#!/bin/bash
#
# create-dmg packages the aws-vault CLI binary for macOS
# using Apple's signing and notorizing process
#

set -euo pipefail

notarization_status() {
  xcrun altool --notarization-info "$1" --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_APP_PASSWORD" 2>&1 \
    | awk -F ': ' '/Status:/ { print $2; }'
}

get_apple_id() {
  /usr/libexec/PlistBuddy -c "print :Accounts:0:AccountID" ~/Library/Preferences/MobileMeAccounts.plist
}

BIN_PATH="$1"
DMG_PATH="${2:-$1.dmg}"
APPLE_ID_USERNAME="${APPLE_ID_USERNAME:-$(get_apple_id)}"
APPLE_ID_APP_PASSWORD="${APPLE_ID_APP_PASSWORD:-"@keychain:AC_PASSWORD"}"
CERT_ID="${CERT_ID:-"Developer ID Application: 99designs Inc (NRM9HVJ62Z)"}"
BUNDLE_ID="${BUNDLE_ID:-"com.99designs.aws-vault"}"

tmplog=$(mktemp)
tmpdir="$(mktemp -d)"
trap "rm -rf $tmpdir $tmplog" EXIT

cp -a $BIN_PATH $tmpdir/aws-vault
src_path="$tmpdir/aws-vault"

echo "Signing binary"
codesign --options runtime --timestamp --sign "$CERT_ID" "$src_path"

echo "Creating dmg"
hdiutil create -quiet -srcfolder "$src_path" "$DMG_PATH"

echo "Signing dmg"
codesign --timestamp --sign "$CERT_ID" "$DMG_PATH"

echo "Submitting notorization request"
if ! xcrun altool --notarize-app --primary-bundle-id "$BUNDLE_ID" --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_APP_PASSWORD" --file $DMG_PATH > $tmplog 2>&1 ; then
  cat $tmplog
  exit 1
fi
request_uuid=$(cat "$tmplog" | awk '/RequestUUID/ { print $NF; }')
echo "Finished submitting, got Request UUID $request_uuid"

echo "Waiting for notorization to complete"
echo -n "..."
status=$(notarization_status "$request_uuid")
last_status=""
while [[ "$status" != "success" ]] ; do
  echo -n .
  sleep 10
  status=$(notarization_status "$request_uuid")
  if [[ "$status" != "$last_status" ]] ; then
    echo -n "$status"
    last_status="$status"
  fi
done
echo

echo "Stapling"
xcrun stapler staple -q $DMG_PATH
