test to see if we signed in during xcodebuild archive/export

Author: StephenHodgson

dist/index.js

@@ -57748,6 +57748,8 @@ async function UpdateTestDetails(project, whatsNew) {
 function normalizeVersion(version) {
     return version.split('.').map(part => parseInt(part, 10).toString()).join('.');
 }
+async function downloadCertificate(project) {
+}
 
 
 /***/ }),

dist/index.js.map

@@ -1,16 +1,26 @@
 #!/bin/bash
-# This script is used to sign macOS app bundles with a specified entitlements file.
-# Usage: ./signing.sh <path_to_app_bundle> <path_to_entitlements_path>
-# Example: ./signing.sh /path/to/MyApp.app /path/to/entitlements.plist
+# This script is used to sign macOS app bundles with a specified entitlements file and signing identity.
+# Usage: ./signing.sh <path_to_app_bundle> <path_to_entitlements_path> "<signing_identity>"
+# Example: ./signing.sh /path/to/MyApp.app /path/to/entitlements.plist "Developer ID Application: Your Name (Team ID)"
 
 APP_BUNDLE_PATH="$1"
 ENTITLEMENTS_PATH="$2"
+SIGNING_IDENTITY="$3"
 
 # remove any metadata from the app bundle
 xattr -cr "$APP_BUNDLE_PATH"
 
-# get the signing identity that matches Developer ID Application
-SIGNING_IDENTITY=$(security find-identity -p codesigning -v | grep "Developer ID Application" | awk -F'"' '{print $2}' | head -n 1)
+# verify the app bundle
+if codesign --verify --verbose=2 "$APP_BUNDLE_PATH"; then
+    echo "App bundle is already signed. No need to sign again."
+    exit 0
+fi
+
+if [ -z "$SIGNING_IDENTITY" ]; then
+    # get the signing identity that matches Developer ID Application
+    SIGNING_IDENTITY=$(security find-identity -p codesigning -v | grep "Developer ID Application" | awk -F'"' '{print $2}' | head -n 1)
+fi
+
 if [ -z "$SIGNING_IDENTITY" ]; then
     echo "No 'Developer ID Application' signing identity found!"
     exit 1

dist/sign-app-bundle.sh

@@ -1,12 +1,15 @@
 #!/bin/bash
 # This script is meant to sign macOS .pkg files.
-# Usage: ./sign-app-pkg.sh <path_to_pkg>
-# Example: ./sign-app-pkg.sh /path/to/MyApp.pkg
+# Usage: ./sign-app-pkg.sh <path_to_pkg> "<signing_identity>"
+# Example: ./sign-app-pkg.sh /path/to/MyApp.pkg "Developer ID Installer: Your Name (Team ID)"
 
 PKG_PATH="$1"
+SIGNING_IDENTITY="$2"
 
-# find the Developer ID Installer signing identity
-SIGNING_IDENTITY=$(security find-identity -v | grep "Developer ID Installer" | awk -F'"' '{print $2}' | head -n 1)
+if [ -z "$SIGNING_IDENTITY" ]; then
+    # find the Developer ID Installer signing identity
+    SIGNING_IDENTITY=$(security find-identity -v | grep "Developer ID Installer" | awk -F'"' '{print $2}' | head -n 1)
+fi
 if [ -z "$SIGNING_IDENTITY" ]; then
     echo "No 'Developer ID Installer' signing identity found!"
     exit 1

dist/sign-app-pkg.sh

@@ -300,4 +300,9 @@ export async function UpdateTestDetails(project: XcodeProject, whatsNew: string)
 
 function normalizeVersion(version: string): string {
     return version.split('.').map(part => parseInt(part, 10).toString()).join('.');
+}
+
+// https://developer.apple.com/documentation/appstoreconnectapi/list_and_download_certificates
+async function downloadCertificate(project: XcodeProject): Promise<void> {
+    // downloads the certificate from App Store Connect into the temp runner directory and adds it to the keychain created in AppleCredential.ts
 }

src/AppStoreConnectClient.ts

@@ -1,16 +1,26 @@
 #!/bin/bash
-# This script is used to sign macOS app bundles with a specified entitlements file.
-# Usage: ./signing.sh <path_to_app_bundle> <path_to_entitlements_path>
-# Example: ./signing.sh /path/to/MyApp.app /path/to/entitlements.plist
+# This script is used to sign macOS app bundles with a specified entitlements file and signing identity.
+# Usage: ./signing.sh <path_to_app_bundle> <path_to_entitlements_path> "<signing_identity>"
+# Example: ./signing.sh /path/to/MyApp.app /path/to/entitlements.plist "Developer ID Application: Your Name (Team ID)"
 
 APP_BUNDLE_PATH="$1"
 ENTITLEMENTS_PATH="$2"
+SIGNING_IDENTITY="$3"
 
 # remove any metadata from the app bundle
 xattr -cr "$APP_BUNDLE_PATH"
 
-# get the signing identity that matches Developer ID Application
-SIGNING_IDENTITY=$(security find-identity -p codesigning -v | grep "Developer ID Application" | awk -F'"' '{print $2}' | head -n 1)
+# verify the app bundle
+if codesign --verify --verbose=2 "$APP_BUNDLE_PATH"; then
+    echo "App bundle is already signed. No need to sign again."
+    exit 0
+fi
+
+if [ -z "$SIGNING_IDENTITY" ]; then
+    # get the signing identity that matches Developer ID Application
+    SIGNING_IDENTITY=$(security find-identity -p codesigning -v | grep "Developer ID Application" | awk -F'"' '{print $2}' | head -n 1)
+fi
+
 if [ -z "$SIGNING_IDENTITY" ]; then
     echo "No 'Developer ID Application' signing identity found!"
     exit 1

src/sign-app-bundle.sh

@@ -1,12 +1,15 @@
 #!/bin/bash
 # This script is meant to sign macOS .pkg files.
-# Usage: ./sign-app-pkg.sh <path_to_pkg>
-# Example: ./sign-app-pkg.sh /path/to/MyApp.pkg
+# Usage: ./sign-app-pkg.sh <path_to_pkg> "<signing_identity>"
+# Example: ./sign-app-pkg.sh /path/to/MyApp.pkg "Developer ID Installer: Your Name (Team ID)"
 
 PKG_PATH="$1"
+SIGNING_IDENTITY="$2"
 
-# find the Developer ID Installer signing identity
-SIGNING_IDENTITY=$(security find-identity -v | grep "Developer ID Installer" | awk -F'"' '{print $2}' | head -n 1)
+if [ -z "$SIGNING_IDENTITY" ]; then
+    # find the Developer ID Installer signing identity
+    SIGNING_IDENTITY=$(security find-identity -v | grep "Developer ID Installer" | awk -F'"' '{print $2}' | head -n 1)
+fi
 if [ -z "$SIGNING_IDENTITY" ]; then
     echo "No 'Developer ID Installer' signing identity found!"
     exit 1