#9 Prepare iphone native version #86
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build and release | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| jobs: | |
| build: | |
| name: build and release | |
| runs-on: macos-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: checkout source | |
| uses: actions/checkout@v4 | |
| - name: set up flutter | |
| uses: subosito/flutter-action@v2 | |
| with: | |
| channel: 'stable' | |
| flutter-version-file: pubspec.yaml | |
| cache: true | |
| - name: print flutter version | |
| run: flutter --version | |
| - name: get dependencies | |
| run: flutter pub get | |
| - name: prepare sensitive data | |
| run: | | |
| # android | |
| echo "${{ secrets.FIREBASE_OPTIONS_DART }}" | base64 -d >> ./lib/firebase_options.dart | |
| echo "${{ secrets.GOOGLE_SERVICE_JSON }}" | base64 -d >> ./android/app/google-services.json | |
| echo "${{ secrets.RELEASE_KEYSTORE }}" | base64 -d >> ./android/app/chrono-sheet.jks | |
| echo "storeFile=chrono-sheet.jks" >> ./android/key.properties | |
| echo "storePassword=${{ secrets.RELEASE_KEYSTORE_PASSWORD }}" >> ./android/key.properties | |
| echo "keyPassword=${{ secrets.RELEASE_KEYSTORE_PASSWORD }}" >> ./android/key.properties | |
| echo "keyAlias=${{ secrets.RELEASE_KEYSTORE_KEY }}" >> ./android/key.properties | |
| # ios | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| echo "${{ secrets.INFO_PLIST }}" | base64 -d >> ./ios/Runner/Info.plist | |
| echo "${{ secrets.GOOGLE_SERVICE_INFO_PLIST }}" | base64 -d >> ./ios/Runner/GoogleService-Info.plist | |
| echo "${{ secrets.IPHONE_CERTIFICATE_P12 }}" | base64 -d >> $CERTIFICATE_PATH | |
| echo "${{ secrets.IPHONE_PROVISIONING_PROFILE }}" | base64 -d >> $PP_PATH | |
| echo "${{ secrets.APP_STORE_CONNECT_API_KEY }}" | base64 -d >> ./private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}.p8 | |
| # create temporary keychain | |
| security create-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" $KEYCHAIN_PATH | |
| # import certificate to keychain | |
| security import $CERTIFICATE_PATH -P "${{ secrets.IPHONE_CERTIFICATE_PASSWORD }}" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| # apply provisioning profile | |
| mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
| cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
| - name: generate l10n | |
| run: flutter gen-l10n | |
| # - name: test | |
| # run: | | |
| # echo "${{ secrets.GOOGLE_TEST_SERVICE_ACCOUNT_JSON }}" | base64 -d >> ./test/auto-test-service-account.json | |
| # flutter test | |
| - name: prepare gradle cache key | |
| # we explicitly use the same cache key for restoring and saving the cache because | |
| # it seems that the flutter build modifies gradle files and if we generate the key | |
| # from hash after the build (on cache save), we get a hash value whcih is different | |
| # from the value we get initially (on cache restore) | |
| run: echo "GRADLE_CACHE_KEY=gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}" >> $GITHUB_ENV | |
| - name: restore gradle cache | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ env.GRADLE_CACHE_KEY }} | |
| - name: release paperwork | |
| run: | | |
| ./gradlew release-paperwork | |
| git push | |
| # - name: build apk | |
| # run: flutter build apk --release | |
| # - name: build app bundle | |
| # run: flutter build appbundle | |
| - name: save gradle cache | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ env.GRADLE_CACHE_KEY }} | |
| # - name: upload apk | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: apk | |
| # path: build/app/outputs/flutter-apk/app-release.apk | |
| # - name: upload aab | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: aab | |
| # path: build/app/outputs/bundle/release/app-release.aab | |
| - name: build ipa | |
| run: flutter build ipa --release --export-options-plist ios/GithubActionsExportOptions.plist | |
| - name: upload to testflight | |
| run: | | |
| xcrun altool --validate-app -f ./build/ios/ipa/chrono_sheet.ipa -t ios --apiKey ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }} --apiIssuer ${{ secrets.APP_STORE_CONNECT_TEAM_ID }} | |
| xcrun altool --upload-app -f ./build/ios/ipa/chrono_sheet.ipa -t ios --apiKey ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }} --apiIssuer ${{ secrets.APP_STORE_CONNECT_TEAM_ID }} | |
| - name: clean sensitive data | |
| if: ${{ always() }} | |
| run: | | |
| security delete-keychain $RUNNER_TEMP/app-signing.keychain-db | |
| rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision |