New Release-DeveloperID configuration gates Sparkle behind a SPARKLE
compile flag so the App Store Release build stays Sparkle-free. Adds
SPUStandardUpdaterController wrapper, Check for Updates menu command,
Advanced Settings section with beta channel toggle, and a Ruby script
plus GitHub Actions job that signs each release and publishes the
appcast to gh-pages for consumption by Sparkle and Homebrew cask.
Without sdk:"macosx", gym treats the multiplatform scheme as iOS and
fails with "IPA invalid". Without an explicit destination xcodebuild
picked tvOS. The output_name also needed the .app suffix removed since
gym appends .pkg for macOS app-store exports.
Fetch a match profile for the new stream.yattee.app.TopShelf bundle,
switch the extension target to manual signing, and map its profile in
build_app export_options so the tvOS archive signs both the main app
and the Top Shelf extension.
Without explicit identity, xcodebuild defaults to "iOS Development"
which doesn't exist on CI. Set "Apple Distribution" for App Store
builds and "Developer ID Application" for notarized builds.
Replaced sed-based CODE_SIGN_STYLE override with fastlane's
update_code_signing_settings which also sets PROVISIONING_PROFILE_SPECIFIER.
This fixes the YatteeShareExtension build failure where it couldn't
find a provisioning profile under manual signing.
- Write latest_build_number.txt to repo root using explicit path
(fastlane runs from fastlane/ subdir, so relative path was wrong)
- Remove update_fastlane from before_all to avoid CI instability
Query App Store Connect for the latest TestFlight build number across
all platforms (iOS, tvOS, macOS) and auto-increment it, eliminating
the need for the separate bump-build workflow.
Single unified "Yattee" scheme replaces per-platform schemes.
Release workflow now has toggleable platform inputs instead of
matrix strategy. Standalone mac notarized workflow removed in
favor of the build_mac_notarized toggle. Share extension bundle
ID updated from Open-in-Yattee to ShareExtension.
The DEVELOPER_KEY_CONTENT secret is stored base64-encoded, so fastlane
needs to be told to decode it before parsing. Matches the approach on
rewrite/v2. Removes the openssl-shell-out workaround from the previous
commits, which was solving the wrong problem.
GitHub secrets store multi-line PEMs as a single line with literal "\n"
sequences. Fastlane's app_store_connect_api_key action un-escapes them
via gsub before use; the helper must do the same before writing the
temp file, otherwise openssl sees garbage.
The hosted macOS runner's OpenSSL rejects Apple's PKCS#8 .p8 key via
OpenSSL::PKey::EC.new with "invalid curve name". Shell out to system
openssl to convert the key to SEC1/traditional PEM before handing it
to fastlane's app_store_connect_api_key action.
Ref: fastlane/fastlane#20593
This commit implements a workaround for MPVKit shipping frameworks as
shallow bundles, which are incompatible with macOS Developer ID
distribution requirements.
Changes:
1. Raised macOS deployment target to 14.0
- Matches MPVKit's minimum requirement
- Previous: 11.0
- New: 14.0
2. Added Run Script phase to convert frameworks
- Converts MPVKit frameworks from shallow to versioned bundles
- Required for macOS Developer ID code signing
- Runs after framework embedding
- Converts all 28 MPVKit frameworks during build
3. Modified fastlane build process
- Build and archive without export
- Create PKG directly from archive
- Avoids extended attribute issues from export process
4. Pinned MPVKit to specific commit
- Commit: e7e914a70e943f0d4f050c9ede793af8f6e74ad7
- Ensures consistent framework structure
Known Issues:
- Some frameworks (Libplacebo, Libluajit) have signature issues after
conversion that still prevent successful notarization
- This is a workaround; the root issue should be fixed in MPVKit by
providing macOS-compatible versioned bundle frameworks
See minimal reproduction project at:
/tmp/MPVKit-Notarization-Issue/MPVKitNotarizationTest/
Related: MPVKit should provide macOS-specific XCFrameworks with
versioned bundles for proper Developer ID distribution support.
🤖 Generated with Claude Code (https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add print_log: true to notarize action to display detailed error
messages when notarization fails in GitHub Actions.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
