macos: script build sign validate upload

re #222

macos/.gitignore

@@ -0,0 +1 @@
+/build/

macos/README.md

@@ -4,23 +4,6 @@ For the time being, we're building an Intel binary only. Universal builds to com
 
 - Install build tools: `brew install cmake gettext`
 - Install build dependencies: `brew install wxwidgets jpeg-turbo openssl`
-- Build release app bundle:
-```
-   mkdir build
-   cd build
-   MACOSX_DEPLOYMENT_TARGET=10.15 cmake .. -DCMAKE_BUILD_TYPE=Release
-   cmake --build .
-   cmake --install . --prefix .
-```
-- [Sign the app](https://developer.apple.com/documentation/xcode/creating-distribution-signed-code-for-the-mac):
-  - Get distribution codesigning identity: `security find-identity -p codesigning -v`
-  - Sign embedded libs: `codesign -s <codesigning-ID> -f -i net.christianbeier.MultiVNC.libs MultiVNC.app/Contents/Frameworks/*`
-  - Sign app: `codesign -s <codesigning-ID> --entitlements ../macos/MultiVNC.entitlements MultiVNC.app`
-  - Verify: `codesign -d -vv MultiVNC.app`
-- [Build an installer package for App Store distribution](https://developer.apple.com/documentation/xcode/packaging-mac-software-for-distribution):
-  - Get Mac Installer Distribution signing identity: `security find-identity -v`
-  - `productbuild --sign <codesigning-ID> --component MultiVNC.app /Applications MultiVNC.pkg`
-- [Validate and upload package](https://help.apple.com/asc/appsaltool)
-  - Might need an app-specific password if using 2FA.
-  - Need to create app in https://appstoreconnect.apple.com/apps first.
-  - Validate: `xcrun altool --validate-app -f MultiVNC.pkg -t osx -u <apple-id> -p <password> --output-format xml`
+- Building a release app bundle, [signing the app](https://developer.apple.com/documentation/xcode/creating-distribution-signed-code-for-the-mac),
+  [building an installer package for App Store distribution](https://developer.apple.com/documentation/xcode/packaging-mac-software-for-distribution) as well as
+  [validating and uploading the package](https://help.apple.com/asc/appsaltool) is all done by the `build-sign-validate-upload.sh` script.

macos/build-sign-validate-upload.sh

@@ -0,0 +1,58 @@
+#!/bin/sh
+
+[ -z "$CODESIGN_ID_DISTRIBUTION" ] && {
+    echo "Please set CODESIGN_ID_DISTRIBUTION env var. You can get it via 'security find-identity -p codesigning -v'"
+    exit 1
+}
+
+[ -z "$CODESIGN_ID_INSTALLER" ] && {
+    echo "Please set CODESIGN_ID_INSTALLER env var. You can get it via 'security find-identity -v'"
+    exit 1
+}
+
+[ -z "$APPLE_ID_EMAIL" ] && {
+    echo "Please set APPLE_ID_EMAIL env var."
+    exit 1
+}
+
+[ -z "$APPLE_ID_PASSWORD" ] && {
+    echo "Please set APPLE_ID_PASSWORD env var.  Might need an app-specific password if using 2FA, which you can create at https://appstoreconnect.apple.com/apps"
+    exit 1
+}
+
+set -e
+
+echo
+echo "Build release app bundle"
+echo
+mkdir -p build
+cd build
+MACOSX_DEPLOYMENT_TARGET=10.15 cmake ../.. -DCMAKE_BUILD_TYPE=Release
+make -j
+cmake --install . --prefix .
+
+echo
+echo "Sign embedded libs"
+echo
+codesign -s $CODESIGN_ID_DISTRIBUTION -f -i net.christianbeier.MultiVNC.libs MultiVNC.app/Contents/Frameworks/*
+
+echo
+echo "Sign app"
+echo
+codesign -s $CODESIGN_ID_DISTRIBUTION --entitlements ../MultiVNC.entitlements MultiVNC.app
+
+
+echo
+echo "Verify signing"
+echo
+codesign -d -vv MultiVNC.app
+
+echo
+echo "Build an installer package for App Store distribution"
+echo
+productbuild --sign $CODESIGN_ID_INSTALLER --component MultiVNC.app /Applications MultiVNC.pkg
+
+echo
+echo "Validate package"
+echo
+xcrun altool --validate-app -f MultiVNC.pkg -t osx -u $APPLE_ID_EMAIL -p $APPLE_ID_PASSWORD --output-format xml