#!/bin/bash
#
# build_dmg.sh — PUBLIC‑SAFE VERSION
#
# Purpose:
#   Packages the application into a DMG, signs it, and prepares it for notarization.
#
# Notes for public sharing:
#   - Replace all placeholders (YOUR NAME, TEAMID, plugin name, etc.).
#   - Do NOT insert your real Developer ID certificate name into public posts.
#   - This script contains no private keys or credentials.
#

set -euo pipefail
source "$(dirname "$0")/build_config.sh"

echo "=== Starting DMG build ==="

mkdir -p "$RELEASES"
rm -f "$DMG_NAME"

echo "=== Preparing wrapper folder ==="
WRAPPER="$APP_ROOT/DMGWrapper"
APP_FOLDER="$WRAPPER/MyApp"

rm -rf "$WRAPPER"
mkdir -p "$APP_FOLDER"

echo "=== Copying full runtime into wrapper ==="
cp -R "$APP_ROOT"/* "$APP_FOLDER/"

WRAPPED_APP="$APP_FOLDER/MyApp.app"

echo "=== Injecting plugin into sibling Extensions folder ==="
PLUGIN_SRC="$APP_ROOT/Extensions/MyPlugin.fmplugin"
PLUGIN_DEST="$APP_FOLDER/Extensions"

mkdir -p "$PLUGIN_DEST"
cp -R "$PLUGIN_SRC" "$PLUGIN_DEST/"

echo "=== Deep signing app bundle ==="
codesign --force --deep --options runtime \
  --sign "Developer ID Application: YOUR NAME (TEAMID)" \
  "$WRAPPED_APP"

echo "=== Verifying signature ==="
codesign --verify --deep --strict --verbose=4 "$WRAPPED_APP"

echo "=== Creating DMG ==="
hdiutil create \
  -volname "$VOL_NAME" \
  -srcfolder "$WRAPPER" \
  -ov \
  -format UDZO \
  "$DMG_NAME"

rm -rf "$WRAPPER"

echo "=== Signing DMG ==="
codesign --force --sign "Developer ID Application: YOUR NAME (TEAMID)" "$DMG_NAME"

echo "=== DMG build complete ==="