-
Notifications
You must be signed in to change notification settings - Fork 0
141 lines (122 loc) · 5.76 KB
/
ios-action.yml
File metadata and controls
141 lines (122 loc) · 5.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# name: iOS CI/CD
on:
push:
branches: ["ci-cd"]
workflow_dispatch:
jobs:
build-web:
name: Build web bundle (www)
runs-on: macos-15
# Ensure manual runs only proceed on the ci-cd branch
if: github.ref == 'refs/heads/ci-cd'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
- name: Create empty .env
run: touch .env
- name: Make envfile (override with secrets)
run: |
set -euo pipefail
[ -n "${{ secrets.COLLAB_API_CLIENT_ID }}" ] && echo "COLLAB_API_CLIENT_ID=${{ secrets.COLLAB_API_CLIENT_ID }}" >> .env || true
[ -n "${{ secrets.COLLAB_API_CLIENT_SECRET }}" ] && echo "COLLAB_API_CLIENT_SECRET=${{ secrets.COLLAB_API_CLIENT_SECRET }}" >> .env || true
[ -n "${{ secrets.BASE_AUTH_URL }}" ] && echo "BASE_AUTH_URL=${{ secrets.BASE_AUTH_URL }}" >> .env || true
[ -n "${{ secrets.QLF_COLLAB_API_CLIENT_ID }}" ] && echo "QLF_COLLAB_API_CLIENT_ID=${{ secrets.QLF_COLLAB_API_CLIENT_ID }}" >> .env || true
[ -n "${{ secrets.QLF_COLLAB_API_CLIENT_SECRET }}" ] && echo "QLF_COLLAB_API_CLIENT_SECRET=${{ secrets.QLF_COLLAB_API_CLIENT_SECRET }}" >> .env || true
[ -n "${{ secrets.QLF_BASE_AUTH_URL }}" ] && echo "QLF_BASE_AUTH_URL=${{ secrets.QLF_BASE_AUTH_URL }}" >> .env || true
[ -n "${{ secrets.BASE_API_URL }}" ] && echo "BASE_API_URL=${{ secrets.BASE_API_URL }}" >> .env || true
[ -n "${{ secrets.SECRET }}" ] && echo "SECRET=${{ secrets.SECRET }}" >> .env || true
# App selection/name identifiers (optional overrides, defined in the config.js files)
[ -n "${{ secrets.APPLI }}" ] && echo "APPLI=${{ secrets.APPLI }}" >> .env || true
[ -n "${{ secrets.APPLI_ID }}" ] && echo "APPLI_ID=${{ secrets.APPLI_ID }}" >> .env || true
[ -n "${{ secrets.APPLI_NAME }}" ] && echo "APPLI_NAME=${{ secrets.APPLI_NAME }}" >> .env || true
- name: Install dependencies
run: npm ci
- name: Build web bundle
run: npm run build
- name: Generate Capacitor assets (iOS)
run: npx @capacitor/assets generate --ios
- name: Capacitor sync (iOS)
run: npx cap sync ios
- name: Install Apple distribution cert & App Store profile
env:
DISTRIBUTION_CERTIFICATE_P12: ${{ secrets.DISTRIBUTION_CERTIFICATE_P12 }}
P12_PASSWORD_DISTR: ${{ secrets.P12_PASSWORD_DISTR }}
APPSTORE_PROFILE_BASE64: ${{ secrets.DEPLOY_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
set -euo pipefail
CERT_P12=$RUNNER_TEMP/dist.p12
PROFILE=$RUNNER_TEMP/appstore.mobileprovision
KEYCHAIN=$RUNNER_TEMP/app-signing.keychain-db
echo -n "$DISTRIBUTION_CERTIFICATE_P12" | base64 --decode > "$CERT_P12"
echo -n "$APPSTORE_PROFILE_BASE64" | base64 --decode > "$PROFILE"
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
security set-keychain-settings -lut 21600 "$KEYCHAIN"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
security import "$CERT_P12" -P "$P12_PASSWORD_DISTR" -A -t cert -f pkcs12 -k "$KEYCHAIN"
security list-keychain -d user -s "$KEYCHAIN"
mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles"
cp "$PROFILE" "$HOME/Library/MobileDevice/Provisioning Profiles/"
- name: Show build settings
run: |
cd ios/App
xcodebuild -showBuildSettings \
-workspace "App.xcworkspace" \
-scheme "App" \
-configuration "Release Production" | egrep "CODE_SIGN|PROVISION|PRODUCT_BUNDLE_IDENTIFIER|DEVELOPMENT_TEAM"
- name: Build archive
env:
TEAM_ID: ${{ secrets.APPSTORE_TEAM_ID }}
run: |
set -euo pipefail
cd ios/App
xcodebuild \
-workspace "App.xcworkspace" \
-scheme "App" \
-configuration "Release Production" \
-archivePath "$GITHUB_WORKSPACE/App.xcarchive" \
-destination "generic/platform=iOS" \
DEVELOPMENT_TEAM="$TEAM_ID" \
CODE_SIGN_STYLE=Manual \
CODE_SIGNING_ALLOWED=NO \
CODE_SIGNING_REQUIRED=NO \
CODE_SIGN_IDENTITY="" \
PROVISIONING_PROFILE_SPECIFIER="" \
PROVISIONING_PROFILE="" \
clean archive
- name: Export IPA
env:
EXPORT_PLIST_B64: ${{ secrets.IOS_EXPORT_PRODUCTION }}
run: |
set -euo pipefail
EXPORT_PLIST=$RUNNER_TEMP/ExportOptions.plist
echo -n "$EXPORT_PLIST_B64" | base64 --decode > "$EXPORT_PLIST"
cd ios/App
xcodebuild -exportArchive \
-archivePath "$GITHUB_WORKSPACE/App.xcarchive" \
-exportOptionsPlist "$EXPORT_PLIST" \
-exportPath "$RUNNER_TEMP/export"
# - name: Save App Store Connect API key (.p8)
# env:
# API_KEY_B64: ${{ secrets.APPSTORE_API_PRIVATE_KEY }} # base64 of AuthKey_XXXXXX.p8
# run: |
# set -euo pipefail
# mkdir -p ~/private_keys
# echo -n "$API_KEY_B64" | base64 --decode \
# > ~/private_keys/AuthKey_${{ secrets.APPSTORE_API_KEY_ID }}.p8
# - name: Upload to TestFlight
# env:
# API_KEY_ID: ${{ secrets.APPSTORE_API_KEY_ID }}
# API_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }}
# run: |
# set -euo pipefail
# IPA=$(ls $RUNNER_TEMP/export/*.ipa | head -n 1)
# xcrun iTMSTransporter -m upload \
# -assetFile "$IPA" \
# -apiKey "$API_KEY_ID" \
# -apiIssuer "$API_ISSUER_ID"