Prepare v0.4 release and open source docs
This commit is contained in:
129
scripts/verify-release-artifacts.sh
Executable file
129
scripts/verify-release-artifacts.sh
Executable file
@@ -0,0 +1,129 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
source "$ROOT_DIR/scripts/release-version.sh"
|
||||
|
||||
APP_NAME="I Hate PDFs"
|
||||
BUNDLE_ID="${BUNDLE_ID:-net.akkolli.ihatepdfs}"
|
||||
DIST_DIR="$ROOT_DIR/dist"
|
||||
APP_DIR="$DIST_DIR/$APP_NAME.app"
|
||||
DMG_PATH="$DIST_DIR/IHatePDFs-v$RELEASE_VERSION-macos.dmg"
|
||||
PKG_PATH="${PKG_PATH:-$DIST_DIR/IHatePDFs-v$RELEASE_VERSION-macos-appstore.pkg}"
|
||||
REQUIRE_APP_STORE_PKG="${REQUIRE_APP_STORE_PKG:-0}"
|
||||
PLISTBUDDY="/usr/libexec/PlistBuddy"
|
||||
TEMP_PATHS=()
|
||||
|
||||
cleanup() {
|
||||
((${#TEMP_PATHS[@]})) || return 0
|
||||
for path in "${TEMP_PATHS[@]}"; do
|
||||
rm -rf "$path"
|
||||
done
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
fail() {
|
||||
echo "release artifact verification failed: $*" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
require_file() {
|
||||
local path="$1"
|
||||
[[ -e "$path" ]] || fail "missing $path"
|
||||
}
|
||||
|
||||
plist_value() {
|
||||
local plist="$1"
|
||||
local key="$2"
|
||||
"$PLISTBUDDY" -c "Print :$key" "$plist"
|
||||
}
|
||||
|
||||
verify_app_bundle() {
|
||||
require_file "$APP_DIR/Contents/Info.plist"
|
||||
|
||||
local version
|
||||
local build
|
||||
local bundle_id
|
||||
version="$(plist_value "$APP_DIR/Contents/Info.plist" "CFBundleShortVersionString")"
|
||||
build="$(plist_value "$APP_DIR/Contents/Info.plist" "CFBundleVersion")"
|
||||
bundle_id="$(plist_value "$APP_DIR/Contents/Info.plist" "CFBundleIdentifier")"
|
||||
|
||||
[[ "$bundle_id" == "$BUNDLE_ID" ]] || fail "$APP_DIR bundle id is $bundle_id, expected $BUNDLE_ID"
|
||||
[[ "$version" == "$APP_VERSION" ]] || fail "$APP_DIR version is $version, expected $APP_VERSION"
|
||||
[[ "$build" == "$BUILD_NUMBER" ]] || fail "$APP_DIR build is $build, expected $BUILD_NUMBER"
|
||||
[[ ! -e "$APP_DIR/Contents/embedded.provisionprofile" ]] \
|
||||
|| fail "$APP_DIR contains an embedded provisioning profile; direct DMG app should not"
|
||||
}
|
||||
|
||||
verify_dmg() {
|
||||
require_file "$DMG_PATH"
|
||||
if command -v diskutil >/dev/null 2>&1 &&
|
||||
diskutil image info "$DMG_PATH" 2>/dev/null | grep -q "Image Format: UDZO"; then
|
||||
return
|
||||
fi
|
||||
|
||||
if command -v hdiutil >/dev/null 2>&1 &&
|
||||
hdiutil imageinfo "$DMG_PATH" 2>/dev/null | grep -q "Format: UDZO"; then
|
||||
return
|
||||
fi
|
||||
|
||||
fail "$DMG_PATH is not a compressed read-only UDZO image"
|
||||
}
|
||||
|
||||
verify_pkg() {
|
||||
require_file "$PKG_PATH"
|
||||
pkgutil --check-signature "$PKG_PATH" >/dev/null
|
||||
|
||||
local expanded_parent
|
||||
local expanded
|
||||
expanded_parent="$(mktemp -d "$DIST_DIR/pkg-verify.XXXXXX")"
|
||||
TEMP_PATHS+=("$expanded_parent")
|
||||
expanded="$expanded_parent/expanded.pkg"
|
||||
|
||||
pkgutil --expand-full "$PKG_PATH" "$expanded" >/dev/null
|
||||
|
||||
local plist
|
||||
plist="$(find "$expanded" -path "*/I Hate PDFs.app/Contents/Info.plist" -print -quit)"
|
||||
[[ -n "$plist" ]] || fail "$PKG_PATH does not contain I Hate PDFs.app"
|
||||
|
||||
local app_contents
|
||||
app_contents="$(dirname "$plist")"
|
||||
local version
|
||||
local build
|
||||
local bundle_id
|
||||
version="$(plist_value "$plist" "CFBundleShortVersionString")"
|
||||
build="$(plist_value "$plist" "CFBundleVersion")"
|
||||
bundle_id="$(plist_value "$plist" "CFBundleIdentifier")"
|
||||
|
||||
[[ "$bundle_id" == "$BUNDLE_ID" ]] || fail "$PKG_PATH app bundle id is $bundle_id, expected $BUNDLE_ID"
|
||||
[[ "$version" == "$APP_VERSION" ]] || fail "$PKG_PATH app version is $version, expected $APP_VERSION"
|
||||
[[ "$build" == "$BUILD_NUMBER" ]] || fail "$PKG_PATH app build is $build, expected $BUILD_NUMBER"
|
||||
[[ -e "$app_contents/embedded.provisionprofile" ]] \
|
||||
|| fail "$PKG_PATH app is missing embedded.provisionprofile"
|
||||
|
||||
local app_bundle
|
||||
local entitlements
|
||||
app_bundle="$(dirname "$app_contents")"
|
||||
entitlements="$expanded/entitlements.plist"
|
||||
codesign -d --entitlements :- "$app_bundle" > "$entitlements" 2>/dev/null \
|
||||
|| fail "$PKG_PATH app entitlements could not be read"
|
||||
[[ "$(plist_value "$entitlements" "com.apple.security.app-sandbox")" == "true" ]] \
|
||||
|| fail "$PKG_PATH app is missing com.apple.security.app-sandbox"
|
||||
[[ "$(plist_value "$entitlements" "com.apple.security.files.user-selected.read-write")" == "true" ]] \
|
||||
|| fail "$PKG_PATH app is missing com.apple.security.files.user-selected.read-write"
|
||||
|
||||
rm -rf "$expanded_parent"
|
||||
}
|
||||
|
||||
verify_app_bundle
|
||||
verify_dmg
|
||||
|
||||
if [[ "$REQUIRE_APP_STORE_PKG" == "1" || -e "$PKG_PATH" ]]; then
|
||||
verify_pkg
|
||||
elif [[ "$REQUIRE_APP_STORE_PKG" == "0" ]]; then
|
||||
echo "Skipping App Store pkg verification because $PKG_PATH does not exist."
|
||||
else
|
||||
fail "invalid REQUIRE_APP_STORE_PKG=$REQUIRE_APP_STORE_PKG"
|
||||
fi
|
||||
|
||||
echo "Verified release artifacts for I Hate PDFs $APP_VERSION ($BUILD_NUMBER)."
|
||||
Reference in New Issue
Block a user