test build ios archive #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # name: iOS CI/CD | |
| on: | |
| push: | |
| branches: ["ci-cd"] | |
| workflow_dispatch: | |
| jobs: | |
| build-web: | |
| name: Build web bundle (www) | |
| runs-on: macos-15 | |
| # Ensure manual runs only proceed on the ci-cd branch | |
| if: github.ref == 'refs/heads/ci-cd' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| - name: Create empty .env | |
| run: touch .env | |
| - name: Make envfile (override with secrets) | |
| run: | | |
| set -euo pipefail | |
| [ -n "${{ secrets.COLLAB_API_CLIENT_ID }}" ] && echo "COLLAB_API_CLIENT_ID=${{ secrets.COLLAB_API_CLIENT_ID }}" >> .env || true | |
| [ -n "${{ secrets.COLLAB_API_CLIENT_SECRET }}" ] && echo "COLLAB_API_CLIENT_SECRET=${{ secrets.COLLAB_API_CLIENT_SECRET }}" >> .env || true | |
| [ -n "${{ secrets.BASE_AUTH_URL }}" ] && echo "BASE_AUTH_URL=${{ secrets.BASE_AUTH_URL }}" >> .env || true | |
| [ -n "${{ secrets.QLF_COLLAB_API_CLIENT_ID }}" ] && echo "QLF_COLLAB_API_CLIENT_ID=${{ secrets.QLF_COLLAB_API_CLIENT_ID }}" >> .env || true | |
| [ -n "${{ secrets.QLF_COLLAB_API_CLIENT_SECRET }}" ] && echo "QLF_COLLAB_API_CLIENT_SECRET=${{ secrets.QLF_COLLAB_API_CLIENT_SECRET }}" >> .env || true | |
| [ -n "${{ secrets.QLF_BASE_AUTH_URL }}" ] && echo "QLF_BASE_AUTH_URL=${{ secrets.QLF_BASE_AUTH_URL }}" >> .env || true | |
| [ -n "${{ secrets.BASE_API_URL }}" ] && echo "BASE_API_URL=${{ secrets.BASE_API_URL }}" >> .env || true | |
| [ -n "${{ secrets.SECRET }}" ] && echo "SECRET=${{ secrets.SECRET }}" >> .env || true | |
| # App selection/name identifiers (optional overrides, defined in the config.js files) | |
| [ -n "${{ secrets.APPLI }}" ] && echo "APPLI=${{ secrets.APPLI }}" >> .env || true | |
| [ -n "${{ secrets.APPLI_ID }}" ] && echo "APPLI_ID=${{ secrets.APPLI_ID }}" >> .env || true | |
| [ -n "${{ secrets.APPLI_NAME }}" ] && echo "APPLI_NAME=${{ secrets.APPLI_NAME }}" >> .env || true | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build web bundle | |
| run: npm run build | |
| - name: Generate Capacitor assets (iOS) | |
| run: npx @capacitor/assets generate --ios | |
| - name: Capacitor sync (iOS) | |
| run: npx cap sync ios | |
| - name: Install Apple distribution cert & App Store profile | |
| env: | |
| DISTRIBUTION_CERTIFICATE_P12: ${{ secrets.DISTRIBUTION_CERTIFICATE_P12 }} | |
| P12_PASSWORD_DISTR: ${{ secrets.P12_PASSWORD_DISTR }} | |
| APPSTORE_PROFILE_BASE64: ${{ secrets.DEPLOY_PROVISION_PROFILE_BASE64 }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: | | |
| set -euo pipefail | |
| CERT_P12=$RUNNER_TEMP/dist.p12 | |
| PROFILE=$RUNNER_TEMP/appstore.mobileprovision | |
| KEYCHAIN=$RUNNER_TEMP/app-signing.keychain-db | |
| echo -n "$DISTRIBUTION_CERTIFICATE_P12" | base64 --decode > "$CERT_P12" | |
| echo -n "$APPSTORE_PROFILE_BASE64" | base64 --decode > "$PROFILE" | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN" | |
| security set-keychain-settings -lut 21600 "$KEYCHAIN" | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN" | |
| security import "$CERT_P12" -P "$P12_PASSWORD_DISTR" -A -t cert -f pkcs12 -k "$KEYCHAIN" | |
| security list-keychain -d user -s "$KEYCHAIN" | |
| mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles" | |
| cp "$PROFILE" "$HOME/Library/MobileDevice/Provisioning Profiles/" | |
| - name: Build archive | |
| env: | |
| TEAM_ID: ${{ secrets.APPSTORE_TEAM_ID }} | |
| run: | | |
| set -euo pipefail | |
| # If your workspace/scheme paths differ, adjust. | |
| cd ios/App | |
| xcodebuild \ | |
| -workspace "App.xcworkspace" \ | |
| -scheme "App" \ | |
| -configuration "Release Production" \ | |
| -archivePath "$GITHUB_WORKSPACE/App.xcarchive" \ | |
| -destination "generic/platform=iOS" \ | |
| DEVELOPMENT_TEAM="$TEAM_ID" \ | |
| clean archive | |
| # - name: Export IPA | |
| # env: | |
| # EXPORT_PLIST_B64: ${{ secrets.IOS_EXPORT_PRODUCTION }} # base64 of ExportOptions.plist (method=app-store, signingStyle=manual, provisioningProfiles map) | |
| # run: | | |
| # set -euo pipefail | |
| # EXPORT_PLIST=$RUNNER_TEMP/ExportOptions.plist | |
| # echo -n "$EXPORT_PLIST_B64" | base64 --decode > "$EXPORT_PLIST" | |
| # cd ios/App | |
| # xcodebuild -exportArchive \ | |
| # -archivePath "$GITHUB_WORKSPACE/App.xcarchive" \ | |
| # -exportOptionsPlist "$EXPORT_PLIST" \ | |
| # -exportPath "$RUNNER_TEMP/export" | |
| # # Optional: keep if you want to fetch the IPA from Actions | |
| # - name: Upload IPA artifact (optional) | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: App-ipa | |
| # path: ${{ runner.temp }}/export/*.ipa | |
| # retention-days: 3 | |
| # - name: Save App Store Connect API key (.p8) | |
| # env: | |
| # API_KEY_B64: ${{ secrets.APPSTORE_API_PRIVATE_KEY }} # base64 of AuthKey_XXXXXX.p8 | |
| # run: | | |
| # set -euo pipefail | |
| # mkdir -p ~/private_keys | |
| # echo -n "$API_KEY_B64" | base64 --decode \ | |
| # > ~/private_keys/AuthKey_${{ secrets.APPSTORE_API_KEY_ID }}.p8 | |
| # - name: Upload to TestFlight | |
| # env: | |
| # API_KEY_ID: ${{ secrets.APPSTORE_API_KEY_ID }} | |
| # API_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }} | |
| # run: | | |
| # set -euo pipefail | |
| # IPA=$(ls $RUNNER_TEMP/export/*.ipa | head -n 1) | |
| # xcrun iTMSTransporter -m upload \ | |
| # -assetFile "$IPA" \ | |
| # -apiKey "$API_KEY_ID" \ | |
| # -apiIssuer "$API_ISSUER_ID" |