Files
clipbored/docs/RELEASE.md

83 lines
2.0 KiB
Markdown
Raw Permalink Normal View History

2026-06-30 01:12:19 -07:00
# Release Guide
This guide covers the local release build, optional Developer ID signing, and optional notarization flow.
## Local Validation
Run:
```bash
./scripts/check.sh
```
This runs the unit test suite, builds `build/ClipBored.app`, applies an ad-hoc hardened-runtime signature, enforces size gates, and verifies the app signature.
## Local Archive
Run:
```bash
./scripts/release-macos-app.sh
```
Without signing credentials, this creates:
```text
build/ClipBored.app
build/ClipBored.zip
```
The app remains ad-hoc signed and is suitable for local validation only.
## Developer ID Signing
Set a Developer ID Application identity:
```bash
export DEVELOPER_ID_APPLICATION="Developer ID Application: Example, Inc. (TEAMID)"
./scripts/release-macos-app.sh
```
The script rebuilds the app, re-signs it with hardened runtime and timestamping, verifies the signature, and writes `build/ClipBored.zip`.
## Notarization
Preferred: configure a notarytool keychain profile once:
```bash
xcrun notarytool store-credentials "clipbored-notary" \
--apple-id "developer@example.com" \
--team-id "TEAMID" \
--password "app-specific-password"
```
Then run:
```bash
export DEVELOPER_ID_APPLICATION="Developer ID Application: Example, Inc. (TEAMID)"
export NOTARYTOOL_PROFILE="clipbored-notary"
./scripts/release-macos-app.sh
```
Alternative environment-only notarization:
```bash
export DEVELOPER_ID_APPLICATION="Developer ID Application: Example, Inc. (TEAMID)"
export APPLE_ID="developer@example.com"
export APPLE_TEAM_ID="TEAMID"
export APPLE_APP_SPECIFIC_PASSWORD="app-specific-password"
./scripts/release-macos-app.sh
```
When notarization succeeds, the script staples the ticket to `build/ClipBored.app`, validates the staple, and recreates `build/ClipBored.zip`.
## Final Manual Checks
Before publishing, run the checklist in [SMOKE_TEST.md](SMOKE_TEST.md), then confirm:
```bash
codesign --verify --deep --strict --verbose=2 build/ClipBored.app
xcrun stapler validate build/ClipBored.app
spctl --assess --type execute --verbose=4 build/ClipBored.app
```