Add archive/dmg workflow; guard SwiftUI previews #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Validates the automated portion of the release suite defined in docs/RELEASE_TEST_MATRIX.md. | |
| # Manual extension gates remain in docs/MANUAL-TESTING-GUIDE.md. | |
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release | |
| - "release/**" | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build-and-test: | |
| name: Build and test | |
| runs-on: macos-14 | |
| timeout-minutes: 90 | |
| env: | |
| PROJECT_PATH: MacPGP/MacPGP.xcodeproj | |
| SCHEME: MacPGP | |
| DESTINATION: platform=macOS | |
| DERIVED_DATA_PATH: DerivedData | |
| RESULT_BUNDLE_DIR: TestResults | |
| # Hosted runners do not have the App Group provisioning profiles. CI signs ad hoc | |
| # and strips entitlements for automated build/test; manual gates cover extensions. | |
| CI_MACOSX_DEPLOYMENT_TARGET: "14.0" | |
| CI_CODE_SIGN_IDENTITY: "-" | |
| CI_CODE_SIGN_STYLE: Manual | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Select Xcode | |
| run: | | |
| sudo xcode-select -s /Applications/Xcode_16.2.app/Contents/Developer | |
| xcodebuild -version | |
| - name: Prepare result bundle directory | |
| run: | | |
| rm -rf "$RESULT_BUNDLE_DIR" | |
| mkdir -p "$RESULT_BUNDLE_DIR" | |
| - name: Build MacPGP scheme | |
| timeout-minutes: 20 | |
| run: | | |
| xcodebuild build \ | |
| -project "$PROJECT_PATH" \ | |
| -scheme "$SCHEME" \ | |
| -destination "$DESTINATION" \ | |
| -derivedDataPath "$DERIVED_DATA_PATH" \ | |
| -skipPackagePluginValidation \ | |
| -skipMacroValidation \ | |
| CODE_SIGN_STYLE="$CI_CODE_SIGN_STYLE" \ | |
| CODE_SIGN_IDENTITY="$CI_CODE_SIGN_IDENTITY" \ | |
| CODE_SIGNING_REQUIRED=NO \ | |
| CODE_SIGN_ENTITLEMENTS= \ | |
| DEVELOPMENT_TEAM= \ | |
| PROVISIONING_PROFILE_SPECIFIER= \ | |
| MACOSX_DEPLOYMENT_TARGET="$CI_MACOSX_DEPLOYMENT_TARGET" | |
| - name: Run MacPGPTests | |
| timeout-minutes: 35 | |
| run: | | |
| xcodebuild test \ | |
| -project "$PROJECT_PATH" \ | |
| -scheme "$SCHEME" \ | |
| -destination "$DESTINATION" \ | |
| -only-testing:MacPGPTests \ | |
| -resultBundlePath "$RESULT_BUNDLE_DIR/MacPGPTests.xcresult" \ | |
| -derivedDataPath "$DERIVED_DATA_PATH" \ | |
| -skipPackagePluginValidation \ | |
| -skipMacroValidation \ | |
| CODE_SIGN_STYLE="$CI_CODE_SIGN_STYLE" \ | |
| CODE_SIGN_IDENTITY="$CI_CODE_SIGN_IDENTITY" \ | |
| CODE_SIGNING_REQUIRED=NO \ | |
| CODE_SIGN_ENTITLEMENTS= \ | |
| DEVELOPMENT_TEAM= \ | |
| PROVISIONING_PROFILE_SPECIFIER= \ | |
| MACOSX_DEPLOYMENT_TARGET="$CI_MACOSX_DEPLOYMENT_TARGET" | |
| - name: Run MacPGPUITests | |
| timeout-minutes: 50 | |
| run: | | |
| xcodebuild test \ | |
| -project "$PROJECT_PATH" \ | |
| -scheme "$SCHEME" \ | |
| -destination "$DESTINATION" \ | |
| -only-testing:MacPGPUITests \ | |
| -resultBundlePath "$RESULT_BUNDLE_DIR/MacPGPUITests.xcresult" \ | |
| -derivedDataPath "$DERIVED_DATA_PATH" \ | |
| -skipPackagePluginValidation \ | |
| -skipMacroValidation \ | |
| -test-timeouts-enabled YES \ | |
| -default-test-execution-time-allowance 120 \ | |
| -maximum-test-execution-time-allowance 600 \ | |
| CODE_SIGN_STYLE="$CI_CODE_SIGN_STYLE" \ | |
| CODE_SIGN_IDENTITY="$CI_CODE_SIGN_IDENTITY" \ | |
| CODE_SIGNING_REQUIRED=NO \ | |
| CODE_SIGN_ENTITLEMENTS= \ | |
| DEVELOPMENT_TEAM= \ | |
| PROVISIONING_PROFILE_SPECIFIER= \ | |
| MACOSX_DEPLOYMENT_TARGET="$CI_MACOSX_DEPLOYMENT_TARGET" | |
| - name: Upload test result artifacts | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: xcode-test-results | |
| path: TestResults/*.xcresult | |
| if-no-files-found: ignore | |
| release-guardrails: | |
| name: Release guardrails | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/release' || startsWith(github.ref, 'refs/heads/release/')) | |
| env: | |
| CONFIGURATION: Release | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Check ShareExtension is not embedded in release app target | |
| run: bash scripts/check-no-shareextension-in-release.sh MacPGP/MacPGP.xcodeproj/project.pbxproj |