Added self-sign for XCFramework

The private key is only available during GitHub Action release pipeline

Certificate/SDWebImage Signing Certificate.pem

@@ -0,0 +1,9 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAQgkh+tXn5fT3+pWuyZ
+LvIwPoSObko1CbZ8IBOAaPsDQXuinv2BPQ85z2ccjoM4RIJ9MSNK9iMkW3NOQRIy
+BVHO8bSi8HQSvm3pt3CEjCwP0o3wd1fGA/P/hHOO5Mu7iJ4isBbsgMXT0pjx0Zjg
+HkeR046UyCAm3cYX20lA483NpVH8g7U1LI7YfbMy66KPI0joFnLQ09FGSaVsVdeS
+JqaCBCB8IsYjOUPB1vwEvwCxv96APZ58cFwdeSYIzLdTtv3F6pkVpfEKLcV1KE3N
+nmHIIiik2UJFUidUnmQJ72HcFIF1tirrZcRr301UCZanI2nei76XtEn//jMW9+2o
+ZwIDAQAB
+-----END RSA PUBLIC KEY-----

SDWebImage.xcodeproj/project.pbxproj

@@ -13,6 +13,7 @@
 			buildPhases = (
 				326CA51322BA1A270033A92F /* Build Frameworks */,
 				326CA51422BA25F70033A92F /* Create XCFramework */,
+				32F4EC0E2BEA18C400EAADD2 /* Sign XCFramework */,
 			);
 			dependencies = (
 			);
@@ -1161,6 +1162,24 @@
 			shellPath = /bin/sh;
 			shellScript = "sh ${SRCROOT}/Scripts/create-xcframework.sh\n";
 		};
+		32F4EC0E2BEA18C400EAADD2 /* Sign XCFramework */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputFileListPaths = (
+			);
+			inputPaths = (
+			);
+			name = "Sign XCFramework";
+			outputFileListPaths = (
+			);
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "sh ${SRCROOT}/Scripts/sign-xcframework.sh\n";
+		};
 /* End PBXShellScriptBuildPhase section */
 
 /* Begin PBXSourcesBuildPhase section */

Scripts/build-frameworks.sh

@@ -5,6 +5,8 @@ set -o pipefail
 
 XCODE_VERSION=$(xcodebuild -version | head -n 1| awk -F ' ' '{print $2}')
 XCODE_VERSION_MAJOR=$(echo $XCODE_VERSION | awk -F '.' '{print $1}')
+XCODE_VERSION_MINOR=$(echo $XCODE_VERSION | awk -F '.' '{print $2}')
+XCODE_VERSION_PATCH=$(echo $XCODE_VERSION | awk -F '.' '{print $3}')
 if [ -z "$SRCROOT" ]
 then
     SRCROOT=$(pwd)
@@ -18,7 +20,7 @@ then
     PLATFORMS+=("macCatalyst")
 fi
 
-if [ $XCODE_VERSION_MAJOR -ge 15 ]
+if [[ ($XCODE_VERSION_MAJOR -gt 15) || ($XCODE_VERSION_MAJOR -eq 15 && $XCODE_VERSION_MINOR -ge 2) ]]
 then
     PLATFORMS+=("visionOS")
     PLATFORMS+=("visionOSSimulator")

Scripts/create-xcframework.sh

@@ -5,6 +5,8 @@ set -o pipefail
 
 XCODE_VERSION=$(xcodebuild -version | head -n 1| awk -F ' ' '{print $2}')
 XCODE_VERSION_MAJOR=$(echo $XCODE_VERSION | awk -F '.' '{print $1}')
+XCODE_VERSION_MINOR=$(echo $XCODE_VERSION | awk -F '.' '{print $2}')
+XCODE_VERSION_PATCH=$(echo $XCODE_VERSION | awk -F '.' '{print $3}')
 if [ -z "$SRCROOT" ]
 then
     SRCROOT=$(pwd)
@@ -25,7 +27,7 @@ then
     PLATFORMS+=("macCatalyst")
 fi
 
-if [ $XCODE_VERSION_MAJOR -ge 15 ]
+if [[ ($XCODE_VERSION_MAJOR -gt 15) || ($XCODE_VERSION_MAJOR -eq 15 && $XCODE_VERSION_MINOR -ge 2) ]]
 then
     PLATFORMS+=("visionOS")
     PLATFORMS+=("visionOSSimulator")

Scripts/sign-xcframework.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+if [ -z "$SRCROOT" ]
+then
+    SRCROOT=$(pwd)
+fi
+
+# Self-sign XCFramework
+if [ -z CODESIGN_KEY_BASE64 ]; then
+    echo "Ignore Codesign XCFramework! You must sign SDWebImage before shipping to App Store. See: https://developer.apple.com/support/third-party-SDK-requirements"
+    exit 0
+fi
+
+KEYCHAIN=~/Library/Keychains/ios.keychain
+KEYCHAIN_PASSWORD=SDWebImage
+CODESIGN_IDENTIFY_NAME=SDWebImage\ Signing\ Certificate
+KEY_PASSWORD=""
+
+echo $CODESIGN_KEY_BASE64 | base64 -D > "$(PWD)/Certificate/${CODESIGN_IDENTIFY_NAME}.p12"
+
+security create-keychain -p "$KEYCHAIN_PASSWORD" ios.keychain
+security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN
+
+security import "$(PWD)/Certificate/${CODESIGN_IDENTIFY_NAME}.cer" -k $KEYCHAIN -T /usr/bin/codesign -T /usr/bin/security
+security import "$(PWD)/Certificate/${CODESIGN_IDENTIFY_NAME}.p12" -k $KEYCHAIN -P "$KEY_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
+security list-keychains -s ios.keychain
+security set-key-partition-list -S "apple-tool:,apple:" -k "$KEYCHAIN_PASSWORD" $KEYCHAIN
+
+echo "Codesign XCFramework"
+/usr/bin/codesign --force --timestamp -v --sign "SDWebImage Signing Certificate" "${SRCROOT}/build/SDWebImage.xcframework"
+
+rm -rf "$(PWD)/Certificate/${CODESIGN_IDENTIFY_NAME}.p12"
+security delete-keychain ios.keychain