I think it would be beneficial for those of us distributing outside the Mac App Store to be able to run a custom script after the notarization post-action on Xcode Cloud, to upload the notarized binary to something like S3. Will this workflow be considered or implemented in the future? Right now, it's only possible to run a custom script post-build rather than post-notarization.
Run custom script after post-actions on Xcode Cloud
After working on this further, I've concluded it's impossible to use Xcode cloud for this purpose currently, unless I'm missing something. I'm actually unsure what the Notarize post-action is intended for, as there's no way to automate getting that notarized binary out of Xcode Cloud making it useless in a CI environment.
One possible workaround I tried was to remove the notarize post-action step and instead do notarization and stapling myself as part of a ci_post_xcodebuild script, however then the signing step will not produce a developer-id signed archive, it's just missing.
Hello, I have encountered the same issue and I have found this work around:
- Within your workflow add the Notarize - macOS step
- Add this in your ci_post_xcodebuild.sh script:
#!/bin/bash -x
# Set the directory paths and versions
APP_PATH="${CI_DEVELOPER_ID_SIGNED_APP_PATH}/<YOUR-APP.APP>"
INFO_PLIST_PATH="${APP_PATH}/Contents/Info.plist"
APP_VERSION=$(/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" "$INFO_PLIST_PATH")
ZIP_PATH=/Volumes/workspace/YOUR-APP-$APP_VERSION-$CI_BUILD_NUMBER.zip
echo "Post-build script started."
# Compress the application for notarization
ditto -c -k --keepParent "$APP_PATH" "$ZIP_PATH"
notary_output=$(xcrun notarytool submit "$ZIP_PATH" --apple-id "$XCODE_CLOUD_ID" --password "$APP_SPECIFIC_PASSWORD" --team-id "$TEAM_ID" --wait 2>&1)
# Staple notarization
echo "Notarization succeeded"
xcrun stapler staple "$APP_PATH"
exit_status=$?
# Check if the command failed
if [ $exit_status -ne 0 ]; then
echo "Notary tool submission failed with exit status $exit_status"
echo "Output: $notary_output"
exit 1
fi
echo "Party time!"
- Within your workflow secrets add these values:
XCODE_CLOUD_ID
APP_SPECIFIC_PASSWORD
TEAM_ID
It should now work :) it all hangs based on the location of your signed app at this path CI_DEVELOPER_ID_SIGNED_APP_PATH and that path variable is only populated when the Notarize step is added into the workflow
Also as an addition to the steps above, the only way that we have been able to get the build out of Xcode cloud was using an AWS S3 bucket. You can do upload it to your instance after you have compressed the stapled version of your app.