-
Notifications
You must be signed in to change notification settings - Fork 3
119 lines (100 loc) · 5.05 KB
/
ios-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: iOS deploy
on:
workflow_dispatch:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
jobs:
deploy:
runs-on: macos-13
steps:
- name: Update XCode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '15.0.1'
- name: Checkout repository
uses: actions/checkout@v4
- name: Make envfile
run: |
echo "GPF_key=${{ secrets.GPF_key }}" > .env
echo "signalement_url=${{ secrets.SIGNALEMENT_URL }}" >> .env
echo "osm_bearer_token=${{ secrets.OSM_BEARER_TOKEN }}" >> .env
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Install app dependencies
run: npm install
- name: Build
run: npm run build
- name: Sync
run: npx cap sync
## Use this if build mobileprovision too big in base64 for GH secrets
# - name: Decrypt build mobileprovision
# run: ios/decrypt_provision.sh
# env:
# BUILD_PROVISION_PASSPHRASE: ${{ secrets.BUILD_PROVISION_PASSPHRASE }}
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
DISTRIBUTION_CERTIFICATE_P12: ${{ secrets.DISTRIBUTION_CERTIFICATE_P12 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
P12_PASSWORD_DISTR: ${{ secrets.P12_PASSWORD_DISTR }}
DEPLOY_PROVISION_PROFILE_BASE64: ${{ secrets.DEPLOY_PROVISION_PROFILE_BASE64 }}
## Comment this if build mobileprovision too big in base64 for GH secrets
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
CERTIFICATE_DISTR_PATH=$RUNNER_TEMP/distribution_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
DPP_PATH=$RUNNER_TEMP/deploy_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$DISTRIBUTION_CERTIFICATE_P12" | base64 --decode -o $CERTIFICATE_DISTR_PATH
echo -n "$DEPLOY_PROVISION_PROFILE_BASE64" | base64 --decode -o $DPP_PATH
## Comment this if build mobileprovision too big in base64 for GH secrets
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
## And use this instead
# mv $HOME/secrets/build.mobileprovision $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security import $CERTIFICATE_DISTR_PATH -P "" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
cp $DPP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Build app
run: cd ios/App && xcodebuild -workspace "App.xcworkspace" -scheme "App" clean archive -archivePath $GITHUB_WORKSPACE/ign.xcarchive -configuration "Release Production" DEVELOPMENT_TEAM=${{ secrets.APPSTORE_TEAM_ID }}
- name: export ipa
env:
EXPORT_PLIST: ${{ secrets.IOS_EXPORT_PRODUCTION }}
run: |
EXPORT_PLIST_PATH=$RUNNER_TEMP/ExportOptions.plist
echo $EXPORT_PLIST_PATH
echo -n "$EXPORT_PLIST" | base64 --decode -i - -o $EXPORT_PLIST_PATH
cd ios/App && xcodebuild -exportArchive -archivePath $GITHUB_WORKSPACE/ign.xcarchive -exportOptionsPlist $EXPORT_PLIST_PATH -exportPath $RUNNER_TEMP/export
- name: Upload application
uses: actions/upload-artifact@v4
with:
name: app
path: ${{ runner.temp }}/export/App.ipa
retention-days: 3
- name: Decode auth api key file and save it
env:
API_KEY_BASE64: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}
run: |
mkdir -p ~/private_keys
echo -n " $API_KEY_BASE64" | base64 --decode -i - -o ~/private_keys/AuthKey_${{ secrets.APPSTORE_API_KEY_ID }}.p8
- name: "Upload file to test flight using CLI"
run: |
echo "Starting upload"
cd ios/App && xcrun altool --validate-app -f $RUNNER_TEMP/export/App.ipa -t ios --apiKey ${{ secrets.APPSTORE_API_KEY_ID }} --apiIssuer ${{ secrets.APPSTORE_ISSUER_ID }}
xcrun altool --upload-app -f $RUNNER_TEMP/export/App.ipa -t ios --apiKey ${{ secrets.APPSTORE_API_KEY_ID }} --apiIssuer ${{ secrets.APPSTORE_ISSUER_ID }}