("no .app found in #{dist_dir} — run without --skip-build first") unless app_dir # 2. Sign (Developer ID + hardened runtime) → notarize → staple → verify. env_file ||= discover_env_file(root_path) env = env_file ? { "ENV_FILE" => env_file } : {} UI.step("signing + notarizing #{File.basename(app_dir)}#{env_file ? " #{UI.dim("(#{rel(env_file, root_path)})")}" : ""}") UI.warn("no signing env found — set APPLE_* or pass --env-file (notarize.sh will fail without it)") unless env_file || ENV["APPLE_SIGNING_IDENTITY"] log = "#{app_dir}.notarize.log" Shellout.run_logged!(env, ["/bin/bash", NOTARIZE, app_dir], log: log) # 3. Gather signing facts from the bundle itself, then emit the receipt. artifact = "#{app_dir.sub(/\.app\z/, "")}.zip" # notarize.sh re-zips the stapled app UI.die!("expected notarized zip #{artifact} not found") unless File.exist?(artifact) signing = gather_signing(app_dir, log) receipt = Receipt.new(root: root_path, config: config, framework: framework, ruby: ruby, target: target, channel: channel, shell_dir: resolve_shell_dir(shell_dir)) out = File.join(dist_dir, "release.json") receipt.write(out, artifact: artifact, signing: signing) summarize(out, artifact, signing, root_path) end |