Elgato_dark/Neon-Vision-Editor
1
0
Fork 0
mirror of https://github.com/h3pdesign/Neon-Vision-Editor synced 2026-04-21 13:27:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Harden DMG mount verification in notarized release workflows

Browse source
This commit is contained in:
h3p 2026-02-25 18:32:16 +01:00
parent 48baae288e
commit cb2a500344
6 changed files with 27 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.github/workflows/release-notarized-selfhosted.yml vendored
View file

@ -277,9 +277,11 @@ jobs:
gh release download "$TAG_NAME" -p Neon.Vision.Editor.app.zip -p Neon.Vision.Editor.app.dmg -D "$WORK_DIR"
ditto -x -k "$WORK_DIR/Neon.Vision.Editor.app.zip" "$WORK_DIR/extracted"
scripts/ci/verify_icon_payload.sh "$WORK_DIR/extracted/Neon Vision Editor.app"
MOUNT_POINT="$(hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -quiet | awk '/\/Volumes\// {print $3; exit}')"
if [[ -z "${MOUNT_POINT}" ]]; then
echo "Failed to mount DMG asset." >&2
MOUNT_POINT="$WORK_DIR/dmg-mount"
mkdir -p "$MOUNT_POINT"
hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -mountpoint "$MOUNT_POINT" -quiet
if [[ ! -d "$MOUNT_POINT/Neon Vision Editor.app" ]]; then
echo "Mounted DMG does not contain app bundle." >&2
exit 1
fi
scripts/ci/verify_icon_payload.sh "$MOUNT_POINT/Neon Vision Editor.app"

8
.github/workflows/release-notarized.yml vendored
View file

@ -235,9 +235,11 @@ jobs:
gh release download "$TAG_NAME" -p Neon.Vision.Editor.app.zip -p Neon.Vision.Editor.app.dmg -D "$WORK_DIR"
ditto -x -k "$WORK_DIR/Neon.Vision.Editor.app.zip" "$WORK_DIR/extracted"
scripts/ci/verify_icon_payload.sh "$WORK_DIR/extracted/Neon Vision Editor.app"
MOUNT_POINT="$(hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -quiet | awk '/\/Volumes\// {print $3; exit}')"
if [[ -z "${MOUNT_POINT}" ]]; then
echo "Failed to mount DMG asset." >&2
MOUNT_POINT="$WORK_DIR/dmg-mount"
mkdir -p "$MOUNT_POINT"
hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -mountpoint "$MOUNT_POINT" -quiet
if [[ ! -d "$MOUNT_POINT/Neon Vision Editor.app" ]]; then
echo "Mounted DMG does not contain app bundle." >&2
exit 1
fi
scripts/ci/verify_icon_payload.sh "$MOUNT_POINT/Neon Vision Editor.app"

4
Neon Vision Editor.xcodeproj/project.pbxproj
View file

@ -361,7 +361,7 @@
CODE_SIGNING_ALLOWED = YES;
CODE_SIGN_IDENTITY = "Apple Development";
CODE_SIGN_STYLE = Automatic;
CURRENT_PROJECT_VERSION = 353;
CURRENT_PROJECT_VERSION = 354;
DEAD_CODE_STRIPPING = YES;
DEVELOPMENT_TEAM = CS727NF72U;
ENABLE_APP_SANDBOX = YES;
@ -441,7 +441,7 @@
CODE_SIGNING_ALLOWED = YES;
CODE_SIGN_IDENTITY = "Apple Development";
CODE_SIGN_STYLE = Automatic;
CURRENT_PROJECT_VERSION = 353;
CURRENT_PROJECT_VERSION = 354;
DEAD_CODE_STRIPPING = YES;
DEVELOPMENT_TEAM = CS727NF72U;
ENABLE_APP_SANDBOX = YES;

8
scripts/ci/verify_release_asset.sh
View file

@ -26,9 +26,11 @@ ditto -x -k "$WORK_DIR/Neon.Vision.Editor.app.zip" "$WORK_DIR/extracted"
APP="$WORK_DIR/extracted/Neon Vision Editor.app"
REQUIRE_ICONSTACK=1 scripts/ci/verify_icon_payload.sh "$APP"
MOUNT_POINT="$(hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -quiet | awk '/\/Volumes\// {print $3; exit}')"
if [[ -z "${MOUNT_POINT}" ]]; then
echo "Failed to mount DMG asset." >&2
MOUNT_POINT="$WORK_DIR/dmg-mount"
mkdir -p "$MOUNT_POINT"
hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -mountpoint "$MOUNT_POINT" -quiet
if [[ ! -d "$MOUNT_POINT/Neon Vision Editor.app" ]]; then
echo "Mounted DMG does not contain app bundle." >&2
exit 1
fi
trap 'hdiutil detach "${MOUNT_POINT}" -quiet || true' EXIT

8
scripts/workflow-templates/release-notarized-selfhosted.yml
View file

@ -271,9 +271,11 @@ jobs:
gh release download "$TAG_NAME" -p Neon.Vision.Editor.app.zip -p Neon.Vision.Editor.app.dmg -D "$WORK_DIR"
ditto -x -k "$WORK_DIR/Neon.Vision.Editor.app.zip" "$WORK_DIR/extracted"
scripts/ci/verify_icon_payload.sh "$WORK_DIR/extracted/Neon Vision Editor.app"
MOUNT_POINT="$(hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -quiet | awk '/\/Volumes\// {print $3; exit}')"
if [[ -z "${MOUNT_POINT}" ]]; then
echo "Failed to mount DMG asset." >&2
MOUNT_POINT="$WORK_DIR/dmg-mount"
mkdir -p "$MOUNT_POINT"
hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -mountpoint "$MOUNT_POINT" -quiet
if [[ ! -d "$MOUNT_POINT/Neon Vision Editor.app" ]]; then
echo "Mounted DMG does not contain app bundle." >&2
exit 1
fi
scripts/ci/verify_icon_payload.sh "$MOUNT_POINT/Neon Vision Editor.app"

8
scripts/workflow-templates/release-notarized.yml
View file

@ -235,9 +235,11 @@ jobs:
gh release download "$TAG_NAME" -p Neon.Vision.Editor.app.zip -p Neon.Vision.Editor.app.dmg -D "$WORK_DIR"
ditto -x -k "$WORK_DIR/Neon.Vision.Editor.app.zip" "$WORK_DIR/extracted"
scripts/ci/verify_icon_payload.sh "$WORK_DIR/extracted/Neon Vision Editor.app"
MOUNT_POINT="$(hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -quiet | awk '/\/Volumes\// {print $3; exit}')"
if [[ -z "${MOUNT_POINT}" ]]; then
echo "Failed to mount DMG asset." >&2
MOUNT_POINT="$WORK_DIR/dmg-mount"
mkdir -p "$MOUNT_POINT"
hdiutil attach "$WORK_DIR/Neon.Vision.Editor.app.dmg" -nobrowse -mountpoint "$MOUNT_POINT" -quiet
if [[ ! -d "$MOUNT_POINT/Neon Vision Editor.app" ]]; then
echo "Mounted DMG does not contain app bundle." >&2
exit 1
fi
scripts/ci/verify_icon_payload.sh "$MOUNT_POINT/Neon Vision Editor.app"