ci: Notarization migrated to notarytool

.github/workflows/build.yml

@@ -112,12 +112,12 @@ jobs:
           "publish/recyclarr"
 
       - name: Notarize
-        uses: recyclarr/xcode-notarize@main
-        with:
-          product-path: publish/recyclarr
-          appstore-connect-username: ${{ secrets.MAC_DEV_USERNAME }}
-          appstore-connect-password: ${{ secrets.MAC_DEV_PASSWORD }}
-          primary-bundle-id: dev.recyclarr.cli
+        run: >-
+          ci/notarize.sh
+          "${{ secrets.MAC_DEV_USERNAME }}"
+          "${{ secrets.MAC_DEV_PASSWORD }}"
+          AVLRN599D8
+          publish/recyclarr
 
       # Cannot staple directly to a binary:
       # https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow?language=objc#3087720

ci/notarize.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+set -e
+
+user="$1"
+pass="$2"
+teamId="$3"
+archivePath="$4"
+
+function submit() {
+  xcrun notarytool submit --wait --no-progress -f json \
+    --apple-id "$user" \
+    --password "$pass" \
+    --team-id "$teamId" \
+    recyclarr.zip | \
+    jq -r .id
+}
+
+function log() {
+  xcrun notarytool log \
+    --apple-id "$user" \
+    --password "$pass" \
+    --team-id "$teamId" \
+    "$1"
+}
+
+tar -cvf recyclarr.tar -C "$(dirname "$archivePath")" "$(basename "$archivePath")"
+zip recyclarr.zip recyclarr.tar
+submissionId="$(submit)"
+rm recyclarr.zip recyclarr.tar
+
+if [[ -z "$submissionId" ]]; then
+  exit 1
+fi
+
+echo "Submission ID: $submissionId"
+
+until log "$submissionId"
+do
+  sleep 2
+done