Refactor notarization process and enhance build scripts for macOS

This commit updates the build_sign_notarize.sh script to improve the notarization process by introducing a conditional stapling option. It also cleans up temporary files and clears macOS provenance metadata to prevent issues during builds. The Dmg.cmake script is modified to remove the reliance on environment variables for codesigning, streamlining the build process. Additionally, the build_app.sh script is enhanced with heartbeat logging for long-running commands and improved cleanup procedures for build directories.

cmake/Dmg.cmake

@@ -53,16 +53,9 @@ endif()
 
 if(MACDEPLOYQT_EXECUTABLE)
 
-  # Allow build scripts to provide a codesign identity via environment variable.
-  # This is used to optionally pass -codesign=... to macdeployqt and --codesign to create-dmg.
-  if(NOT APPLE_DEVELOPER_ID AND DEFINED ENV{APPLE_DEVELOPER_ID})
-    set(APPLE_DEVELOPER_ID "$ENV{APPLE_DEVELOPER_ID}")
-  endif()
-
-  if(APPLE_DEVELOPER_ID)
-    set(MACDEPLOYQT_CODESIGN -codesign=${APPLE_DEVELOPER_ID})
-    set(CREATEDMG_CODESIGN --codesign ${APPLE_DEVELOPER_ID})
-  endif()
+  # Note: We intentionally do NOT codesign during the CMake 'deploy'/'dmg' targets.
+  # macdeployqt can optionally sign, but passing identities safely through Ninja's /bin/sh wrapper is brittle.
+  # This repo's signing/notarization pipeline is handled in build_tools/macos/build_sign_notarize.sh instead.
   if(CREATEDMG_SKIP_JENKINS)
     set(CREATEDMG_SKIP_JENKINS_ARG "--skip-jenkins")
   endif()
@@ -82,14 +75,30 @@ if(MACDEPLOYQT_EXECUTABLE)
 
   list(APPEND _deploy_commands
     COMMAND ${CMAKE_SOURCE_DIR}/dist/macos/macgstcopy.sh ${CMAKE_BINARY_DIR}/strawberry.app
-    COMMAND ${MACDEPLOYQT_EXECUTABLE} strawberry.app -verbose=3 -executable=${CMAKE_BINARY_DIR}/strawberry.app/Contents/PlugIns/gst-plugin-scanner ${MACDEPLOYQT_CODESIGN}
+    COMMAND ${MACDEPLOYQT_EXECUTABLE} strawberry.app -verbose=3 -executable=${CMAKE_BINARY_DIR}/strawberry.app/Contents/PlugIns/gst-plugin-scanner
   )
 
-  add_custom_target(deploy
+  # Make 'deploy' incremental:
+  # - add_custom_target() is always out-of-date, so it reruns every time.
+  # - using a stamp file makes Ninja/Make skip deploy when inputs haven't changed.
+  set(_deploy_stamp "${CMAKE_BINARY_DIR}/deploy_app_bundle.stamp")
+
+  add_custom_command(
+    OUTPUT "${_deploy_stamp}"
     ${_deploy_commands}
+    COMMAND ${CMAKE_COMMAND} -E touch "${_deploy_stamp}"
+    COMMENT "Deploying app bundle (bundling Sparkle/GStreamer + macdeployqt)"
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
-    DEPENDS strawberry
+    DEPENDS
+      strawberry
+      "${CMAKE_BINARY_DIR}/dist/macos/Info.plist"
+      "${CMAKE_SOURCE_DIR}/dist/macos/strawberry.icns"
+      "${CMAKE_SOURCE_DIR}/dist/macos/macgstcopy.sh"
+      "${CMAKE_SOURCE_DIR}/dist/macos/bundle_sparkle.sh"
   )
+
+  add_custom_target(deploy DEPENDS "${_deploy_stamp}")
+
   if(MACDEPLOYCHECK_EXECUTABLE)
     add_custom_target(deploycheck
       COMMAND ${MACDEPLOYCHECK_EXECUTABLE} strawberry.app
@@ -97,8 +106,9 @@ if(MACDEPLOYQT_EXECUTABLE)
   endif()
   if(CREATEDMG_EXECUTABLE)
     add_custom_target(dmg
-      COMMAND ${CREATEDMG_EXECUTABLE} --volname strawberry --background "${CMAKE_SOURCE_DIR}/dist/macos/dmg_background.png" --app-drop-link 450 218 --icon strawberry.app 150 218 --window-size 600 450 ${CREATEDMG_CODESIGN} ${CREATEDMG_SKIP_JENKINS_ARG} strawberry-${STRAWBERRY_VERSION_PACKAGE}-${CMAKE_HOST_SYSTEM_PROCESSOR}.dmg strawberry.app
+      COMMAND ${CREATEDMG_EXECUTABLE} --volname strawberry --background "${CMAKE_SOURCE_DIR}/dist/macos/dmg_background.png" --app-drop-link 450 218 --icon strawberry.app 150 218 --window-size 600 450 ${CREATEDMG_SKIP_JENKINS_ARG} strawberry-${STRAWBERRY_VERSION_PACKAGE}-${CMAKE_HOST_SYSTEM_PROCESSOR}.dmg strawberry.app
       WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
+      DEPENDS deploy
     )
   endif()
 endif()