How do you procedurally obtain the submission ID from notarytool?

Question

I'm writing a script to notarize a ZIP archive of an application I previously signed on macos. The docs for notarytool state that a submission ID is required to get the logs from the last submission. However, it doesn't really describe how to get that value. Upon a test run of notarytool submit, I see that it outputs something like id: xxx-xxx-xxx-xxx (or something of similar formatting). Is that the submission ID?

And for scripting purposes, is there an easier (more procedural) way to obtain the submission ID, or am I required to parse the string output? If the latter, what would be the best way to parse it out?

Here's an example of the script I've got so far:

#!/usr/bin/env bash
user="$1"
pass="$2"
teamId="$3"
archivePath="$4"

xcrun notarytool submit --wait \
  --apple-id "$user" \
  --password "$pass" \
  --team-id "$teamId" \
  "$archivePath"

submissionId="???"

xcrun notarytool log --apple-id "$user" --password "$pass" "$submissionId"

Obviously I need a real value for submissionId in the example above.

Answer 1

I use a version of this script to automate my notarization, including the parsing of the notarytool output in a file called output.txt and the generation of a log file called output.json:

#!/bin/bash
DIR="path/to/disk-image/"
DISKIMAGE="${DIR}MyDiskImage.dmg"
OUTPUTDIR="path/to/output-files/"
OUTPUTPATH="${OUTPUTDIR}output.txt"
LOGOUTPUTPATH="${OUTPUTDIR}output.json"
SUBMISSIONID=""

xcrun notarytool submit "$DISKIMAGE" --keychain-profile "notarytool" --wait > "$OUTPUTPATH" 2>&1
SUBMISSIONID=`awk '/id: / { print $2;exit; }' $OUTPUTPATH`
echo "id: ${SUBMISSIONID}"
xcrun notarytool log "$SUBMISSIONID" --keychain-profile "notarytool" "$LOGOUTPUTPATH"