Fix finding SiVa cert #989
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: RIA DigiDoc iOS | |
on: [push, pull_request] | |
env: | |
BUILD_NUMBER: ${{ github.run_number }} | |
jobs: | |
build: | |
name: Build RIA DigiDoc on macOS | |
if: contains(github.repository, 'open-eid/MOPP-iOS') && contains(github.ref, 'master') | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
xcode: | |
- 15.4 | |
platform: | |
- iOS | |
env: | |
DEFAULT_CENTRAL_CONFIGURATION_URL: "https://id.eesti.ee" | |
DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL: 4 | |
DEFAULT_CENTRAL_CONFIGURATION_TSL_URL: "https://ec.europa.eu/tools/lotl/eu-lotl.xml" | |
TEMP_KEYCHAIN_PATH: "$RUNNER_TEMP/ios-github-actions.keychain-db" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Download Libdigidocpp iOS artifact | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
workflow: build.yml | |
branch: master | |
name: iphoneos | |
path: libdigidocpp-ios | |
repo: open-eid/libdigidocpp | |
- name: Download Libdigidocpp iOS Simulator artifact | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
workflow: build.yml | |
branch: master | |
name: iphonesimulator | |
path: libdigidocpp-ios-simulator | |
repo: open-eid/libdigidocpp | |
- name: Extract libdigidocpp artifacts | |
run: | | |
ls -laht libdigidocpp-ios | |
ls -laht libdigidocpp-ios-simulator | |
unzip -o libdigidocpp-ios/libdigidocpp.iphoneos.zip -d libdigidocpp.iphoneos | |
unzip -o libdigidocpp-ios-simulator/libdigidocpp.iphonesimulator.zip -d libdigidocpp.iphonesimulator | |
ls -laht | |
- name: Update libdigidocpp in project | |
run: | | |
export LIBDIGIDOCPP_PATH=${{ github.workspace }}/MoppLib/MoppLib/libdigidocpp | |
rm -rf $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos && mkdir $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos && cp -r ${{ github.workspace }}/libdigidocpp.iphoneos/libdigidocpp.iphoneos/ $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos/ | |
rm -rf $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator && mkdir $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator && cp -r ${{ github.workspace }}/libdigidocpp.iphonesimulator/libdigidocpp.iphonesimulator/* $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator/ | |
- name: Install the Apple certificate and provisioning profiles | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
# Create variables | |
CERTIFICATE_P12_PATH=$RUNNER_TEMP/Certificate_iOS_Github_Actions.p12 | |
MOBILEPROVISIONING_PATH=$RUNNER_TEMP/MobileProvisioning_iOS_Github_Actions.mobileprovision | |
MOBILEPROVISIONING_SHARE_EXTENSION_PATH=$RUNNER_TEMP/MobileProvisioningShareExtension_iOS_Github_Actions.mobileprovision | |
# Import certificate and provisioning profile from Github secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_P12_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $MOBILEPROVISIONING_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64" | base64 --decode --output $MOBILEPROVISIONING_SHARE_EXTENSION_PATH | |
# Create temporary keychain | |
security create-keychain -p "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $TEMP_KEYCHAIN_PATH | |
security unlock-keychain -p "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH | |
security set-keychain-settings -lut 900 | |
# Import certificate to temporary keychain | |
security import $CERTIFICATE_P12_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $TEMP_KEYCHAIN_PATH | |
security list-keychain -d user -s $TEMP_KEYCHAIN_PATH | |
security set-key-partition-list -S apple-tool:,apple: -s -k "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH | |
# Apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $MOBILEPROVISIONING_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $MOBILEPROVISIONING_SHARE_EXTENSION_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Setup environment | |
env: | |
GOOGLE_SERVICES_PLIST: ${{ secrets.GOOGLE_SERVICES_PLIST }} | |
run: | | |
export LANG=en_US.UTF-8 | |
cd ${{ github.workspace }}/MoppApp | |
echo -n "$GOOGLE_SERVICES_PLIST" | base64 --decode --output "GoogleService-Info.plist" | |
echo "APP_VERSION=$('/usr/bin/xcodebuild' -showBuildSettings | grep MARKETING_VERSION | tr -d 'MARKETING_VERSION =')" >> $GITHUB_ENV | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- name: Install Swift-sh | |
run: brew install swift-sh | |
- name: Build and Archive | |
env: | |
APP_PROVISIONING_PROFILE_UUID: ${{ secrets.APP_PROVISIONING_PROFILE_UUID }} | |
SHARE_EXTENSION_PROVISIONING_PROFILE_UUID: ${{ secrets.SHARE_EXTENSION_PROVISIONING_PROFILE_UUID }} | |
run: | | |
cd ${{ github.workspace }}/MoppApp | |
xcodebuild archive -scheme MoppApp -configuration Release -archivePath "${{ github.workspace }}/MoppApp/build/DigiDoc.xcarchive" -allowProvisioningUpdates APP_PROVISIONING_PROFILE="$APP_PROVISIONING_PROFILE_UUID" SHARE_EXTENSION_PROVISIONING_PROFILE="$SHARE_EXTENSION_PROVISIONING_PROFILE_UUID" | |
- name: Export | |
env: | |
EXPORT_OPTIONS_PLIST: ${{ secrets.EXPORT_OPTIONS_PLIST }} | |
run: | | |
cd ${{ github.workspace }}/MoppApp | |
echo -n "$EXPORT_OPTIONS_PLIST" | base64 --decode --output "ExportOptions.plist" | |
xcodebuild -exportArchive -archivePath "${{ github.workspace }}/MoppApp/build/DigiDoc.xcarchive" -exportPath "${{ github.workspace }}/MoppApp/build/" -configuration Release -exportOptionsPlist ExportOptions.plist DEFAULT_CENTRAL_CONFIGURATION_URL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_URL }} DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL }} DEFAULT_CENTRAL_CONFIGURATION_TSL_URL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_TSL_URL }} "OTHER_SWIFT_FLAGS=-DCOCOAPODS" | xcpretty | |
# Change .ipa name | |
mv ${{ github.workspace }}/MoppApp/build/MoppApp.ipa ${{ github.workspace }}/MoppApp/build/RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}.ipa | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
if: success() | |
with: | |
name: "RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}" | |
path: "${{ github.workspace }}/MoppApp/build/RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}.ipa" | |
- name: Clean up | |
if: ${{ always() }} | |
run: | | |
TEMP_KEYCHAIN_PATH="$RUNNER_TEMP/ios-github-actions.keychain-db" | |
MOBILEPROVISIONING_PATH=$RUNNER_TEMP/MobileProvisioning_iOS_Github_Actions.mobileprovision | |
MOBILEPROVISIONING_SHARE_EXTENSION_PATH=$RUNNER_TEMP/MobileProvisioningShareExtension_iOS_Github_Actions.mobileprovision | |
# Keychain | |
if [[ -f $TEMP_KEYCHAIN_PATH ]] | |
then | |
security delete-keychain $TEMP_KEYCHAIN_PATH | |
fi | |
# Main provisioning profile | |
if [[ -f $MOBILEPROVISIONING_PATH ]] | |
then | |
rm $MOBILEPROVISIONING_PATH | |
fi | |
# Share Extension provisioning profile | |
if [[ -f $MOBILEPROVISIONING_SHARE_EXTENSION_PATH ]] | |
then | |
rm $MOBILEPROVISIONING_SHARE_EXTENSION_PATH | |
fi | |