Uploading an app to apple and waiting for notarisation to complete

package_mac.sh

# script setup
set -Eeuxo pipefail

setup_colors() {
  if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then
    NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m'
  else
    NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW=''
  fi
}

msg() {
  echo >&2 -e "${1-}"
}

die() {
  local msg=$1
  local code=${2-1} # default exit status 1
  msg "${RED}${msg}${NOFORMAT}"
  exit "$code"
}

bump_bundle_version() {
  BUNDLE_VERSION=$(/usr/libexec/PlistBuddy -c "Print :CFBundleVersion" source/mac/Info.plist)
  ((BUNDLE_VERSION=$BUNDLE_VERSION + 1))
  /usr/libexec/PlistBuddy -c "Set :CFBundleVersion $BUNDLE_VERSION" source/mac/Info.plist
  msg "${CYAN}Set CFBundleVersion to '$BUNDLE_VERSION'${NOFORMAT}"
}

setup_colors

# get params
APP_NAME="$1"
BUNDLE_ID="$2"
TEAM_ID="$3"
UNAME="$4"
PASS="$5"

UPLOAD_INFO_PLIST="upload_info.plist"
REQUEST_INFO_PLIST="request_info.plist"

# an ever increasing bundle version
bump_bundle_version

# create project
./premake xcode4

# create archive
xcodebuild -workspace "build/xcode4/${APP_NAME}.xcworkspace" -scheme "${APP_NAME}" clean archive -archivePath "bin/xcode4/Archive/${APP_NAME}.xcarchive"

# export a distributable app from the archive
cp source/mac/ExportOptions.plist bin/xcode4/Archive
plutil -insert teamID -string "$TEAM_ID" bin/xcode4/Archive/ExportOptions.plist
xcodebuild -exportArchive -archivePath "bin/xcode4/Archive/${APP_NAME}.xcarchive" -exportOptionsPlist bin/xcode4/Archive/ExportOptions.plist -exportPath bin/xcode4/Package

# move into package dir
pushd bin/xcode4/Package

# zip app for upload
ditto -c -k --keepParent ${APP_NAME}.app ${APP_NAME}.zip

# upload for notarization
xcrun altool --notarize-app \
  --primary-bundle-id ${BUNDLE_ID}.zip \
  --asc-provider ${TEAM_ID} \
  -u $UNAME \
  -p $PASS \
  --file ${APP_NAME}.zip \
  --output-format xml > ${UPLOAD_INFO_PLIST}

# extract the upload request uuid
REQUEST_UUID=$(/usr/libexec/PlistBuddy -c "Print :notarization-upload:RequestUUID" "${UPLOAD_INFO_PLIST}")

# wait for notarization to complete
while true;
do
    xcrun altool --notarization-info ${REQUEST_UUID} \
        -u ${UNAME} \
        -p ${PASS} \
        --output-format xml > ${REQUEST_INFO_PLIST}

    STATUS=$(/usr/libexec/PlistBuddy -c "Print :notarization-info:Status" ${REQUEST_INFO_PLIST})
    if [ "${STATUS}" != "in progress" ];
    then
        break
    else
        sleep 30
    fi
done

# staple the notarization ticket, enables gatekeeper to verify the signature while offline
xcrun stapler staple "${APP_NAME}.app"
xcrun stapler validate "${APP_NAME}.app"

# check security
spctl -a -vvv "${APP_NAME}.app"

# make sure app is runnable
if ! open "${APP_NAME}.app" -g -j --args --quit; then
	die "ERROR: app crashed. Maybe make sure frameworks are set to 'Embed & Sign' (or 'Embed Without Signing' if you disable library validation under hardened runtime)"
else
	msg "Package ran OK"
fi

popd

# copy to upload dir
rm -rf package/mac
mkdir -p package/mac/
ditto "bin/xcode4/Package/${APP_NAME}.app" "package/mac/${APP_NAME}.app"

Uploading the resulting app to Itch.io as a zip is working both from the launcher and when opened from finder. Although you have to leave it for some random amount of time before it start working from Itch for some reason?

Example: https://gist.github.com/thomashope/7935ae8b99f037a4dd7d739c1d82a88f

The issue with the app not launching for a while after updating from the itch.io launcher was due to not bumping CFBundleVersion in the Info.plist.

I've updated the gist to automatically increase the bundle version on every run.