Allow notarization of different files. Relates to #3094

scripts/build.sh

@@ -90,6 +90,7 @@ function usage() {
     echo "Note: The keychain profile must be set up ahead of time using your developer Apple ID account and Team ID:"
     echo "  xcrun notarytool store-credentials -v --apple-id APPLE_ID --team-id TEAM_ID --password APP_SPECIFIC_PASSWORD"
     echo "  -y             - Keychain profile name (Default: HAMMERSPOON_BUILDSH)"
+    echo "  -z             - Path to a file to notarize (Default: build/Hammerspoon.app.zip"
     echo ""
     echo "RELEASE OPTIONS:"
     echo "  -w             - Twitter account to announce release with (Default: _hammerspoon)"
@@ -114,7 +115,7 @@ fi
 #fi;
 
 # Parse the rest of any arguments
-PARSED_ARGUMENTS=$(getopt ds:c:x:ujmtqakly:w:ep:o:r $*)
+PARSED_ARGUMENTS=$(getopt ds:c:x:ujmtqakly:z:w:ep:o:r $*)
 if [ $? != 0 ]; then
     usage
 fi
@@ -201,6 +202,9 @@ do
         -y)
             KEYCHAIN_PROFILE=${2}; shift
             shift;;
+        -z)
+            NOTARIZATION_FILE=${2}; shift
+            shift;;
         -p)
             P12_FILE="${2}"; shift
             shift;;
@@ -303,6 +307,7 @@ export GITHUB_REPO="${GITHUB_REPO:-hammerspoon}"
 export SENTRY_TOKEN_API_FILE="${TOKENPATH}/token-sentry-api"
 export SENTRY_TOKEN_AUTH_FILE="${TOKENPATH}/token-sentry-auth"
 export NOTARIZATION_TOKEN_FILE="${TOKENPATH}/token-notarization"
+export NOTARIZATION_FILE="${NOTARIZATION_FILE:-}"
 
 # Calculate options for xcbeautify
 export XCB_OPTS=(-q)

scripts/libbuild.sh

@@ -275,15 +275,20 @@ function op_keychain_post() {
 }
 
 function op_notarize() {
-    echo " Notarizing ${HAMMERSPOON_BUNDLE_PATH}..."
+    echo " Notarizing ${NOTARIZATION_FILE:-${HAMMERSPOON_BUNDLE_PATH}}..."
     op_notarize_assert
 
-    echo " Zipping..."
-    local ZIP_PATH="${HAMMERSPOON_BUNDLE_PATH}.zip"
-    create_zip "${HAMMERSPOON_BUNDLE_PATH}" "${ZIP_PATH}"
+    local IS_ZIP=0
+    if [ "${NOTARIZATION_FILE}" == "" ]; then
+        echo " Zipping..."
+        local ZIP_PATH="${HAMMERSPOON_BUNDLE_PATH}.zip"
+        create_zip "${HAMMERSPOON_BUNDLE_PATH}" "${ZIP_PATH}"
+        NOTARIZATION_FILE="${ZIP_PATH}"
+        IS_ZIP=1
+    fi
 
     echo " Uploading to Apple Notary Service (may take many minutes)..."
-    local UPLOAD_OUTPUT ; UPLOAD_OUTPUT=$(xcrun notarytool submit "${ZIP_PATH}" --keychain-profile "${KEYCHAIN_PROFILE}" --wait -f json)
+    local UPLOAD_OUTPUT ; UPLOAD_OUTPUT=$(xcrun notarytool submit "${NOTARIZATION_FILE}" --keychain-profile "${KEYCHAIN_PROFILE}" --wait -f json)
     local UPLOAD_ID ; UPLOAD_ID=$(echo "${UPLOAD_OUTPUT}" | jq -r .id)
     local UPLOAD_STATUS ; UPLOAD_STATUS=$(echo "${UPLOAD_OUTPUT}" | jq -r .status)
     local UPLOAD_MSG ; UPLOAD_MSG=$(echo "${UPLOAD_OUTPUT}" | jq -r .message)
@@ -306,12 +311,14 @@ function op_notarize() {
         fail "Notarization rejection"
     fi
 
-    # Remove the zip we uploaded for Notarization
-    ${RM} "${HAMMERSPOON_BUNDLE_PATH}.zip"
+    if [ "${IS_ZIP}" == "1" ]; then
+        # Remove the zip we uploaded for Notarization
+        ${RM} "${HAMMERSPOON_BUNDLE_PATH}.zip"
 
-    # At this stage we don't know if this is a full release build or a CI build, so prepare a notarized zip for both
-    create_zip "${HAMMERSPOON_BUNDLE_PATH}" "${HAMMERSPOON_BUNDLE_PATH}-$(release_version).zip"
-    create_zip "${HAMMERSPOON_BUNDLE_PATH}" "${HAMMERSPOON_BUNDLE_PATH}-$(nightly_version).zip"
+        # At this stage we don't know if this is a full release build or a CI build, so prepare a notarized zip for both
+        create_zip "${HAMMERSPOON_BUNDLE_PATH}" "${HAMMERSPOON_BUNDLE_PATH}-$(release_version).zip"
+        create_zip "${HAMMERSPOON_BUNDLE_PATH}" "${HAMMERSPOON_BUNDLE_PATH}-$(nightly_version).zip"
+    fi
 
     echo " ✅ Notarization successful!"
 }
@@ -346,7 +353,7 @@ function op_release() {
     # We always do a local test of the signed/notarized build, to ensure it runs
     echo "Opening Finder for a local test..."
     open -R "${HAMMERSPOON_BUNDLE_PATH}"
-    echo -n "******** TEST THE BUILD PLEASE ('yes' to confirm it works):"
+    echo -n "******** TEST THE BUILD PLEASE ('yes' to confirm it works): "
     local REPLY=""
     read -r REPLY