-
Notifications
You must be signed in to change notification settings - Fork 271
181 lines (156 loc) · 6.44 KB
/
ios-release.yml
File metadata and controls
181 lines (156 loc) · 6.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
name: iOS Release
on:
push:
tags:
- 'v*'
concurrency:
group: ios-release-${{ github.ref }}
cancel-in-progress: true
jobs:
release:
name: Build & Upload to TestFlight
runs-on: nscloud-macos-sequoia-arm64-6x14
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Select latest Xcode
run: |
LATEST=$(ls -d /Applications/Xcode_*.app 2>/dev/null | sort -V | tail -1)
if [ -n "$LATEST" ]; then
sudo xcode-select -s "$LATEST"
fi
xcodebuild -version
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 23
- uses: gradle/actions/setup-gradle@v4
- name: Import signing certificate
env:
APPLE_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
run: |
CERTIFICATE_PATH="$RUNNER_TEMP/certificate.p12"
KEYCHAIN_PATH="$RUNNER_TEMP/signing.keychain-db"
KEYCHAIN_PASSWORD="$(openssl rand -base64 32)"
echo -n "$APPLE_CERTIFICATE_BASE64" | base64 --decode -o "$CERTIFICATE_PATH"
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
security import "$CERTIFICATE_PATH" \
-P "$APPLE_CERTIFICATE_PASSWORD" \
-A \
-t cert \
-f pkcs12 \
-k "$KEYCHAIN_PATH"
security set-key-partition-list \
-S apple-tool:,apple: \
-k "$KEYCHAIN_PASSWORD" \
"$KEYCHAIN_PATH"
security list-keychains -d user -s "$KEYCHAIN_PATH" login.keychain-db
- name: Import provisioning profile
env:
APPLE_PROVISIONING_PROFILE_BASE64: ${{ secrets.APPLE_PROVISIONING_PROFILE_BASE64 }}
run: |
PROFILE_PATH="$RUNNER_TEMP/profile.mobileprovision"
echo -n "$APPLE_PROVISIONING_PROFILE_BASE64" | base64 --decode -o "$PROFILE_PATH"
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
PROFILE_UUID=$(/usr/libexec/PlistBuddy -c "Print UUID" /dev/stdin <<< \
"$(security cms -D -i "$PROFILE_PATH")")
cp "$PROFILE_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/"$PROFILE_UUID".mobileprovision
echo "PROVISIONING_PROFILE_UUID=$PROFILE_UUID" >> "$GITHUB_ENV"
- name: Set up App Store Connect API key
env:
APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
run: |
mkdir -p ~/.private_keys
echo -n "$APP_STORE_CONNECT_API_KEY_BASE64" | base64 --decode \
-o ~/.private_keys/AuthKey_"$APP_STORE_CONNECT_API_KEY_ID".p8
- name: Extract version from tag
run: |
TAG="${GITHUB_REF#refs/tags/v}"
echo "MARKETING_VERSION=$TAG" >> "$GITHUB_ENV"
echo "CURRENT_PROJECT_VERSION=$GITHUB_RUN_NUMBER" >> "$GITHUB_ENV"
echo "Building version $TAG ($GITHUB_RUN_NUMBER)"
- name: Build archive
run: |
xcodebuild archive \
-project app/ios/FareBot.xcodeproj \
-scheme FareBot \
-configuration Release \
-destination 'generic/platform=iOS' \
-archivePath "$RUNNER_TEMP/FareBot.xcarchive" \
MARKETING_VERSION="$MARKETING_VERSION" \
CURRENT_PROJECT_VERSION="$CURRENT_PROJECT_VERSION" \
CODE_SIGN_STYLE=Manual \
CODE_SIGN_IDENTITY="Apple Distribution" \
DEVELOPMENT_TEAM=ZJ9GEQ36AH \
PROVISIONING_PROFILE_SPECIFIER="$PROVISIONING_PROFILE_UUID"
- name: Export IPA
run: |
EXPORT_PLIST="$RUNNER_TEMP/ExportOptions.plist"
cat > "$EXPORT_PLIST" <<PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>method</key>
<string>app-store-connect</string>
<key>teamID</key>
<string>ZJ9GEQ36AH</string>
<key>signingStyle</key>
<string>manual</string>
<key>signingCertificate</key>
<string>Apple Distribution</string>
<key>provisioningProfiles</key>
<dict>
<key>com.codebutler.farebot</key>
<string>$PROVISIONING_PROFILE_UUID</string>
</dict>
<key>uploadSymbols</key>
<true/>
<key>destination</key>
<string>upload</string>
</dict>
</plist>
PLIST
cat "$EXPORT_PLIST"
xcodebuild -exportArchive \
-archivePath "$RUNNER_TEMP/FareBot.xcarchive" \
-exportPath "$RUNNER_TEMP/export" \
-exportOptionsPlist "$EXPORT_PLIST"
- name: Install fastlane
run: brew install fastlane
- name: Upload to TestFlight & distribute to internal testers
env:
APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
run: |
# Build the API key JSON that fastlane expects
API_KEY_JSON="$RUNNER_TEMP/api_key.json"
P8_CONTENTS=$(cat ~/.private_keys/AuthKey_"$APP_STORE_CONNECT_API_KEY_ID".p8)
cat > "$API_KEY_JSON" <<EOF
{
"key_id": "$APP_STORE_CONNECT_API_KEY_ID",
"issuer_id": "$APP_STORE_CONNECT_ISSUER_ID",
"key": $(echo "$P8_CONTENTS" | jq -Rs .),
"in_house": false
}
EOF
fastlane pilot upload \
--ipa "$RUNNER_TEMP/export/FareBot.ipa" \
--api_key_path "$API_KEY_JSON" \
--distribute_external false \
--skip_waiting_for_build_processing false \
--changelog "Build $MARKETING_VERSION ($CURRENT_PROJECT_VERSION)"
- name: Cleanup keychain
if: always()
run: |
KEYCHAIN_PATH="$RUNNER_TEMP/signing.keychain-db"
if [ -f "$KEYCHAIN_PATH" ]; then
security delete-keychain "$KEYCHAIN_PATH"
fi