diff --git a/.github/workflows/build-macos.yml b/.github/workflows/build-macos.yml index 34cd02365..dd3e6ecd4 100644 --- a/.github/workflows/build-macos.yml +++ b/.github/workflows/build-macos.yml @@ -25,125 +25,55 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Detect Tag Version - if: startsWith(github.ref, 'refs/tags/v') - run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - - - name: Detect Commit Hash - if: github.event_name == 'workflow_dispatch' - run: echo "VERSION=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV - - name: Setup Go uses: actions/setup-go@v5 with: go-version: 1.24.3 cache-dependency-path: runner/go.sum - - name: Download runtime - run: | - cd runner - make download - - - name: Build Nexa Cli + - name: Build Nexa SDK + env: + VERSION: ${{ github.ref_name }} run: | cd runner - make build + make download build rm build/ml.h - - name: Upload Artifact + - name: Upload build Artifact uses: actions/upload-artifact@v4 with: name: nexa-cli_macos_${{ matrix.arch }} path: runner/build include-hidden-files: true - package-and-release: - name: Package for macos_${{ matrix.arch }} - needs: build-cli - runs-on: ${{ matrix.runner }} - if: github.ref_type == 'tag' - strategy: - fail-fast: false - matrix: - include: - - runner: macos-13 - arch: x86_64 - - runner: macos-14 - arch: arm64 - env: - VERSION: ${{ github.ref_name }} - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Download build artifacts - uses: actions/download-artifact@v4 - with: - name: nexa-cli_macos_${{ matrix.arch }} - path: artifacts - - - name: Prepare file structure for packaging - id: prep_files - run: | - chmod +x runner/release/darwin/scripts/prepackage.sh - bash runner/release/darwin/scripts/prepackage.sh "${{ env.VERSION }}" - - - name: Fix dylib Linkages (RPATH) - run: | - RESOURCES_PATH="${{ env.APP_PATH }}/Contents/Resources" - install_name_tool -add_rpath "@loader_path" "${RESOURCES_PATH}/nexa-cli" - - - name: Import Code Signing Certificates + - name: Sign Nexa SDK env: APP_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} APP_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + APP_SIGNING_IDENTITY: ${{ secrets.APPLE_ID_APPLICATION }} INSTALLER_CERTIFICATE_BASE64: ${{ secrets.APPLE_INSTALLER_CERTIFICATE_BASE64 }} INSTALLER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + INSTALLER_SIGNING_IDENTITY: ${{ secrets.APPLE_ID_INSTALLER }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} + TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + VERSION: ${{ github.ref_name }} run: | - echo $APP_CERTIFICATE_BASE64 | base64 --decode > app_certificate.p12 - echo $INSTALLER_CERTIFICATE_BASE64 | base64 --decode > installer_certificate.p12 - security create-keychain -p "" build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p "" build.keychain - security import app_certificate.p12 -k build.keychain -P $APP_CERTIFICATE_PASSWORD -T /usr/bin/codesign - security import installer_certificate.p12 -k build.keychain -P $INSTALLER_CERTIFICATE_PASSWORD -T /usr/bin/productsign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "" build.keychain - - - name: Sign binaries and libraries - run: | - chmod +x runner/release/darwin/scripts/sign.sh - bash runner/release/darwin/scripts/sign.sh "${{ env.APP_PATH }}" "${{ secrets.APPLE_ID_APPLICATION }}" - - - name: Build PKG - run: | - pkgbuild --root "${{ steps.prep_files.outputs.STAGING_DIR }}" \ - --scripts "${{ steps.prep_files.outputs.SCRIPTS_DIR }}" \ - --identifier "com.nexaai.nexa-sdk" \ - --version "${{ env.VERSION }}" \ - --install-location / \ - "artifacts/nexa-cli_macos_${{ matrix.arch }}-unsigned.pkg" - - - name: Productsign PKG - run: | - productsign --sign "${{ secrets.APPLE_ID_INSTALLER }}" --timestamp "artifacts/nexa-cli_macos_${{ matrix.arch }}-unsigned.pkg" "artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg" - pkgutil --check-signature "artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg" - rm "artifacts/nexa-cli_macos_${{ matrix.arch }}-unsigned.pkg" + cd runner + make package - - name: Notarize & Staple PKG - run: | - chmod +x runner/release/darwin/scripts/notarize.sh - bash runner/release/darwin/scripts/notarize.sh \ - "artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg" \ - "${{ secrets.APPLE_ID }}" \ - "${{ secrets.APPLE_ID_PASSWORD }}" \ - "${{ secrets.APPLE_TEAM_ID }}" + - name: Upload pkg Artifact + uses: actions/upload-artifact@v4 + with: + name: nexa-cli_macos_${{ matrix.arch }}.pkg + path: runner/artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg + include-hidden-files: true - name: Create GitHub Release uses: softprops/action-gh-release@v2 with: repository: NexaAI/nexa-sdk - tag_name: ${{ env.VERSION }} + tag_name: ${{ github.ref_name }} files: | artifacts/nexa-cli_macos_${{ matrix.arch }}.pkg draft: ${{ contains(github.ref, '-rc') }} diff --git a/.gitignore b/.gitignore index f4b6962a9..0f1da3eb2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Build and binary files build/ +artifacts/ *.exe *.exe~ *.dll diff --git a/runner/.gitignore b/runner/.gitignore index c0b332981..7c74233b7 100644 --- a/runner/.gitignore +++ b/runner/.gitignore @@ -1,3 +1,4 @@ +build/ *.png *.jpg diff --git a/runner/Makefile b/runner/Makefile index c3b51a960..c627ea58d 100644 --- a/runner/Makefile +++ b/runner/Makefile @@ -1,5 +1,6 @@ BRIDGE_VERSION ?= v1.0.19-rc19 +VERSION ?= $(shell git rev-parse --short HEAD) ifeq ($(OS), Windows_NT) OS := windows ARCH ?= $(shell powershell -NoProfile -NonInteractive "switch ((Get-CimInstance Win32_Processor).Architecture) { 0 {'x86'} 5 {'arm'} 9 {'x86_64'} 12 {'arm64'} Default {'unknown'} }") @@ -7,6 +8,7 @@ ifeq ($(OS), Windows_NT) RM := powershell -NoProfile -NonInteractive "Remove-Item -Recurse -Force -ErrorAction SilentlyContinue -Path" MKDIR := powershell -NoProfile -NonInteractive "New-Item -ItemType Directory -Force -Path" MKLINK := powershell -NoProfile -NonInteractive "New-Item -ItemType Junction -Path 'build' -Target '..\..\nexasdk-bridge\build\out'" + MKPACKAGE := echo "Package not supported yet on Windows" && exit 1 else OS := $(shell echo $(shell uname -s) | tr '[:upper:]' '[:lower:]') ifeq ($(OS), darwin) @@ -20,9 +22,10 @@ else RM := rm -rf MKDIR := mkdir -p MKLINK := ln -s ../../nexasdk-bridge/build/out build + MKPACKAGE := ./release/$(OS)/package.sh $(VERSION) $(ARCH) endif -.PHONY: build link download clean +.PHONY: build link download package clean build: go build -ldflags "-s -w" -o build/nexa$(EXE) ./cmd/nexa-launcher @@ -41,5 +44,11 @@ download: clean https://nexa-model-hub-bucket.s3.us-west-1.amazonaws.com/public/nexasdk/$(BRIDGE_VERSION)/$(OS)_$(ARCH)/nexasdk-bridge.zip cd build && tar -xf nexasdk-bridge.zip && $(RM) nexasdk-bridge.zip && $(RM) nexa_bridge.lib +package: + @echo "====> Creating installer package for $(OS)_$(ARCH)" + -$(RM) artifacts + $(MKPACKAGE) + clean: -$(RM) build + -$(RM) artifacts diff --git a/runner/release/darwin/scripts/notarize.sh b/runner/release/darwin/scripts/notarize.sh deleted file mode 100644 index e5396cebb..000000000 --- a/runner/release/darwin/scripts/notarize.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -set -e - -PKG_PATH="$1" -APPLE_ID="$2" -APPLE_PASSWORD="$3" -TEAM_ID="$4" - -if [ -z "$PKG_PATH" ] || [ -z "$APPLE_ID" ] || [ -z "$APPLE_PASSWORD" ] || [ -z "$TEAM_ID" ]; then - echo "Usage: $0 " - exit 1 -fi - -echo "--- Starting notarization for ${PKG_PATH} ---" - -NOTARIZATION_OUTPUT=$(xcrun notarytool submit "$PKG_PATH" --apple-id "$APPLE_ID" --password "$APPLE_PASSWORD" --team-id "$TEAM_ID" --wait) -echo "$NOTARIZATION_OUTPUT" - -SUBMISSION_ID=$(echo "$NOTARIZATION_OUTPUT" | grep -oE 'id: [0-9a-f-]+' | head -n 1 | awk '{print $2}') - -if [ -z "$SUBMISSION_ID" ]; then - echo "::error::Failed to extract submission ID. Notarization failed." - exit 1 -fi - -NOTARIZATION_INFO=$(xcrun notarytool info "$SUBMISSION_ID" --apple-id "$APPLE_ID" --password "$APPLE_PASSWORD" --team-id "$TEAM_ID") -STATUS=$(echo "$NOTARIZATION_INFO" | grep "status:" | awk '{print $2}') -echo "Final notarization status: $STATUS" - -if [ "$STATUS" != "Accepted" ]; then - echo "::error::Notarization was not successful. Fetching log..." - xcrun notarytool log "$SUBMISSION_ID" --apple-id "$APPLE_ID" --password "$APPLE_PASSWORD" --team-id "$TEAM_ID" - exit 1 -fi - -echo "Stapling notarization ticket..." -xcrun stapler staple "$PKG_PATH" - -echo "--- Notarization and stapling complete ---" \ No newline at end of file diff --git a/runner/release/darwin/scripts/prepackage.sh b/runner/release/darwin/scripts/prepackage.sh deleted file mode 100755 index ef6f15cad..000000000 --- a/runner/release/darwin/scripts/prepackage.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash -set -e - -VERSION="$1" -if [ -z "$VERSION" ]; then - echo "Usage: $0 " - exit 1 -fi - -echo "--- Preparing file structure for version ${VERSION} ---" - -APP_BASE="staging/Applications" -APP_NAME="NexaCLI" -APP_PATH="${APP_BASE}/${APP_NAME}.app" - -echo "Creating directories..." -mkdir -p "${APP_PATH}/Contents/MacOS" -mkdir -p "${APP_PATH}/Contents/Resources" - -echo "Moving build artifacts..." -mv artifacts/* "${APP_PATH}/Contents/Resources/" - -echo "Copying support files..." -cp runner/release/darwin/scripts/uninstall.sh "${APP_PATH}/Contents/Resources/" -chmod +x "${APP_PATH}/Contents/Resources/uninstall.sh" -cp runner/release/darwin/nexa-icon.icns "${APP_PATH}/Contents/Resources/" - -echo "Creating Info.plist..." -sed "s/\${VERSION}/${VERSION}/g" runner/release/darwin/Info.plist > "${APP_PATH}/Contents/Info.plist" - -echo "Creating launcher script..." -cat << EOF > "${APP_PATH}/Contents/MacOS/launcher" -#!/usr/bin/osascript -tell application "Terminal" - activate - do script "nexa" -end tell -EOF - -echo "Setting permissions..." -chmod +x "${APP_PATH}/Contents/MacOS/launcher" -chmod +x "${APP_PATH}/Contents/Resources/nexa" -chmod +x "${APP_PATH}/Contents/Resources/nexa-cli" - -# IMPORTANT: this path needs to be updated if plugin name has been updated -if [ -d "${APP_PATH}/Contents/Resources/metal/python_runtime/bin" ]; then - chmod -R +x "${APP_PATH}/Contents/Resources/metal/python_runtime/bin" -fi - -echo "Preparing PKG scripts..." -mkdir -p "pkg_scripts" -cp runner/release/darwin/scripts/preinstall pkg_scripts/ -chmod +x pkg_scripts/preinstall -cp runner/release/darwin/scripts/postinstall pkg_scripts/ -chmod +x pkg_scripts/postinstall - -echo "--- File preparation complete ---" - -echo "STAGING_DIR=staging" >> $GITHUB_OUTPUT -echo "SCRIPTS_DIR=pkg_scripts" >> $GITHUB_OUTPUT -echo "APP_PATH=${APP_PATH}" >> $GITHUB_ENV diff --git a/runner/release/darwin/scripts/sign.sh b/runner/release/darwin/scripts/sign.sh deleted file mode 100644 index df566f107..000000000 --- a/runner/release/darwin/scripts/sign.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -set -e - -APP_PATH="$1" -SIGNING_IDENTITY="$2" - -if [ -z "$APP_PATH" ] || [ -z "$SIGNING_IDENTITY" ]; then - echo "Usage: $0 " - exit 1 -fi - -echo "--- Signing binaries and libraries in ${APP_PATH} ---" - -RESOURCES_PATH="${APP_PATH}/Contents/Resources" - -echo "Signing dylibs and executables..." -find "$RESOURCES_PATH" -type f \( -name "*.dylib" -o -name "*.so" \) -exec codesign --force --options runtime --timestamp --verify -s "$SIGNING_IDENTITY" {} \; - -if [ -d "$RESOURCES_PATH/metal/python_runtime/bin" ]; then - find "$RESOURCES_PATH/metal/python_runtime/bin" -type f -name "python*" -exec codesign --force --options runtime --timestamp --verify -s "$SIGNING_IDENTITY" --entitlements runner/release/darwin/entitlements.plist {} \; -fi - -find "$RESOURCES_PATH" -type f -name "nexa*" -maxdepth 1 -exec codesign --force --options runtime --timestamp --verify -s "$SIGNING_IDENTITY" --entitlements runner/release/darwin/entitlements.plist {} \; -codesign --force --options runtime --timestamp --verify -s "$SIGNING_IDENTITY" --entitlements runner/release/darwin/entitlements.plist "${APP_PATH}/Contents/MacOS/launcher" - -echo "Signing main app bundle..." -codesign --force --options runtime --timestamp --verify -s "$SIGNING_IDENTITY" --entitlements runner/release/darwin/entitlements.plist "$APP_PATH" - -echo "Verifying signatures..." -codesign --verify --deep --strict --verbose=4 "$APP_PATH" - -echo "--- Signing complete ---" diff --git a/runner/release/darwin/Info.plist b/runner/release/macos/Applications/NexaCLI.app/Contents/Info.plist similarity index 100% rename from runner/release/darwin/Info.plist rename to runner/release/macos/Applications/NexaCLI.app/Contents/Info.plist diff --git a/runner/release/macos/Applications/NexaCLI.app/Contents/MacOS/launcher b/runner/release/macos/Applications/NexaCLI.app/Contents/MacOS/launcher new file mode 100644 index 000000000..1192c2c34 --- /dev/null +++ b/runner/release/macos/Applications/NexaCLI.app/Contents/MacOS/launcher @@ -0,0 +1,5 @@ +#!/usr/bin/osascript +tell application "Terminal" + activate + do script "nexa" +end tell \ No newline at end of file diff --git a/runner/release/darwin/nexa-icon.icns b/runner/release/macos/Applications/NexaCLI.app/Contents/Resources/nexa-icon.icns similarity index 100% rename from runner/release/darwin/nexa-icon.icns rename to runner/release/macos/Applications/NexaCLI.app/Contents/Resources/nexa-icon.icns diff --git a/runner/release/darwin/scripts/uninstall.sh b/runner/release/macos/Applications/NexaCLI.app/Contents/Resources/uninstall.sh similarity index 100% rename from runner/release/darwin/scripts/uninstall.sh rename to runner/release/macos/Applications/NexaCLI.app/Contents/Resources/uninstall.sh diff --git a/runner/release/darwin/entitlements.plist b/runner/release/macos/entitlements.plist similarity index 100% rename from runner/release/darwin/entitlements.plist rename to runner/release/macos/entitlements.plist diff --git a/runner/release/macos/package.sh b/runner/release/macos/package.sh new file mode 100755 index 000000000..c7d611738 --- /dev/null +++ b/runner/release/macos/package.sh @@ -0,0 +1,169 @@ +#!/bin/bash + +set -euo pipefail + +readonly VERSION="$1" ARCH="$2" +readonly APP_PATH="artifacts/Applications/NexaCLI.app" +readonly RESOURCES_PATH="$APP_PATH/Contents/Resources" +readonly KEYCHAIN="build.keychain" + +readonly RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' +log() { echo -e "${GREEN}[INFO]${NC} $*" >&2; } +warn() { echo -e "${YELLOW}[WARN]${NC} $*" >&2; } +die() { echo -e "${RED}[ERROR]${NC} $*" >&2; exit 1; } + +setup_bundle() { + log "Setting up application bundle..." + mkdir -p "$RESOURCES_PATH" + cp -r release/macos/Applications artifacts/ + cp -r build/* "$RESOURCES_PATH" + sed -i '' "s/\${VERSION}/$VERSION/g" "$APP_PATH/Contents/Info.plist" +} + +fix_libs() { + log "Fixing library paths..." + [[ -f "$RESOURCES_PATH/nexa-cli" ]] && install_name_tool -add_rpath "@loader_path" "$RESOURCES_PATH/nexa-cli" +} + +set_perms() { + log "Setting permissions..." + chmod +x "$APP_PATH/Contents/MacOS/launcher" "$RESOURCES_PATH/nexa" "$RESOURCES_PATH/nexa-cli" 2>/dev/null || true + [[ -d "$RESOURCES_PATH/metal/python_runtime/bin" ]] && chmod -R +x "$RESOURCES_PATH/metal/python_runtime/bin" + log "Permissions set successfully" +} + +import_certs() { + log "Setting up signing environment..." + security delete-keychain "$KEYCHAIN" 2>/dev/null || true + security create-keychain -p "" "$KEYCHAIN" + security default-keychain -s "$KEYCHAIN" + security unlock-keychain -p "" "$KEYCHAIN" + + log "Importing certificates..." + [[ -z "${APP_CERTIFICATE_BASE64:-}" ]] && die "APP_CERTIFICATE_BASE64 not set" + [[ -z "${APP_CERTIFICATE_PASSWORD:-}" ]] && die "APP_CERTIFICATE_PASSWORD not set" + echo "$APP_CERTIFICATE_BASE64" | base64 --decode > "codesign_cert.p12" + security import "codesign_cert.p12" -k "$KEYCHAIN" -P "$APP_CERTIFICATE_PASSWORD" -T "/usr/bin/codesign" + rm "codesign_cert.p12" + + [[ -z "${INSTALLER_CERTIFICATE_BASE64:-}" ]] && die "INSTALLER_CERTIFICATE_BASE64 not set" + [[ -z "${INSTALLER_CERTIFICATE_PASSWORD:-}" ]] && die "INSTALLER_CERTIFICATE_PASSWORD not set" + echo "$INSTALLER_CERTIFICATE_BASE64" | base64 --decode > "productsign_cert.p12" + security import "productsign_cert.p12" -k "$KEYCHAIN" -P "$INSTALLER_CERTIFICATE_PASSWORD" -T "/usr/bin/productsign" + rm "productsign_cert.p12" + + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "" "$KEYCHAIN" + security list-keychains -s "$KEYCHAIN" +} + +sign_app() { + log "Signing application..." + [[ -z "${APP_SIGNING_IDENTITY:-}" ]] && die "APP_SIGNING_IDENTITY not set" + + local entitlements="release/macos/entitlements.plist" + + local lib_files=() macho_files=() + while IFS= read -r f; do + case "$f" in + *.dylib|*.so) lib_files+=("$f") ;; + *) + if file "$f" | grep -q "Mach-O"; then + macho_files+=("$f") + fi + ;; + esac + done < <(find "$RESOURCES_PATH" -type f) + + for f in "${lib_files[@]}"; do + (log "Signing dependency: $f"; codesign -s "$APP_SIGNING_IDENTITY" --force --options runtime --timestamp "$f") & + done + + for f in "${macho_files[@]}"; do + (log "Signing executable: $f"; codesign -s "$APP_SIGNING_IDENTITY" --force --options runtime --timestamp --entitlements "$entitlements" "$f") & + done + + wait + + codesign -s "$APP_SIGNING_IDENTITY" --force --options runtime --timestamp --entitlements "$entitlements" "$APP_PATH/Contents/MacOS/launcher" + codesign -s "$APP_SIGNING_IDENTITY" --force --options runtime --timestamp --entitlements "$entitlements" "$APP_PATH" + codesign --verify --deep --strict --verbose=4 "$APP_PATH" + log "App signing complete." +} + +build_pkg() { + log "Building PKG installer..." + local pkg="artifacts/nexa-cli_macos_${ARCH}-unsigned.pkg" + pkgbuild --root artifacts --scripts "release/macos/scripts" \ + --identifier "com.nexaai.nexa-sdk" --version "$VERSION" \ + --install-location / "$pkg" >/dev/null + echo "$pkg" +} + +sign_pkg() { + local unsigned="$1" signed="artifacts/nexa-cli_macos_${ARCH}.pkg" + log "Signing PKG installer..." + [[ -z "${INSTALLER_SIGNING_IDENTITY:-}" ]] && die "INSTALLER_SIGNING_IDENTITY not set" + productsign --sign "$INSTALLER_SIGNING_IDENTITY" "$unsigned" "$signed" >/dev/null || die "PKG signing failed" + pkgutil --check-signature "$signed" >/dev/null || die "PKG signature verification failed" + rm "$unsigned" + echo "$signed" +} + + +notarize() { + local pkg="$1" + log "Submitting PKG for notarization..." + [[ -z "${APPLE_ID:-}" ]] && die "APPLE_ID not set" + [[ -z "${APPLE_PASSWORD:-}" ]] && die "APPLE_PASSWORD not set" + [[ -z "${TEAM_ID:-}" ]] && die "TEAM_ID not set" + + local output + output=$(xcrun notarytool submit "$pkg" --apple-id "$APPLE_ID" --password "$APPLE_PASSWORD" --team-id "$TEAM_ID" --wait) + + local submission_id + submission_id=$(echo "$output" | grep -oE 'id: [0-9a-f-]+' | head -n 1 | awk '{print $2}') + [[ -z "$submission_id" ]] && die "Failed to extract submission ID" + + local submission_info + submission_info=$(xcrun notarytool info "$submission_id" --apple-id "$APPLE_ID" --password "$APPLE_PASSWORD" --team-id "$TEAM_ID") + + local status + status=$(echo "$submission_info" | grep "status:" | awk '{print $2}') + log "Notarization status: $status" + [[ "$status" != "Accepted" ]] && { + xcrun notarytool log "$submission_id" --apple-id "$APPLE_ID" --password "$APPLE_PASSWORD" --team-id "$TEAM_ID" + die "Notarization failed" + } + + log "Stapling PKG..." + xcrun stapler staple "$pkg" + log "Notarization completed successfully" +} + +cleanup() { + [[ -n "${APP_CERTIFICATE_BASE64:-}" ]] && { + log "Cleaning up keychain..." + security delete-keychain "$KEYCHAIN" 2>/dev/null || true + } +} + +main() { + [[ -z "$VERSION" ]] && die "Usage: $0 " + log "Creating macOS installer package for version $VERSION, arch $ARCH" + + setup_bundle + fix_libs + set_perms + + import_certs + sign_app + + local pkg_file + pkg_file=$(build_pkg) + pkg_file=$(sign_pkg "$pkg_file") + notarize "$pkg_file" + log "Package created successfully: $pkg_file" +} + +trap 'cleanup || true' EXIT +main "$@" \ No newline at end of file diff --git a/runner/release/darwin/scripts/postinstall b/runner/release/macos/scripts/postinstall similarity index 100% rename from runner/release/darwin/scripts/postinstall rename to runner/release/macos/scripts/postinstall diff --git a/runner/release/darwin/scripts/preinstall b/runner/release/macos/scripts/preinstall similarity index 100% rename from runner/release/darwin/scripts/preinstall rename to runner/release/macos/scripts/preinstall