refactor: simplify build scripts and fix quality issues

datlechin · datlechin · commit 2e313f5a6b97 · 2026-03-09T21:55:49.000+07:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -62,12 +62,6 @@ jobs:
           # Link packages with --force and --overwrite (needed for keg-only formulas)
           brew link --force --overwrite mariadb-connector-c 2>/dev/null || true
 
-          # Verify installations
-          if ! brew list mariadb-connector-c >/dev/null 2>&1; then
-            echo "❌ ERROR: mariadb-connector-c installation failed"
-            exit 1
-          fi
-
           echo "✅ ARM64 dependencies installed"
 
       - name: Prepare libraries
@@ -183,12 +177,6 @@ jobs:
           # Link packages with --force (needed for keg-only formulas)
           arch -x86_64 /usr/local/bin/brew link --force --overwrite mariadb-connector-c 2>/dev/null || true
 
-          # Verify installations
-          if ! arch -x86_64 /usr/local/bin/brew list mariadb-connector-c >/dev/null 2>&1; then
-            echo "❌ ERROR: mariadb-connector-c installation failed"
-            exit 1
-          fi
-
           echo "✅ x86_64 dependencies installed"
 
       - name: Prepare libraries
diff --git a/scripts/build-release.sh b/scripts/build-release.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-set -eo pipefail
+set -euo pipefail
 
 # Build script for creating architecture-specific releases
 # Usage: ./build-release.sh [arm64|x86_64|both]
@@ -264,8 +264,7 @@ bundle_dylibs() {
     # (e.g. strchrnul) that don't exist on earlier OS versions → launch crash.
     echo "   Verifying deployment target compatibility..."
     local deploy_target
-    deploy_target=$(xcodebuild -project "$PROJECT" -scheme "$SCHEME" -showBuildSettings 2>/dev/null \
-        | grep -m 1 'MACOSX_DEPLOYMENT_TARGET' | awk '{print $3}')
+    deploy_target=$(echo "$build_settings" | grep -m 1 'MACOSX_DEPLOYMENT_TARGET' | awk '{print $3}')
     if [ -n "$deploy_target" ]; then
         local deploy_major
         deploy_major=$(echo "$deploy_target" | cut -d. -f1)
@@ -301,13 +300,6 @@ bundle_dylibs() {
         echo "   ⚠️  WARNING: Could not determine deployment target, skipping dylib version check"
     fi
 
-    # Sign bundled dylibs (will be re-signed with proper identity later)
-    echo "   Signing bundled libraries (preliminary)..."
-    for fw in "$frameworks_dir"/*.dylib; do
-        [ -f "$fw" ] || continue
-        codesign -fs - --force "$fw" 2>/dev/null || true
-    done
-
     echo "✅ Bundled $count dynamic libraries into Frameworks/"
     ls -lh "$frameworks_dir"/*.dylib 2>/dev/null
 }
@@ -317,6 +309,9 @@ build_for_arch() {
     echo ""
     echo "🔨 Building for $arch..."
 
+    # Fetch build settings once for this arch (used by build_for_arch and bundle_dylibs)
+    build_settings=$(xcodebuild -project "$PROJECT" -scheme "$SCHEME" -configuration "$CONFIG" -arch "$arch" -showBuildSettings 2>&1)
+
     # Prepare architecture-specific libraries
     prepare_mariadb "$arch"
     prepare_libpq "$arch"
@@ -358,7 +353,7 @@ build_for_arch() {
     echo "✅ Build succeeded for $arch"
 
     # Get binary path with validation
-    DERIVED_DATA=$(xcodebuild -project "$PROJECT" -scheme "$SCHEME" -showBuildSettings 2>&1 | grep -m 1 "BUILD_DIR" | awk '{print $3}')
+    DERIVED_DATA=$(echo "$build_settings" | grep -m 1 "BUILD_DIR" | awk '{print $3}')
 
     if [ -z "$DERIVED_DATA" ]; then
         echo "❌ FATAL: Failed to determine build directory from xcodebuild settings"
@@ -500,11 +495,18 @@ build_for_arch() {
         codesign -fs "$SIGN_IDENTITY" --force --options runtime --timestamp "$dylib"
     done
 
-    # Sign plugin bundles (stripped binaries need re-signing)
+    # Sign plugin bundles (stripped binaries need re-signing, preserve entitlements)
     if [ -d "$PLUGINS_DIR" ]; then
         for plugin in "$PLUGINS_DIR"/*.tableplugin; do
             [ -d "$plugin" ] || continue
-            codesign -fs "$SIGN_IDENTITY" --force --options runtime --timestamp "$plugin"
+            local ent_file="/tmp/plugin_entitlements_$$.plist"
+            codesign -d --entitlements - "$plugin" > "$ent_file" 2>/dev/null || true
+            if [ -s "$ent_file" ]; then
+                codesign -fs "$SIGN_IDENTITY" --force --options runtime --timestamp --entitlements "$ent_file" "$plugin"
+            else
+                codesign -fs "$SIGN_IDENTITY" --force --options runtime --timestamp "$plugin"
+            fi
+            rm -f "$ent_file"
         done
     fi
 
diff --git a/scripts/ci/package-artifacts.sh b/scripts/ci/package-artifacts.sh
@@ -9,7 +9,7 @@ if [[ "$ARCH" != "arm64" && "$ARCH" != "x86_64" ]]; then
   exit 1
 fi
 
-VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//' || echo "0.1.13")
+VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//') || { echo "❌ ERROR: Cannot determine version from git tags"; exit 1; }
 
 # --- Create DMG ---
 echo "Creating DMG installer..."
diff --git a/scripts/ci/prepare-libs.sh b/scripts/ci/prepare-libs.sh
@@ -10,7 +10,7 @@ fi
 
 # Prepare libmariadb
 echo "📦 Preparing libmariadb.a for $ARCH..."
-cp Libs/libmariadb_${ARCH}.a Libs/libmariadb.a
+cp "Libs/libmariadb_${ARCH}.a" "Libs/libmariadb.a"
 echo "✅ libmariadb.a ready"
 lipo -info Libs/libmariadb.a
 ls -lh Libs/libmariadb.a
diff --git a/scripts/ci/sign-and-appcast.sh b/scripts/ci/sign-and-appcast.sh
@@ -38,23 +38,21 @@ INFO_PLIST=$(find "$TEMP_DIR" -maxdepth 3 -path "*/Contents/Info.plist" | head -
 if [ -n "$INFO_PLIST" ] && [ -f "$INFO_PLIST" ]; then
   BUILD_NUMBER=$(/usr/libexec/PlistBuddy -c "Print :CFBundleVersion" "$INFO_PLIST" 2>/dev/null || echo "1")
   SHORT_VERSION=$(/usr/libexec/PlistBuddy -c "Print :CFBundleShortVersionString" "$INFO_PLIST" 2>/dev/null || echo "$VERSION")
-  MIN_OS=$(/usr/libexec/PlistBuddy -c "Print :LSMinimumSystemVersion" "$INFO_PLIST" 2>/dev/null || echo "13.5")
+  MIN_OS=$(/usr/libexec/PlistBuddy -c "Print :LSMinimumSystemVersion" "$INFO_PLIST" 2>/dev/null || echo "14.0")
 else
   echo "⚠️  Could not find app Info.plist in ZIP, using defaults from tag"
   BUILD_NUMBER="1"
   SHORT_VERSION="$VERSION"
-  MIN_OS="13.5"
+  MIN_OS="14.0"
 fi
 rm -rf "$TEMP_DIR"
 
-# Extract release notes from CHANGELOG.md and convert to HTML for appcast
-NOTES=$(awk -v ver="$VERSION" '
-  /^## \[/ {
-    if (found) exit
-    if ($0 ~ "\\[" ver "\\]") { found=1; next }
-  }
-  found { print }
-' CHANGELOG.md)
+# Extract release notes for appcast
+if [ -f release_notes.md ]; then
+    NOTES=$(cat release_notes.md)
+else
+    NOTES=$(awk "/^## \\[${VERSION}\\]/{flag=1; next} /^## \\[/{flag=0} flag" CHANGELOG.md)
+fi
 
 if [ -z "$NOTES" ]; then
   RELEASE_HTML="<li>Bug fixes and improvements</li>"
@@ -84,7 +82,7 @@ fi
 DESCRIPTION_HTML="<body style=\"font-family: -apple-system, sans-serif; font-size: 13px; padding: 8px;\">${RELEASE_HTML}</body>"
 
 # Build appcast.xml with architecture-specific items (Sparkle 2 convention)
-DOWNLOAD_PREFIX="https://github.com/datlechin/TablePro/releases/download/v${VERSION}"
+DOWNLOAD_PREFIX="${GITHUB_SERVER_URL:-https://github.com}/${GITHUB_REPOSITORY:-datlechin/TablePro}/releases/download/v${VERSION}"
 PUB_DATE=$(date -u '+%a, %d %b %Y %H:%M:%S +0000')
 
 mkdir -p appcast
