Mac app notarization from the command line

Makefile

.PHONY: notarize

SIGNING_CERTIFICATE := $(shell security find-certificate -Z -c "Developer ID Application:" | grep "SHA-1" | awk 'NF { print $$NF }')
TEAM_ID := $(shell security find-certificate -c "Developer ID Application:" | grep "alis" | awk 'NF { print $$NF }' | tr -d \(\)\")
EXPORT_PATH := $(XCS_ARCHIVE)/Submissions
BUNDLE_APP := $(EXPORT_PATH)/NewMacApp.app
BUNDLE_ZIP := $(EXPORT_PATH)/NewMacApp.zip
UPLOAD_INFO_PLIST := $(EXPORT_PATH)/UploadInfo.plist
REQUEST_INFO_PLIST := $(EXPORT_PATH)/RequestInfo.plist
AUDIT_INFO_JSON := $(EXPORT_PATH)/AuditInfo.json
PRODUCT_DIR := $(XCS_ARCHIVE)/Products/Applications
PRODUCT_APP := $(PRODUCT_DIR)/NewMacApp.app

define notify
	@ /usr/bin/osascript -e 'display notification $2 with title $1'
endef

define wait_while_in_progress
	while true; do \
		/usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST) ;\
		if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "in progress" ]; then \
			break ;\
		fi ;\
		/usr/bin/osascript -e 'display notification "Zzz…" with title "Notarization"' ;\
		sleep 60 ;\
	done
endef

notarize:	
	$(call notify, "Notarization", "Replacing export options…")
	/usr/bin/plutil -replace signingCertificate -string $(SIGNING_CERTIFICATE) ExportOptions.plist
	/usr/bin/plutil -replace teamID -string $(TEAM_ID) ExportOptions.plist
	$(call notify, "Notarization", "Exporting an archive…")
	/usr/bin/xcrun xcodebuild -exportArchive -archivePath $(XCS_ARCHIVE) -exportPath $(EXPORT_PATH) -exportOptionsPlist ./ExportOptions.plist -IDEPostProgressNotifications=YES -DVTAllowServerCertificates=YES -DVTProvisioningUseServerAccounts=YES -configuration Release
	$(call notify, "Notarization", "Building a ZIP archive…")
	/usr/bin/ditto -c -k --keepParent $(BUNDLE_APP) $(BUNDLE_ZIP)
	$(call notify, "Notarization", "Uploading for notarization…")
	/usr/bin/xcrun altool --notarize-app --primary-bundle-id "app.nativeconnect.NewMacApp.zip" -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) -f $(BUNDLE_ZIP) --output-format xml > $(UPLOAD_INFO_PLIST)
	$(call notify, "Notarization", "Waiting while notarized…")
	/usr/bin/xcrun altool --notarization-info `/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" $(UPLOAD_INFO_PLIST)` -u $(DEVELOPER_USERNAME) -p $(DEVELOPER_PASSWORD) --output-format xml > $(REQUEST_INFO_PLIST)
	$(call wait_while_in_progress)
	$(call notify, "Notarization", "Downloading log file…")
	/usr/bin/curl -o $(AUDIT_INFO_JSON) `/usr/libexec/PlistBuddy -c "Print :notarization-info:LogFileURL" $(REQUEST_INFO_PLIST)`
	if [ `/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" $(REQUEST_INFO_PLIST)` != "success" ]; then \
		false; \
	fi
	$(call notify, "Notarization", "Stapling…")
	/usr/bin/xcrun stapler staple $(BUNDLE_APP)
	$(call notify, "Notarization", "Replacing original for Hockey…")
	rm -rf $(PRODUCT_APP)
	mv $(BUNDLE_APP) $(PRODUCT_DIR)/
	$(call notify, "Notarization", "✅ Done!")