#!/bin/sh -u

# Notarization script
# 
# Usage: 
#	NotarizeApp <asc-provider> <username> <password> <primary-bundle-id> <bundle-file>
#
# Example usage:
#	NotarizeApp AB0CDEF2GF 'user@example.net' 'thepasswordinplaintext' 'net.example.MyApp' MyApp.pkg
#	NotarizeApp AB0CDEF2GF 'user@example.net' '@keychain:notarize-app' 'net.example.MyApp' MyApp.pkg
#
# Original source from which this script was derived: https://github.com/rednoah/notarize-app

ASC_PROVIDER="$1"
ASC_USERNAME="$2"
ASC_PASSWORD="$3"
BUNDLE_ID="$4"
BUNDLE_PKG="$5"

echo Notarization script called with:
echo - asc-provider = "$1"
echo - username = "$2"
echo - password = "$3"
echo - primary-bundle-id = "$4"
echo - bundle-file = "$5"

# Create temporary files
NOTARIZE_APP_LOG=$(mktemp -t notarize-app)
NOTARIZE_INFO_LOG=$(mktemp -t notarize-info)

# Delete temporary files on exit
function finish {
	echo Cleaning up temporary files...
	rm "$NOTARIZE_APP_LOG" "$NOTARIZE_INFO_LOG"
}
trap finish EXIT

# Submit app for notarization, extract unique ID and check for success
echo Submitting app to Apple for notarization. Upload might take a while for bigger files...
if xcrun altool --notarize-app --asc-provider "$ASC_PROVIDER" --username "$ASC_USERNAME" --password "$ASC_PASSWORD" --primary-bundle-id "$BUNDLE_ID" -f "$BUNDLE_PKG" > "$NOTARIZE_APP_LOG" 2>&1; then
	
	echo App was submitted for notarization. See log below:
	cat "$NOTARIZE_APP_LOG"

	# Extract RequestUUID from response of notarization command
	RequestUUID=$(awk -F ' = ' '/RequestUUID/ {print $2}' "$NOTARIZE_APP_LOG")

	# Check status periodically (using extracted RequestUUID, and while showing some progressing time indication)
	echo Now checking notarization status every 30 seconds until completion...
	while sleep 30; do
		
		# Check notarization status (with time indication)
		echo $(date +'%Y%m%d %H:%M:%S') - performing new status check...
		if xcrun altool --notarization-info "$RequestUUID" --asc-provider "$ASC_PROVIDER" --username "$ASC_USERNAME" --password "$ASC_PASSWORD" > "$NOTARIZE_INFO_LOG" 2>&1; then

			# Once notarization is complete, run stapler and exit
			if grep -q "Status: success" "$NOTARIZE_INFO_LOG"; then
				echo Notarization is now complete. See log below:
				cat "$NOTARIZE_INFO_LOG" 1>&2

				echo Waiting another 30 seconds before stapling, because we had issues when stapling right after notarization...
				sleep 30

				echo Now stapling the app bundle...
				echo xcrun stapler staple "$BUNDLE_PKG"
				xcrun stapler staple "$BUNDLE_PKG"
				exit $?
			else
				if grep -q "Status: in progress" "$NOTARIZE_INFO_LOG"; then
					echo Still in progress. Waiting another 30 seconds before doing a new status check...
				else
					echo ERROR: notarization status is not "in progress" and also not "success"! See log below:
					cat "$NOTARIZE_INFO_LOG" 1>&2
					exit 1 
				fi
			fi
		else
			echo ERROR: notarization status check failed! See log below:
			cat "$NOTARIZE_INFO_LOG" 1>&2
			exit 1
		fi
	done
else
	echo ERROR: submitting app for notarization failed! See log below:
	cat "$NOTARIZE_APP_LOG" 1>&2
	exit 1
fi