From bbedb38c301730980787860272c4bebf9e9daeca Mon Sep 17 00:00:00 2001
From: dreamer <1185977+dromer@users.noreply.github.com>
Date: Sat, 1 Nov 2025 13:43:01 +0100
Subject: [PATCH] optional notarization step (#511)

* optional notarization step

* use correct package

* add optional keychain profile and log comment
---
 utils/package-osx-bundles.sh | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/utils/package-osx-bundles.sh b/utils/package-osx-bundles.sh
index 8406a19e..ecfeb41a 100755
--- a/utils/package-osx-bundles.sh
+++ b/utils/package-osx-bundles.sh
@@ -158,5 +158,22 @@ productbuild \
   "${PKG_SIGN_ARGS[@]}" \
   ${MACOS_PKG_SNAME}-macOS.pkg
 
-# xcrun notarytool submit build/*-macOS.pkg --keychain-profile "build-notary" --wait
-# xcrun notarytool log --keychain-profile "build-notary" 00000000-0000-0000-0000-000000000000
+if [ -n "${MACOS_NOTARIZATION_USER}" ] && [ -n "${MACOS_NOTARIZATION_PASS}" ] && [ -n "${MACOS_NOTARIZATION_TEAM}" ]; then
+  # Notarize using credentials
+  xcrun notarytool submit ${MACOS_PKG_SNAME}-macOS.pkg \
+    --apple-id ${MACOS_NOTARIZATION_USER} \
+    --password ${MACOS_NOTARIZATION_PASS} \
+    --team-id ${MACOS_NOTARIZATION_TEAM} \
+    --wait
+  xcrun stapler staple ${MACOS_PKG_SNAME}-macOS.pkg
+elif [ -n "${MACOS_KEYCHAIN_PROFILE}" ]; then
+  # Notarize using keychain profile
+  xcrun notarytool submit ${MACOS_PKG_SNAME}-macOS.pkg \
+    --keychain-profile ${MACOS_KEYCHAIN_PROFILE} \
+    --wait
+  xcrun stapler staple ${MACOS_PKG_SNAME}-macOS.pkg
+fi
+
+# To get logs of your notarization note the notarization id (of the form `00000000-0000-0000-0000-000000000000`) 
+# and use either your credentials or keychain profile:
+# xcrun notarytool log --keychain-profile ${MACOS_KEYCHAIN_PROFILE} ${NOTARIZATION_ID}