# Makefile for Secret Manager macOS App with Code Signing

# Configuration - Update these with your Apple Developer details
DEVELOPER_ID_DEV = "Apple Development: YOUR_NAME (TEAM_ID)"
DEVELOPER_ID_DIST = "Developer ID Application: YOUR_NAME (TEAM_ID)"
ENTITLEMENTS = entitlements.plist
BINARY_NAME = secret

# Build directories
BUILD_DIR = build
DIST_DIR = dist

default: test

# Development build with code signing
build-dev: clean
	@echo "Building development version..."
	go build -o $(BINARY_NAME) cmd/secret/main.go
	@echo "Code signing for development..."
	codesign --sign $(DEVELOPER_ID_DEV) \
	         --entitlements $(ENTITLEMENTS) \
	         --options runtime \
	         --force \
	         --verbose \
	         ./$(BINARY_NAME)
	@echo "Development build complete: ./$(BINARY_NAME)"

# Production build with code signing
build-prod: clean
	@echo "Building production version..."
	go build -ldflags="-s -w" -o $(BINARY_NAME) cmd/secret/main.go
	@echo "Code signing for distribution..."
	codesign --sign $(DEVELOPER_ID_DIST) \
	         --entitlements $(ENTITLEMENTS) \
	         --options runtime \
	         --force \
	         --verbose \
	         ./$(BINARY_NAME)
	@echo "Production build complete: ./$(BINARY_NAME)"

# Build without code signing (for testing compilation)
build-unsigned: clean
	@echo "Building unsigned version..."
	go build -o $(BINARY_NAME) cmd/secret/main.go
	@echo "Unsigned build complete: ./$(BINARY_NAME)"

# Verify code signing
verify:
	@echo "Verifying code signature..."
	codesign -dv --verbose=4 ./$(BINARY_NAME)
	@echo "\nVerifying entitlements..."
	codesign -d --entitlements :- ./$(BINARY_NAME)

# Check certificates and provisioning profiles
check-signing:
	@echo "Available code signing identities:"
	security find-identity -v -p codesigning
	@echo "\nInstalled provisioning profiles:"
	ls -la ~/Library/MobileDevice/Provisioning\ Profiles/ 2>/dev/null || echo "No provisioning profiles found"

# Test with linting
test: lint
	go test -v ./...

# Lint the code
lint:
	golangci-lint run --timeout 5m

# Clean build artifacts
clean:
	rm -f ./$(BINARY_NAME)
	rm -rf $(BUILD_DIR) $(DIST_DIR)

# Create app bundle structure (for future app store distribution)
bundle: build-prod
	@echo "Creating app bundle..."
	mkdir -p $(DIST_DIR)/Secret.app/Contents/MacOS
	mkdir -p $(DIST_DIR)/Secret.app/Contents/Resources
	cp $(BINARY_NAME) $(DIST_DIR)/Secret.app/Contents/MacOS/
	@echo "App bundle created in $(DIST_DIR)/Secret.app"

# Install to /usr/local/bin (development)
install-dev: build-dev
	@echo "Installing to /usr/local/bin..."
	sudo cp $(BINARY_NAME) /usr/local/bin/
	@echo "Installed to /usr/local/bin/$(BINARY_NAME)"

# Uninstall from /usr/local/bin
uninstall:
	@echo "Removing from /usr/local/bin..."
	sudo rm -f /usr/local/bin/$(BINARY_NAME)
	@echo "Uninstalled $(BINARY_NAME)"

# Help target
help:
	@echo "Available targets:"
	@echo "  build-dev      - Build and sign for development"
	@echo "  build-prod     - Build and sign for production/distribution"
	@echo "  build-unsigned - Build without code signing (testing only)"
	@echo "  verify         - Verify code signature and entitlements"
	@echo "  check-signing  - Show available certificates and profiles"
	@echo "  test           - Run tests with linting"
	@echo "  lint           - Run linter only"
	@echo "  clean          - Remove build artifacts"
	@echo "  bundle         - Create macOS app bundle"
	@echo "  install-dev    - Install development build to /usr/local/bin"
	@echo "  uninstall      - Remove from /usr/local/bin"
	@echo "  help           - Show this help"
	@echo ""
	@echo "Before using build-dev or build-prod, update the DEVELOPER_ID variables"
	@echo "in this Makefile with your Apple Developer certificate names."

.PHONY: default build-dev build-prod build-unsigned verify check-signing test lint clean bundle install-dev uninstall help