-
-
Notifications
You must be signed in to change notification settings - Fork 18
169 lines (145 loc) · 5.92 KB
/
Copy pathbuild-mobile.yml
File metadata and controls
169 lines (145 loc) · 5.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
name: Build Mobile
on:
workflow_dispatch:
workflow_call:
inputs:
ref:
required: false
type: string
release:
required: false
type: boolean
pull_request:
push:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build-sign-android:
name: Build and sign Android
# Fork PRs build an unsigned debug APK (secrets aren't available to forks);
# internal PRs / pushes build the signed release artifacts.
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-latest
steps:
- name: Determine ref
id: get-ref
run: |
input_ref="${{ inputs.ref }}"
github_ref="${{ github.sha }}"
ref="${input_ref:-$github_ref}"
echo "ref=$ref" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
with:
ref: ${{ steps.get-ref.outputs.ref }}
- uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "21"
cache: "gradle"
- name: Create the Keystore
if: ${{ !github.event.pull_request.head.repo.fork }}
env:
KEYSTORE_B64: ${{ secrets.KEYSTORE_B64 }}
run: echo "$KEYSTORE_B64" | base64 -d > android/key.keystore
- uses: oven-sh/setup-bun@v1
- run: bun install
- run: bun run build
- run: bunx cap sync android
- name: Build signed Android App Bundle
if: ${{ !github.event.pull_request.head.repo.fork }}
env:
ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
run: ./gradlew assembleRelease bundleRelease
working-directory: android
- name: Build debug APK (fork PRs)
if: ${{ github.event.pull_request.head.repo.fork }}
run: ./gradlew assembleDebug
working-directory: android
- name: Publish Android APK
if: ${{ !github.event.pull_request.head.repo.fork }}
uses: actions/upload-artifact@v4
with:
name: release-apk-signed
path: android/app/build/outputs/apk/release/*.apk
- name: Publish Android AAB
if: ${{ !github.event.pull_request.head.repo.fork }}
uses: actions/upload-artifact@v4
with:
name: release-aab-signed
path: android/app/build/outputs/bundle/release/*.aab
- name: Publish debug APK (fork PRs)
if: ${{ github.event.pull_request.head.repo.fork }}
uses: actions/upload-artifact@v4
with:
name: debug-apk
path: android/app/build/outputs/apk/debug/*.apk
build:
runs-on: macos-latest
name: Build iOS app
# Fork PRs do a no-codesign compile check (secrets aren't available to forks);
# internal PRs / pushes archive and export a signed IPA.
if: ${{ github.actor != 'dependabot[bot]' }}
steps:
- name: Determine ref
id: get-ref
run: |
input_ref="${{ inputs.ref }}"
github_ref="${{ github.sha }}"
ref="${input_ref:-$github_ref}"
echo "ref=$ref" >> $GITHUB_OUTPUT
- name: Checkout source
uses: actions/checkout@v4
with:
ref: ${{ steps.get-ref.outputs.ref }}
- name: Install the Apple certificate and provisioning profile
if: ${{ !github.event.pull_request.head.repo.fork }}
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Set up XCode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: latest-stable
- uses: oven-sh/setup-bun@v1
- run: bun install
- run: bun --bun run build
- run: bunx cap sync ios
- name: Build project
if: ${{ !github.event.pull_request.head.repo.fork }}
run: xcodebuild -workspace './ios/App/App.xcworkspace' -scheme GiraMais -destination generic/platform=iOS -archivePath App.xcarchive archive
- name: 🍻 Assemble IPA
if: ${{ !github.event.pull_request.head.repo.fork }}
run: xcodebuild archive -archivePath App.xcarchive -exportArchive -exportOptionsPlist ./archive.plist -exportPath output -allowProvisioningUpdates
- name: Build project (compile check, fork PRs)
if: ${{ github.event.pull_request.head.repo.fork }}
run: xcodebuild build -workspace './ios/App/App.xcworkspace' -scheme GiraMais -destination generic/platform=iOS CODE_SIGNING_ALLOWED=NO
- name: Upload release bundle
if: ${{ !github.event.pull_request.head.repo.fork }}
uses: actions/upload-artifact@v4
with:
name: app-ios
path: output/
retention-days: 60