#!/usr/bin/env bash # 一次性签名环境配置:检查证书 + 录入 Apple ID 凭证 + 写入 .env.signing # 用法: pnpm sign:setup set -euo pipefail cd "$(dirname "$0")/.." KEYCHAIN_PROFILE="GeoRanklySign" ENV_FILE=".env.signing" R=$'\033[31m'; G=$'\033[32m'; Y=$'\033[33m'; B=$'\033[1m'; N=$'\033[0m' ok() { echo " ${G}✓${N} $1"; } fail() { echo " ${R}✗${N} $1"; } warn() { echo " ${Y}!${N} $1"; } hr() { echo ""; echo "${B}── $1 ──${N}"; } # ── 1. Xcode CLT ──────────────────────────────────────────────── hr "1/3 检查 Xcode Command Line Tools" if xcode-select -p >/dev/null 2>&1; then ok "已安装:$(xcode-select -p)" else fail "未安装" echo " 请在终端运行 ${B}xcode-select --install${N},弹窗装好后再来" exit 1 fi # ── 2. Developer ID 证书 ──────────────────────────────────────── hr "2/3 检查 Developer ID Application 证书" IDENTITIES=$(security find-identity -v -p codesigning | grep "Developer ID Application" || true) if [ -z "$IDENTITIES" ]; then fail "钥匙串里没找到 Developer ID Application 证书" cat </dev/null 2>&1; then ok "钥匙串里已有 profile:$KEYCHAIN_PROFILE" read -r -p " 是否重新录入?(y/N): " RECONFIG [[ "${RECONFIG:-n}" =~ ^[Yy]$ ]] || NEED_CREDENTIALS=0 fi if [ "$NEED_CREDENTIALS" = "1" ]; then echo "" echo " 需要 ${B}Apple ID 邮箱${N} + ${B}App 专用密码${N}(不是登录密码!)" echo " 生成 App 专用密码: https://appleid.apple.com → 登录与安全 → App 专用密码 → +" echo "" read -r -p " Apple ID 邮箱: " APPLE_ID read -r -s -p " App 专用密码 (xxxx-xxxx-xxxx-xxxx): " APPLE_PWD echo "" if ! xcrun notarytool store-credentials "$KEYCHAIN_PROFILE" \ --apple-id "$APPLE_ID" \ --team-id "$TEAM_ID" \ --password "$APPLE_PWD" >/dev/null; then fail "凭证录入失败,常见原因:密码格式错(需带短横线),或 Team ID 不匹配" exit 1 fi ok "凭证已存入钥匙串(profile: ${KEYCHAIN_PROFILE})" fi # ── 写入 .env.signing ─────────────────────────────────────────── cat > "$ENV_FILE" <