From ae0b9ed96edfb0fdb040ae67294ebeec8e3a4633 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 12:05:52 +0200 Subject: [PATCH 01/15] feat(xcframework): add signing and notarization step for CloudSync.xcframework --- .github/workflows/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0909e2d..751dabe 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -116,6 +116,22 @@ jobs: - name: build sqlite-sync run: ${{ matrix.name == 'linux-musl' && matrix.arch == 'arm64' && 'docker exec alpine' || '' }} make extension ${{ matrix.make && matrix.make || ''}} + - name: sign and notarize xcframework + if: matrix.name == 'apple-xcframework' + run: | + echo "${{ secrets.APPLE_CERTIFICATE }}" | base64 --decode > certificate.p12 + security create-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain + security import certificate.p12 -k build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain + codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework + ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip + xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait + xcrun stapler staple dist/CloudSync.xcframework + rm dist/CloudSync.xcframework.zip certificate.p12 + security delete-keychain build.keychain + - name: android setup test environment if: matrix.name == 'android' && matrix.arch != 'arm64-v8a' run: | From efba6becafd3fc2a79972a32b87000b876fe5492 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 12:29:35 +0200 Subject: [PATCH 02/15] fix(workflow): update sign and notarize step for xcframework --- .github/workflows/main.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 751dabe..55e1036 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -116,7 +116,7 @@ jobs: - name: build sqlite-sync run: ${{ matrix.name == 'linux-musl' && matrix.arch == 'arm64' && 'docker exec alpine' || '' }} make extension ${{ matrix.make && matrix.make || ''}} - - name: sign and notarize xcframework + - name: sign xcframework if: matrix.name == 'apple-xcframework' run: | echo "${{ secrets.APPLE_CERTIFICATE }}" | base64 --decode > certificate.p12 @@ -126,10 +126,7 @@ jobs: security import certificate.p12 -k build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework - ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip - xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait - xcrun stapler staple dist/CloudSync.xcframework - rm dist/CloudSync.xcframework.zip certificate.p12 + rm certificate.p12 security delete-keychain build.keychain - name: android setup test environment From 80075b37590af81f94c487401d16c8c4b86818fd Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 12:52:07 +0200 Subject: [PATCH 03/15] fix(workflow): enhance signing and notarization process for CloudSync.xcframework --- .github/workflows/main.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 55e1036..5f365a8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -125,8 +125,12 @@ jobs: security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain security import certificate.p12 -k build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain - codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework - rm certificate.p12 + find dist/CloudSync.xcframework -name "*.framework" -exec echo "Signing: {}" \; -exec codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime {} \; # Sign each individual framework FIRST + codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework # Then sign the xcframework wrapper + ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip + xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait + find dist/CloudSync.xcframework -name "*.framework" -exec echo "Stapling: {}" \; -exec xcrun stapler staple {} \; # Staple each individual framework + rm dist/CloudSync.xcframework.zip certificate.p12 security delete-keychain build.keychain - name: android setup test environment From a300c0873f615808bf99ef3e409040359a2af5fb Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 13:02:37 +0200 Subject: [PATCH 04/15] fix(workflow):remove useless notarization step --- .github/workflows/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5f365a8..20a2626 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -127,10 +127,7 @@ jobs: security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain find dist/CloudSync.xcframework -name "*.framework" -exec echo "Signing: {}" \; -exec codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime {} \; # Sign each individual framework FIRST codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework # Then sign the xcframework wrapper - ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip - xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait - find dist/CloudSync.xcframework -name "*.framework" -exec echo "Stapling: {}" \; -exec xcrun stapler staple {} \; # Staple each individual framework - rm dist/CloudSync.xcframework.zip certificate.p12 + rm certificate.p12 security delete-keychain build.keychain - name: android setup test environment From 984fc0f5b050ff2de8bd359bea411952148f6b88 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 14:30:36 +0200 Subject: [PATCH 05/15] refactor(xcframework): remove unused cloudsync_autoinit, modulemap and cloudsync header file --- Makefile | 11 ----------- src/cloudsync.c | 4 ---- src/cloudsync.h | 1 - 3 files changed, 16 deletions(-) diff --git a/Makefile b/Makefile index e29ae83..4c4c217 100644 --- a/Makefile +++ b/Makefile @@ -340,24 +340,13 @@ define PLIST endef -define MODULEMAP -framework module CloudSync {\ - umbrella header \"CloudSync.h\"\ - export *\ -} -endef - LIB_NAMES = ios.dylib ios-sim.dylib macos.dylib FMWK_NAMES = ios-arm64 ios-arm64_x86_64-simulator macos-arm64_x86_64 $(DIST_DIR)/%.xcframework: $(LIB_NAMES) @$(foreach i,1 2 3,\ lib=$(word $(i),$(LIB_NAMES)); \ fmwk=$(word $(i),$(FMWK_NAMES)); \ - mkdir -p $(DIST_DIR)/$$fmwk/CloudSync.framework/Headers; \ - mkdir -p $(DIST_DIR)/$$fmwk/CloudSync.framework/Modules; \ - cp src/cloudsync.h $(DIST_DIR)/$$fmwk/CloudSync.framework/Headers/CloudSync.h; \ printf "$(PLIST)" > $(DIST_DIR)/$$fmwk/CloudSync.framework/Info.plist; \ - printf "$(MODULEMAP)" > $(DIST_DIR)/$$fmwk/CloudSync.framework/Modules/module.modulemap; \ mv $(DIST_DIR)/$$lib $(DIST_DIR)/$$fmwk/CloudSync.framework/CloudSync; \ install_name_tool -id "@rpath/CloudSync.framework/CloudSync" $(DIST_DIR)/$$fmwk/CloudSync.framework/CloudSync; \ ) diff --git a/src/cloudsync.c b/src/cloudsync.c index aa63675..2f0bd04 100644 --- a/src/cloudsync.c +++ b/src/cloudsync.c @@ -3245,10 +3245,6 @@ void cloudsync_commit_alter (sqlite3_context *context, int argc, sqlite3_value * // MARK: - Main Entrypoint - -int cloudsync_autoinit (void) { - return sqlite3_auto_extension((void *)sqlite3_cloudsync_init); -} - int cloudsync_register (sqlite3 *db, char **pzErrMsg) { int rc = SQLITE_OK; diff --git a/src/cloudsync.h b/src/cloudsync.h index a9aab5f..ce1c048 100644 --- a/src/cloudsync.h +++ b/src/cloudsync.h @@ -23,7 +23,6 @@ extern "C" { #define CLOUDSYNC_VERSION "0.8.26" int sqlite3_cloudsync_init (sqlite3 *db, char **pzErrMsg, const sqlite3_api_routines *pApi); -int cloudsync_autoinit (void); #ifdef __cplusplus } From 08a8a9b75c20800cde003685da1dde9b6bd7566d Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 14:36:25 +0200 Subject: [PATCH 06/15] fix(workflow): update codesigning steps for apple platforms --- .github/workflows/main.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 20a2626..908ce0c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -116,8 +116,8 @@ jobs: - name: build sqlite-sync run: ${{ matrix.name == 'linux-musl' && matrix.arch == 'arm64' && 'docker exec alpine' || '' }} make extension ${{ matrix.make && matrix.make || ''}} - - name: sign xcframework - if: matrix.name == 'apple-xcframework' + - name: create keychain for codesign + if: matrix.os == 'macos-15' run: | echo "${{ secrets.APPLE_CERTIFICATE }}" | base64 --decode > certificate.p12 security create-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain @@ -125,8 +125,20 @@ jobs: security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain security import certificate.p12 -k build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain + + - name: codesign dylib + if: matrix.os == 'macos-15' && matrix.name != 'apple-xcframework' + run: codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib + + - name: codesign xcframework + if: matrix.name == 'apple-xcframework' + run: | find dist/CloudSync.xcframework -name "*.framework" -exec echo "Signing: {}" \; -exec codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime {} \; # Sign each individual framework FIRST codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework # Then sign the xcframework wrapper + + - name: cleanup keychain for codesign + if: matrix.os == 'macos-15' + run: | rm certificate.p12 security delete-keychain build.keychain From 80614ac38092556f250bcc0f15ba4a483988bfb6 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 14:41:13 +0200 Subject: [PATCH 07/15] fix(workflow): create CloudSync.framework directory during xcframework build --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 4c4c217..9490fc7 100644 --- a/Makefile +++ b/Makefile @@ -346,6 +346,7 @@ $(DIST_DIR)/%.xcframework: $(LIB_NAMES) @$(foreach i,1 2 3,\ lib=$(word $(i),$(LIB_NAMES)); \ fmwk=$(word $(i),$(FMWK_NAMES)); \ + mkdir -p $(DIST_DIR)/$$fmwk/CloudSync.framework; \ printf "$(PLIST)" > $(DIST_DIR)/$$fmwk/CloudSync.framework/Info.plist; \ mv $(DIST_DIR)/$$lib $(DIST_DIR)/$$fmwk/CloudSync.framework/CloudSync; \ install_name_tool -id "@rpath/CloudSync.framework/CloudSync" $(DIST_DIR)/$$fmwk/CloudSync.framework/CloudSync; \ From 92817553314db3daaeb17cd381c8d94fdc421e87 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 14:54:33 +0200 Subject: [PATCH 08/15] fix(workflow): add notarization step for CloudSync.xcframework --- .github/workflows/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 908ce0c..7c914e1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -135,6 +135,9 @@ jobs: run: | find dist/CloudSync.xcframework -name "*.framework" -exec echo "Signing: {}" \; -exec codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime {} \; # Sign each individual framework FIRST codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework # Then sign the xcframework wrapper + ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip + xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait + rm dist/CloudSync.xcframework.zip - name: cleanup keychain for codesign if: matrix.os == 'macos-15' From c8af38e5fbcfaee73adceae769aa8da8ec1b0072 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 15:28:21 +0200 Subject: [PATCH 09/15] fix(workflow): enhance codesigning and notarization steps for macOS builds --- .github/workflows/main.yml | 6 +++++- Makefile | 12 +++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7c914e1..7e6b9f3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -128,7 +128,10 @@ jobs: - name: codesign dylib if: matrix.os == 'macos-15' && matrix.name != 'apple-xcframework' - run: codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib + run: | + codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib + xcrun notarytool submit dist/cloudsync.dylib --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait + xcrun stapler staple dist/cloudsync.dylib - name: codesign xcframework if: matrix.name == 'apple-xcframework' @@ -137,6 +140,7 @@ jobs: codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework # Then sign the xcframework wrapper ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait + xcrun stapler staple dist/CloudSync.xcframework rm dist/CloudSync.xcframework.zip - name: cleanup keychain for codesign diff --git a/Makefile b/Makefile index 9490fc7..e29ae83 100644 --- a/Makefile +++ b/Makefile @@ -340,14 +340,24 @@ define PLIST endef +define MODULEMAP +framework module CloudSync {\ + umbrella header \"CloudSync.h\"\ + export *\ +} +endef + LIB_NAMES = ios.dylib ios-sim.dylib macos.dylib FMWK_NAMES = ios-arm64 ios-arm64_x86_64-simulator macos-arm64_x86_64 $(DIST_DIR)/%.xcframework: $(LIB_NAMES) @$(foreach i,1 2 3,\ lib=$(word $(i),$(LIB_NAMES)); \ fmwk=$(word $(i),$(FMWK_NAMES)); \ - mkdir -p $(DIST_DIR)/$$fmwk/CloudSync.framework; \ + mkdir -p $(DIST_DIR)/$$fmwk/CloudSync.framework/Headers; \ + mkdir -p $(DIST_DIR)/$$fmwk/CloudSync.framework/Modules; \ + cp src/cloudsync.h $(DIST_DIR)/$$fmwk/CloudSync.framework/Headers/CloudSync.h; \ printf "$(PLIST)" > $(DIST_DIR)/$$fmwk/CloudSync.framework/Info.plist; \ + printf "$(MODULEMAP)" > $(DIST_DIR)/$$fmwk/CloudSync.framework/Modules/module.modulemap; \ mv $(DIST_DIR)/$$lib $(DIST_DIR)/$$fmwk/CloudSync.framework/CloudSync; \ install_name_tool -id "@rpath/CloudSync.framework/CloudSync" $(DIST_DIR)/$$fmwk/CloudSync.framework/CloudSync; \ ) From be0c01733e2938c9b999087e1006a168a1769a02 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 15:32:44 +0200 Subject: [PATCH 10/15] fix(workflow): update macOS codesigning to use zip for notarization --- .github/workflows/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7e6b9f3..44dd0bb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -130,8 +130,10 @@ jobs: if: matrix.os == 'macos-15' && matrix.name != 'apple-xcframework' run: | codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib - xcrun notarytool submit dist/cloudsync.dylib --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait - xcrun stapler staple dist/cloudsync.dylib + cd dist && ditto -c -k --keepParent cloudsync.dylib cloudsync.zip + xcrun notarytool submit cloudsync.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait + xcrun stapler staple cloudsync.dylib + rm cloudsync.zip - name: codesign xcframework if: matrix.name == 'apple-xcframework' From da67440b8d9b6e41b718b88a4e0d110e1f7d8ce9 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 15:34:35 +0200 Subject: [PATCH 11/15] fix(workflow): update stapling process for xcframework to handle multiple frameworks --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 44dd0bb..85f2d92 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -142,7 +142,7 @@ jobs: codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework # Then sign the xcframework wrapper ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait - xcrun stapler staple dist/CloudSync.xcframework + find dist/CloudSync.xcframework -name "*.framework" -exec echo "Stapling: {}" \; -exec xcrun stapler staple {} \; rm dist/CloudSync.xcframework.zip - name: cleanup keychain for codesign From cbb2605d3f384b7409884b605efc3ed5360ff803 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 17:08:18 +0200 Subject: [PATCH 12/15] fix(workflow): remove stapling steps for cloudsync.dylib and CloudSync.xcframework --- .github/workflows/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 85f2d92..791c2ce 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -132,7 +132,6 @@ jobs: codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib cd dist && ditto -c -k --keepParent cloudsync.dylib cloudsync.zip xcrun notarytool submit cloudsync.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait - xcrun stapler staple cloudsync.dylib rm cloudsync.zip - name: codesign xcframework @@ -142,7 +141,6 @@ jobs: codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/CloudSync.xcframework # Then sign the xcframework wrapper ditto -c -k --keepParent dist/CloudSync.xcframework dist/CloudSync.xcframework.zip xcrun notarytool submit dist/CloudSync.xcframework.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait - find dist/CloudSync.xcframework -name "*.framework" -exec echo "Stapling: {}" \; -exec xcrun stapler staple {} \; rm dist/CloudSync.xcframework.zip - name: cleanup keychain for codesign From 7571b4b7303779b1d112f4814e08e02cdf81bba0 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 17:24:42 +0200 Subject: [PATCH 13/15] fix(workflow): rename codesigning steps for clarity and include notarization --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 791c2ce..95da1c0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -126,7 +126,7 @@ jobs: security import certificate.p12 -k build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain - - name: codesign dylib + - name: codesign and notarize dylib if: matrix.os == 'macos-15' && matrix.name != 'apple-xcframework' run: | codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib @@ -134,7 +134,7 @@ jobs: xcrun notarytool submit cloudsync.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait rm cloudsync.zip - - name: codesign xcframework + - name: codesign and notarize xcframework if: matrix.name == 'apple-xcframework' run: | find dist/CloudSync.xcframework -name "*.framework" -exec echo "Signing: {}" \; -exec codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime {} \; # Sign each individual framework FIRST From 31f8009a4e00b4f8507b95fc9df2340df8356e1d Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 17:36:20 +0200 Subject: [PATCH 14/15] fix(workflow): update codesigning step for dylib and remove notarization process --- .github/workflows/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 95da1c0..a2b6892 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -126,13 +126,10 @@ jobs: security import certificate.p12 -k build.keychain -P "${{ secrets.CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" build.keychain - - name: codesign and notarize dylib + - name: codesign dylib if: matrix.os == 'macos-15' && matrix.name != 'apple-xcframework' run: | codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib - cd dist && ditto -c -k --keepParent cloudsync.dylib cloudsync.zip - xcrun notarytool submit cloudsync.zip --apple-id "${{ secrets.APPLE_ID }}" --password "${{ secrets.APPLE_PASSWORD }}" --team-id "${{ secrets.APPLE_TEAM_ID }}" --wait - rm cloudsync.zip - name: codesign and notarize xcframework if: matrix.name == 'apple-xcframework' From d3f495d9c675659e82c94511ca61c7b5d0828737 Mon Sep 17 00:00:00 2001 From: Gioele Cantoni Date: Tue, 26 Aug 2025 17:38:31 +0200 Subject: [PATCH 15/15] bump version --- .github/workflows/main.yml | 3 +-- src/cloudsync.h | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a2b6892..2c44cbe 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -128,8 +128,7 @@ jobs: - name: codesign dylib if: matrix.os == 'macos-15' && matrix.name != 'apple-xcframework' - run: | - codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib + run: codesign --sign "${{ secrets.APPLE_TEAM_ID }}" --timestamp --options runtime dist/cloudsync.dylib - name: codesign and notarize xcframework if: matrix.name == 'apple-xcframework' diff --git a/src/cloudsync.h b/src/cloudsync.h index ce1c048..c5f722a 100644 --- a/src/cloudsync.h +++ b/src/cloudsync.h @@ -20,7 +20,7 @@ extern "C" { #endif -#define CLOUDSYNC_VERSION "0.8.26" +#define CLOUDSYNC_VERSION "0.8.27" int sqlite3_cloudsync_init (sqlite3 *db, char **pzErrMsg, const sqlite3_api_routines *pApi);