diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml index 97b5794..48b0a1e 100644 --- a/.github/workflows/ios.yml +++ b/.github/workflows/ios.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - ios-upload-testflight # TODO: this is a temporary branch for testing (REMOVE) pull_request: concurrency: @@ -23,18 +24,25 @@ jobs: - name: Install the Apple certificate and provisioning profile env: BUILD_CERTIFICATE_BASE64: ${{ secrets.IOS_DEV_CERT }} + DISTRIBUTION_CERTIFICATE_BASE64: ${{ secrets.IOS_DISTRIBUTION_CERT }} P12_PASSWORD: ${{ secrets.IOS_CERT_PASSWORD }} + DISTRIBUTION_P12_PASSWORD: ${{ secrets.IOS_DISTRO_CERT_PASSWORD }} BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISIONING_PROFILE }} + DISTRIBUTION_PROFILE_BASE64: ${{ secrets.IOS_DISTRIBUTION_PROFILE }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | # create variables - CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + DISTRO_CERTIFICATE_PATH=$RUNNER_TEMP/distro_certificate.p12 PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision + DISTRO_PP_PATH=$RUNNER_TEMP/distro_pp.mobileprovision KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db # import certificate and provisioning profile from secrets - echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + echo "$BUILD_CERTIFICATE_BASE64" | sed 's/[^A-Za-z0-9+/=]//g' | base64 --decode -o $BUILD_CERTIFICATE_PATH + echo "$DISTRIBUTION_CERTIFICATE_BASE64" | sed 's/[^A-Za-z0-9+/=]//g' | base64 --decode -o $DISTRO_CERTIFICATE_PATH echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH + echo -n "$DISTRIBUTION_PROFILE_BASE64" | base64 --decode -o $DISTRO_PP_PATH # create temporary keychain security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH @@ -42,12 +50,17 @@ jobs: security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH # import certificate to keychain - security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security import $BUILD_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + echo "imported build cert" + security import $DISTRO_CERTIFICATE_PATH -P "$DISTRIBUTION_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + echo "imported distribution cert" + security list-keychain -d user -s $KEYCHAIN_PATH # apply provisioning profile mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles + cp $DISTRO_PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles - name: set up JDK 17 uses: actions/setup-java@v4 @@ -61,45 +74,48 @@ jobs: with: gradle-home-cache-cleanup: true - - name: Build with Xcode - run: xcodebuild -project iosApp/iosApp.xcodeproj -scheme iosApp -configuration Debug -destination generic/platform=iOS -archivePath $RUNNER_TEMP/Tidy.xcarchive + - name: Build Artifact with Xcode + run: xcodebuild -project iosApp/iosApp.xcodeproj -scheme iosApp -configuration Debug -destination generic/platform=iOS -archivePath $RUNNER_TEMP/Tidy.xcarchive archive - name: Upload Archive Artifacts uses: actions/upload-artifact@v4 with: name: iOS Archive - path: $RUNNER_TEMP/Tidy/**/*.xcarchive + path: ${{ runner.temp }}/**/*.xcarchive # Only run the following steps when a push event occurs on main branch - - name: Build App Artifact with Xcode + - name: Build IPA Artifact with Xcode if: github.event_name == 'push' env: - EXPORT_OPTIONS_PLIST: ${{ secrets.IOS_EXPORT_OPTIONS }} + IOS_EXPORT_OPTIONS: ${{ secrets.IOS_EXPORT_OPTIONS }} run: | EXPORT_OPTS_PATH=$RUNNER_TEMP/ExportOptions.plist - echo -n "IOS_EXPORT_OPTIONS" | base64 --decode -o $RUNNER_TEMP/exportOptions.plist - xcodebuild -archivePath $RUNNER_TEMP/iosApp.xcarchive - -exportArchive -exportPath '$RUNNER_TEMP/Tidy.app' - -exportOptionsPlist $RUNNER_TEMP/exportOptions.plist + echo -n "$IOS_EXPORT_OPTIONS" | base64 --decode -o $EXPORT_OPTS_PATH + xcodebuild -exportArchive -archivePath $RUNNER_TEMP/Tidy.xcarchive -exportPath $RUNNER_TEMP -exportOptionsPlist $EXPORT_OPTS_PATH - name: Upload to Github Artifacts if: github.event_name == 'push' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: app - path: $RUNNER_TEMP/**/*.app + path: ${{ runner.temp }}/**/*.ipa - - name: Copy App Store Private Key + - name: Upload to TestFlight if: github.event_name == 'push' env: IOS_APPSTORE_PRIVATE_KEY: ${{ secrets.IOS_APPSTORE_PRIVATE_KEY }} - run: echo -n "$IOS_APPSTORE_PRIVATE_KEY" | base64 --decode -o $RUNNER_TEMP/appstore_private_key.p8 + APPSTORE_API_KEY_ID: ${{ secrets.IOS_APPSTORE_API_KEY_ID }} + run: | + mkdir -p ./private_keys + echo "$IOS_APPSTORE_PRIVATE_KEY" | sed 's/[^A-Za-z0-9+/=]//g' | base64 --decode -o "./private_keys/AuthKey_$APPSTORE_API_KEY_ID.p8" + xcrun altool --validate-app -f ${{ runner.temp }}/Tidy.ipa -t ios --apiKey "$APPSTORE_API_KEY_ID" --apiIssuer ${{ secrets.IOS_APPSTORE_ISSUER_ID }} + xcrun altool --upload-app -f ${{ runner.temp }}/Tidy.ipa -t ios --apiKey "$APPSTORE_API_KEY_ID" --apiIssuer ${{ secrets.IOS_APPSTORE_ISSUER_ID }} - - name: Upload app to TestFlight - if: github.event_name == 'push' - uses: apple-actions/upload-testflight-build@v1 - with: - app-path: $RUNNER_TEMP/Tidy.app - issuer-id: ${{ secrets.IOS_APPSTORE_ISSUER_ID }} - api-key-id: ${{ secrets.IOS_APPSTORE_API_KEY_ID }} - api-private-key: $RUNNER_TEMP/appstore_private_key.p8 +# - name: Upload app to TestFlight +# if: github.event_name == 'push' +# uses: apple-actions/upload-testflight-build@v1 +# with: +# app-path: $RUNNER_TEMP/Tidy.ipa +# issuer-id: ${{ secrets.IOS_APPSTORE_ISSUER_ID }} +# api-key-id: ${{ secrets.IOS_APPSTORE_API_KEY_ID }} +# api-private-key: $RUNNER_TEMP/appstore_private_key.p8