first commit

Author: nissy

.env.example

@@ -0,0 +1,10 @@
+# Copy this file to .env and fill in your values
+
+# Development Team ID (found in Apple Developer account)
+DEVELOPMENT_TEAM=YOUR_TEAM_ID
+
+# Bundle identifier for your app
+PRODUCT_BUNDLE_IDENTIFIER=com.example.iemsw
+
+# Default bundle identifier for logging (optional)
+DEFAULT_BUNDLE_IDENTIFIER=com.example.iemsw

.github/workflows/ci.yml

@@ -0,0 +1,152 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+env:
+  DEVELOPER_DIR: /Applications/Xcode_15.4.app/Contents/Developer
+
+jobs:
+  lint:
+    name: SwiftLint
+    runs-on: macos-latest
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: SwiftLint
+      uses: norio-nomura/action-swiftlint@3.2.1
+      with:
+        args: --strict
+
+  test:
+    name: Test
+    runs-on: macos-latest
+    strategy:
+      matrix:
+        destination: ["platform=macOS"]
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Select Xcode
+      run: sudo xcode-select -switch /Applications/Xcode_15.4.app/Contents/Developer
+    
+    - name: Show Xcode version
+      run: xcodebuild -version
+    
+    - name: Show available destinations
+      run: xcodebuild -project iemsw.xcodeproj -scheme iemsw -showdestinations
+    
+    - name: Build
+      run: make build
+    
+    - name: Run tests
+      run: make test
+    
+    - name: Generate test coverage
+      run: make test-coverage
+    
+    - name: Upload coverage reports to Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}
+        files: ./build/coverage.xml
+        fail_ci_if_error: false
+
+  build:
+    name: Build
+    runs-on: macos-latest
+    needs: [lint, test]
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Select Xcode
+      run: sudo xcode-select -switch /Applications/Xcode_15.4.app/Contents/Developer
+    
+    - name: Build for Release
+      run: make build-release
+    
+    - name: Archive
+      run: make archive
+      env:
+        DEVELOPMENT_TEAM: ${{ secrets.DEVELOPMENT_TEAM }}
+    
+    - name: Upload build artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: iemsw-archive
+        path: build/iemsw.xcarchive
+        retention-days: 30
+
+  swift-package-manager:
+    name: Swift Package Manager
+    runs-on: macos-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Build with SPM
+      run: make spm-build
+    
+    - name: Test with SPM
+      run: make spm-test
+
+  security-scan:
+    name: Security Scan
+    runs-on: macos-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Run security scan
+      run: |
+        # Check for common security issues
+        grep -r "TODO.*security" . || true
+        grep -r "FIXME.*security" . || true
+        grep -r "password\|secret\|key" --include="*.swift" . || true
+    
+    - name: Check for sensitive files
+      run: |
+        # Check for files that shouldn't be committed
+        find . -name "*.p12" -o -name "*.mobileprovision" -o -name "*.cer" | head -10
+        if [ -f "ExportOptions.plist" ]; then
+          grep -i "YOUR_TEAM_ID" ExportOptions.plist && echo "⚠️  Remember to update YOUR_TEAM_ID in ExportOptions.plist"
+        fi
+
+  validate-project:
+    name: Validate Project Structure
+    runs-on: macos-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Validate project structure
+      run: |
+        echo "Checking required files..."
+        test -f iemsw.xcodeproj/project.pbxproj || (echo "❌ Xcode project file missing" && exit 1)
+        test -f Package.swift || (echo "❌ Package.swift missing" && exit 1)
+        test -f Makefile || (echo "❌ Makefile missing" && exit 1)
+        test -f .swiftlint.yml || (echo "❌ SwiftLint config missing" && exit 1)
+        
+        echo "Checking source files..."
+        test -f iemsw/App.swift || (echo "❌ App.swift missing" && exit 1)
+        test -f iemsw/MenuBarApp.swift || (echo "❌ MenuBarApp.swift missing" && exit 1)
+        test -f iemsw/Preferences.swift || (echo "❌ Preferences.swift missing" && exit 1)
+        test -f iemsw/ImeController.swift || (echo "❌ ImeController.swift missing" && exit 1)
+        test -f iemsw/CustomIME.swift || (echo "❌ CustomIME.swift missing" && exit 1)
+        
+        echo "Checking test files..."
+        test -f iemswTests/ImeControllerTests.swift || (echo "❌ ImeControllerTests.swift missing" && exit 1)
+        test -f iemswTests/PreferencesTests.swift || (echo "❌ PreferencesTests.swift missing" && exit 1)
+        
+        echo "✅ All required files found"
+    
+    - name: Validate Makefile targets
+      run: |
+        echo "Validating Makefile targets..."
+        make help
+        echo "✅ Makefile is valid"

.github/workflows/release.yml

@@ -0,0 +1,200 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  DEVELOPER_DIR: /Applications/Xcode_15.4.app/Contents/Developer
+
+jobs:
+  release:
+    name: Create Release
+    runs-on: macos-latest
+    
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    
+    - name: Select Xcode
+      run: sudo xcode-select -switch /Applications/Xcode_15.4.app/Contents/Developer
+    
+    - name: Install dependencies
+      run: |
+        brew install swiftlint swiftformat create-dmg
+    
+    - name: Setup certificates
+      env:
+        BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+        P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+        KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+      run: |
+        # Create temporary keychain
+        security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+        security default-keychain -s build.keychain
+        security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+        
+        # Import certificate
+        echo $BUILD_CERTIFICATE_BASE64 | base64 --decode > certificate.p12
+        security import certificate.p12 -k build.keychain -P "$P12_PASSWORD" -T /usr/bin/codesign
+        security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
+    
+    - name: Get version from tag
+      id: get_version
+      run: |
+        VERSION=${GITHUB_REF#refs/tags/v}
+        echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+        echo "Building version: $VERSION"
+    
+    - name: Lint code
+      run: make lint
+    
+    - name: Run tests
+      run: make test
+    
+    - name: Build release
+      run: make release
+      env:
+        VERSION: ${{ steps.get_version.outputs.VERSION }}
+        DEVELOPMENT_TEAM: ${{ secrets.DEVELOPMENT_TEAM }}
+    
+    - name: Notarize DMG
+      run: make notarize
+      env:
+        APPLE_ID: ${{ secrets.APPLE_ID }}
+        APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+        DEVELOPMENT_TEAM: ${{ secrets.DEVELOPMENT_TEAM }}
+    
+    - name: Generate checksums
+      run: |
+        cd build
+        shasum -a 256 iemsw.dmg > iemsw.dmg.sha256
+        cat iemsw.dmg.sha256
+    
+    - name: Generate release notes
+      id: release_notes
+      run: |
+        VERSION=${{ steps.get_version.outputs.VERSION }}
+        
+        # Generate changelog since last tag
+        LAST_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
+        if [ -n "$LAST_TAG" ]; then
+          echo "CHANGELOG<<EOF" >> $GITHUB_OUTPUT
+          echo "## Changes since $LAST_TAG" >> $GITHUB_OUTPUT
+          git log --pretty=format:"- %s (%h)" $LAST_TAG..HEAD >> $GITHUB_OUTPUT
+          echo "" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+        else
+          echo "CHANGELOG=Initial release" >> $GITHUB_OUTPUT
+        fi
+    
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ github.ref }}
+        release_name: iemsw v${{ steps.get_version.outputs.VERSION }}
+        body: |
+          ## iemsw v${{ steps.get_version.outputs.VERSION }}
+          
+          A macOS menu bar helper that switches between English input and native IME by pressing left/right ⌘ keys individually.
+          
+          ### Installation
+          
+          1. Download `iemsw.dmg` from the assets below
+          2. Open the DMG file and drag iemsw.app to your Applications folder
+          3. Launch iemsw and grant accessibility permissions when prompted
+          4. The app will appear in your menu bar
+          
+          ### Features
+          
+          - **Left ⌘ key**: Switch to native IME (Japanese, Chinese, Korean, etc.)
+          - **Right ⌘ key**: Switch to English input
+          - **Optional idle timeout**: Automatically switch to English after no input
+          - **Menu bar integration**: Easy access to preferences and controls
+          - **Launch at login**: Optional automatic startup
+          
+          ### System Requirements
+          
+          - macOS 11.0 (Big Sur) or later
+          - Accessibility permissions (granted during first launch)
+          
+          ### Changelog
+          
+          ${{ steps.release_notes.outputs.CHANGELOG }}
+          
+          ### Verification
+          
+          SHA256 checksum: See `iemsw.dmg.sha256` file in assets.
+        draft: false
+        prerelease: false
+    
+    - name: Upload DMG
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.create_release.outputs.upload_url }}
+        asset_path: ./build/iemsw.dmg
+        asset_name: iemsw.dmg
+        asset_content_type: application/octet-stream
+    
+    - name: Upload checksum
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ steps.create_release.outputs.upload_url }}
+        asset_path: ./build/iemsw.dmg.sha256
+        asset_name: iemsw.dmg.sha256
+        asset_content_type: text/plain
+    
+    - name: Cleanup keychain
+      if: always()
+      run: |
+        security delete-keychain build.keychain || true
+        rm certificate.p12 || true
+
+  homebrew:
+    name: Update Homebrew Cask
+    runs-on: macos-latest
+    needs: release
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Get version and download URL
+      id: get_info
+      run: |
+        VERSION=${GITHUB_REF#refs/tags/v}
+        DOWNLOAD_URL="https://github.com/${{ github.repository }}/releases/download/v${VERSION}/iemsw.dmg"
+        echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+        echo "DOWNLOAD_URL=$DOWNLOAD_URL" >> $GITHUB_OUTPUT
+    
+    - name: Download and get SHA256
+      run: |
+        curl -L "${{ steps.get_info.outputs.DOWNLOAD_URL }}" -o iemsw.dmg
+        SHA256=$(shasum -a 256 iemsw.dmg | cut -d' ' -f1)
+        echo "SHA256=$SHA256" >> $GITHUB_ENV
+    
+    - name: Create Homebrew Cask PR
+      uses: peter-evans/create-pull-request@v5
+      with:
+        token: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
+        push-to-fork: ${{ github.repository_owner }}/homebrew-cask
+        branch: update-iemsw-${{ steps.get_info.outputs.VERSION }}
+        title: 'iemsw: update to ${{ steps.get_info.outputs.VERSION }}'
+        body: |
+          Update iemsw to version ${{ steps.get_info.outputs.VERSION }}
+          
+          - Version: ${{ steps.get_info.outputs.VERSION }}
+          - Download URL: ${{ steps.get_info.outputs.DOWNLOAD_URL }}
+          - SHA256: ${{ env.SHA256 }}
+          
+          Generated automatically by GitHub Actions.
+        commit-message: 'iemsw: update to ${{ steps.get_info.outputs.VERSION }}'