chore: Improve macOS codesigning script

- Update shebang to `#!/bin/bash` and enable strict mode with `set -euo pipefail`.
- Introduce variables for keychain name, password, path, and certificate path to improve readability and maintainability.
- Add a check to create the keychain only if it doesn't already exist.
- Update `security` commands to use the newly defined path variables for clarity.

Author: softartdev

.github/scripts/import_macos_dev_id_cert.sh

@@ -1,12 +1,31 @@
-#!/bin/sh
+#!/bin/bash
+set -euo pipefail
 
-security create-keychain -p "" build.keychain
-security default-keychain -s build.keychain
-security unlock-keychain -p "" build.keychain
+KEYCHAIN_NAME="build.keychain-db"
+KEYCHAIN_PASSWORD=""
+KEYCHAIN_PATH="$HOME/Library/Keychains/$KEYCHAIN_NAME"
+P12_PATH=".github/secrets/macos_dev_id_cert.p12"
 
-security import ./app/desktop/macOS_development.p12 \
-  -k build.keychain \
+# Create keychain if it doesn't exist yet
+if [ ! -f "$KEYCHAIN_PATH" ]; then
+  security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_NAME"
+fi
+
+# Add keychain to the search list and make it default for this session
+security list-keychains -s "$KEYCHAIN_PATH" $(security list-keychains | sed 's/[",]//g')
+security default-keychain -s "$KEYCHAIN_PATH"
+security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+
+# Import Developer ID certificate
+security import "$P12_PATH" \
+  -k "$KEYCHAIN_PATH" \
   -P "$LARGE_SECRET_PASSPHRASE" \
-  -T /usr/bin/codesign -T /usr/bin/productbuild -T /usr/bin/security
+  -T /usr/bin/codesign \
+  -T /usr/bin/productbuild
 
-security set-key-partition-list -S apple-tool:,apple: -s -k "" build.keychain
+# Allow non-interactive access for codesign / productbuild / notarytool
+security set-key-partition-list \
+  -S apple-tool:,apple: \
+  -s \
+  -k "$KEYCHAIN_PASSWORD" \
+  "$KEYCHAIN_PATH"

app/desktop/build.gradle.kts

@@ -50,7 +50,7 @@ compose.desktop {
         nativeDistributions {
             targetFormats(TargetFormat.Dmg, TargetFormat.Msi, TargetFormat.Deb)
             packageName = "Note Delight"
-            packageVersion = "8.4.603"
+            packageVersion = "8.4.604"
             description = "Note app with encryption"
             copyright = "© 2023 SoftArtDev"
             macOS.iconFile.set(project.file("src/jvmMain/resources/app_icon.icns"))