2026-06-05 23:19:14 -07:00
|
|
|
require "dotenv"
|
2026-06-25 20:51:01 -07:00
|
|
|
require "base64"
|
|
|
|
|
require "fileutils"
|
2026-06-05 23:19:14 -07:00
|
|
|
require "open3"
|
2026-06-25 20:51:01 -07:00
|
|
|
require "securerandom"
|
2026-06-05 23:19:14 -07:00
|
|
|
require "shellwords"
|
|
|
|
|
require "yaml"
|
|
|
|
|
|
|
|
|
|
Dotenv.load(File.expand_path("../.env", __dir__))
|
|
|
|
|
|
|
|
|
|
default_platform(:ios)
|
|
|
|
|
|
|
|
|
|
APP_IDENTIFIER = ENV.fetch("FASTLANE_APP_IDENTIFIER", "net.buzzert.sybil2")
|
|
|
|
|
TEAM_ID = ENV.fetch("FASTLANE_TEAM_ID", "DQQH5H6GBD")
|
|
|
|
|
APP_STORE_APPLE_ID = ENV.fetch("SYBIL_APP_STORE_APPLE_ID", "6759442828")
|
|
|
|
|
PROVIDER_PUBLIC_ID = ENV.fetch("SYBIL_PROVIDER_PUBLIC_ID", "c043d167-ad88-4036-84ea-76c223f1b1b2")
|
2026-06-25 20:51:01 -07:00
|
|
|
PROFILE_SPECIFIER = ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"].to_s.strip.empty? ? "Sybil AppStore CI" : ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"]
|
2026-06-05 23:19:14 -07:00
|
|
|
IOS_ROOT = File.expand_path("..", __dir__)
|
|
|
|
|
PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj")
|
|
|
|
|
PROJECT_SPEC = File.join(IOS_ROOT, "project.yml")
|
|
|
|
|
APP_SPEC = File.join(IOS_ROOT, "Apps/Sybil/project.yml")
|
2026-06-25 20:51:01 -07:00
|
|
|
SIGNING_OUTPUT_DIR = File.join(IOS_ROOT, "build/signing")
|
2026-06-05 23:19:14 -07:00
|
|
|
SCHEME = "Sybil"
|
|
|
|
|
TARGET = "SybilApp"
|
|
|
|
|
|
|
|
|
|
def present?(value)
|
|
|
|
|
!value.to_s.strip.empty?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def capture(command)
|
|
|
|
|
stdout, stderr, status = Open3.capture3(command)
|
|
|
|
|
return stdout.strip if status.success?
|
|
|
|
|
|
|
|
|
|
UI.user_error!("Command failed: #{command}\n#{stderr.strip}")
|
|
|
|
|
end
|
|
|
|
|
|
2026-06-25 20:51:01 -07:00
|
|
|
def run_silent(*command, error_message:)
|
|
|
|
|
_stdout, stderr, status = Open3.capture3(*command)
|
|
|
|
|
return if status.success?
|
|
|
|
|
|
|
|
|
|
UI.user_error!("#{error_message}\n#{stderr.strip}")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def user_keychains
|
|
|
|
|
capture("security list-keychains -d user").lines.map { |line| line.strip.delete('"') }.reject(&:empty?)
|
|
|
|
|
end
|
|
|
|
|
|
2026-06-05 23:19:14 -07:00
|
|
|
def app_project_settings
|
|
|
|
|
YAML.safe_load(File.read(APP_SPEC)).fetch("targets").fetch(TARGET).fetch("settings").fetch("base")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def local_marketing_version
|
|
|
|
|
app_project_settings.fetch("MARKETING_VERSION").to_s
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def local_build_number
|
|
|
|
|
app_project_settings.fetch("CURRENT_PROJECT_VERSION").to_i
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def normalize_version_tag(tag)
|
2026-06-25 19:30:58 -07:00
|
|
|
version = tag.to_s.strip.sub(%r{\Arelease/}, "").sub(/\Av/, "")
|
|
|
|
|
unless version.match?(/\A\d+\.\d+\.\d+\z/)
|
|
|
|
|
UI.user_error!("Release tag #{tag.inspect} must look like release/v1.10.0")
|
2026-06-05 23:19:14 -07:00
|
|
|
end
|
|
|
|
|
version
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def release_version
|
|
|
|
|
tag = ENV["SYBIL_VERSION_TAG"]
|
|
|
|
|
tag = capture("git describe --tags --abbrev=0") unless present?(tag)
|
|
|
|
|
normalize_version_tag(tag)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def xcode_build_setting(key, value)
|
|
|
|
|
"#{key}=#{value.to_s.shellescape}"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def app_store_connect_key_options
|
|
|
|
|
key_id = ENV["APP_STORE_CONNECT_API_KEY_ID"]
|
|
|
|
|
issuer_id = ENV["APP_STORE_CONNECT_API_ISSUER_ID"]
|
2026-06-25 20:51:01 -07:00
|
|
|
issuer_id = ENV["APP_STORE_CONNECT_API_KEY_ISSUER_ID"] unless present?(issuer_id)
|
2026-06-05 23:19:14 -07:00
|
|
|
return nil unless present?(key_id) && present?(issuer_id)
|
|
|
|
|
|
|
|
|
|
key_path = ENV["APP_STORE_CONNECT_API_KEY_PATH"]
|
|
|
|
|
key_content = ENV["APP_STORE_CONNECT_API_KEY_CONTENT"]
|
|
|
|
|
if present?(key_path)
|
|
|
|
|
{
|
|
|
|
|
key_id: key_id,
|
|
|
|
|
issuer_id: issuer_id,
|
|
|
|
|
key_filepath: key_path
|
|
|
|
|
}
|
|
|
|
|
elsif present?(key_content)
|
|
|
|
|
{
|
|
|
|
|
key_id: key_id,
|
|
|
|
|
issuer_id: issuer_id,
|
|
|
|
|
key_content: key_content,
|
|
|
|
|
is_key_content_base64: ENV["APP_STORE_CONNECT_API_KEY_CONTENT_BASE64"].to_s == "true"
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
platform :ios do
|
2026-06-25 20:51:01 -07:00
|
|
|
private_lane :load_app_store_connect_api_key do
|
|
|
|
|
options = app_store_connect_key_options
|
|
|
|
|
UI.user_error!("App Store Connect API key is required") unless options
|
|
|
|
|
|
|
|
|
|
app_store_connect_api_key(options)
|
|
|
|
|
end
|
|
|
|
|
|
2026-06-05 23:19:14 -07:00
|
|
|
desc "Show the version Fastlane will stamp into the next TestFlight archive"
|
|
|
|
|
lane :version do
|
|
|
|
|
UI.message("Git tag version: #{release_version}")
|
|
|
|
|
UI.message("Checked-in app version: #{local_marketing_version}")
|
|
|
|
|
UI.message("Checked-in build number: #{local_build_number}")
|
|
|
|
|
end
|
|
|
|
|
|
2026-06-25 20:51:01 -07:00
|
|
|
desc "Create CI signing certificate/profile and write ignored secret material under build/signing"
|
|
|
|
|
lane :create_ci_signing do
|
|
|
|
|
api_key = load_app_store_connect_api_key
|
|
|
|
|
|
|
|
|
|
FileUtils.rm_rf(SIGNING_OUTPUT_DIR)
|
|
|
|
|
FileUtils.mkdir_p(SIGNING_OUTPUT_DIR)
|
|
|
|
|
|
|
|
|
|
keychain_path = File.join(SIGNING_OUTPUT_DIR, "sybil_ci_signing.keychain-db")
|
|
|
|
|
keychain_password = SecureRandom.base64(24)
|
|
|
|
|
p12_password = ENV["SYBIL_CI_P12_PASSWORD"].to_s
|
|
|
|
|
if p12_password.empty?
|
|
|
|
|
p12_password = SecureRandom.base64(24)
|
|
|
|
|
UI.important("Generated a p12 password for CI secrets.")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
run_silent(
|
|
|
|
|
"security", "create-keychain", "-p", keychain_password, keychain_path,
|
|
|
|
|
error_message: "Could not create temporary signing keychain"
|
|
|
|
|
)
|
|
|
|
|
run_silent(
|
|
|
|
|
"security", "set-keychain-settings", "-lut", "21600", keychain_path,
|
|
|
|
|
error_message: "Could not configure temporary signing keychain"
|
|
|
|
|
)
|
|
|
|
|
run_silent(
|
|
|
|
|
"security", "unlock-keychain", "-p", keychain_password, keychain_path,
|
|
|
|
|
error_message: "Could not unlock temporary signing keychain"
|
|
|
|
|
)
|
|
|
|
|
run_silent(
|
|
|
|
|
"security", "list-keychains", "-d", "user", "-s", keychain_path, *user_keychains,
|
|
|
|
|
error_message: "Could not add temporary signing keychain to the user search list"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
cert(
|
|
|
|
|
api_key: api_key,
|
|
|
|
|
development: false,
|
|
|
|
|
force: true,
|
|
|
|
|
generate_apple_certs: true,
|
|
|
|
|
keychain_password: keychain_password,
|
|
|
|
|
keychain_path: keychain_path,
|
|
|
|
|
output_path: SIGNING_OUTPUT_DIR,
|
|
|
|
|
platform: "ios"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
cert_id = lane_context[SharedValues::CERT_CERTIFICATE_ID]
|
|
|
|
|
UI.user_error!("Could not resolve generated certificate id") unless present?(cert_id)
|
|
|
|
|
|
|
|
|
|
sigh(
|
|
|
|
|
api_key: api_key,
|
|
|
|
|
app_identifier: APP_IDENTIFIER,
|
|
|
|
|
cert_id: cert_id,
|
|
|
|
|
filename: "Sybil_AppStore_CI.mobileprovision",
|
|
|
|
|
force: true,
|
|
|
|
|
output_path: SIGNING_OUTPUT_DIR,
|
|
|
|
|
platform: "ios",
|
|
|
|
|
provisioning_name: PROFILE_SPECIFIER
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
profile_path = lane_context[SharedValues::SIGH_PROFILE_PATH]
|
|
|
|
|
UI.user_error!("Could not resolve generated provisioning profile path") unless present?(profile_path) && File.exist?(profile_path)
|
|
|
|
|
|
|
|
|
|
p12_path = File.join(SIGNING_OUTPUT_DIR, "appstore-signing.p12")
|
|
|
|
|
run_silent(
|
|
|
|
|
"security", "export", "-k", keychain_path, "-t", "identities", "-f", "pkcs12", "-P", p12_password, "-o", p12_path,
|
|
|
|
|
error_message: "Could not export the CI signing identity"
|
|
|
|
|
)
|
|
|
|
|
UI.user_error!("Could not find exported p12 at #{p12_path}") unless File.exist?(p12_path)
|
|
|
|
|
|
|
|
|
|
secrets_path = File.join(SIGNING_OUTPUT_DIR, "ci-secrets.env")
|
|
|
|
|
File.write(
|
|
|
|
|
secrets_path,
|
|
|
|
|
[
|
|
|
|
|
"APPSTORE_CERTIFICATES_FILE_BASE64=#{Base64.strict_encode64(File.binread(p12_path))}",
|
|
|
|
|
"APPSTORE_CERTIFICATES_PASSWORD=#{p12_password}",
|
|
|
|
|
"APPSTORE_PROVISIONING_PROFILE_BASE64=#{Base64.strict_encode64(File.binread(profile_path))}",
|
|
|
|
|
"SYBIL_PROVISIONING_PROFILE_SPECIFIER=#{PROFILE_SPECIFIER}"
|
|
|
|
|
].join("\n") + "\n"
|
|
|
|
|
)
|
|
|
|
|
ensure
|
|
|
|
|
system("security", "delete-keychain", keychain_path, out: File::NULL, err: File::NULL) if File.exist?(keychain_path)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
UI.success("Created CI signing files in #{SIGNING_OUTPUT_DIR}")
|
|
|
|
|
UI.important("Add the values from #{secrets_path} as repository secrets.")
|
|
|
|
|
end
|
|
|
|
|
|
2026-06-05 23:19:14 -07:00
|
|
|
desc "Build Sybil and upload it to TestFlight"
|
|
|
|
|
lane :beta do
|
|
|
|
|
version = release_version
|
|
|
|
|
build_number = ENV["SYBIL_BUILD_NUMBER"].to_s
|
2026-06-25 20:51:01 -07:00
|
|
|
api_key = load_app_store_connect_api_key
|
2026-06-05 23:19:14 -07:00
|
|
|
|
|
|
|
|
unless present?(build_number)
|
|
|
|
|
build_number = (local_build_number + 1).to_s
|
|
|
|
|
|
2026-06-25 20:51:01 -07:00
|
|
|
begin
|
|
|
|
|
latest = latest_testflight_build_number(
|
|
|
|
|
app_identifier: APP_IDENTIFIER,
|
|
|
|
|
version: version,
|
|
|
|
|
api_key: api_key,
|
|
|
|
|
initial_build_number: local_build_number
|
|
|
|
|
).to_i
|
|
|
|
|
build_number = [latest + 1, local_build_number + 1].max.to_s
|
|
|
|
|
rescue StandardError => e
|
|
|
|
|
UI.important("Could not look up TestFlight build number: #{e.message}")
|
|
|
|
|
UI.important("Using checked-in build number + 1: #{build_number}")
|
2026-06-05 23:19:14 -07:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
UI.user_error!("Build number must be a positive integer") unless build_number.match?(/\A[1-9]\d*\z/)
|
|
|
|
|
|
|
|
|
|
sh("xcodegen --spec #{PROJECT_SPEC.shellescape}")
|
|
|
|
|
|
|
|
|
|
xcode_args = [
|
|
|
|
|
xcode_build_setting("MARKETING_VERSION", version),
|
2026-06-25 20:51:01 -07:00
|
|
|
xcode_build_setting("CURRENT_PROJECT_VERSION", build_number),
|
|
|
|
|
xcode_build_setting("CODE_SIGN_STYLE", "Manual"),
|
|
|
|
|
xcode_build_setting("DEVELOPMENT_TEAM", TEAM_ID),
|
|
|
|
|
xcode_build_setting("PROVISIONING_PROFILE_SPECIFIER", PROFILE_SPECIFIER),
|
|
|
|
|
xcode_build_setting("CODE_SIGN_IDENTITY", "Apple Distribution")
|
2026-06-05 23:19:14 -07:00
|
|
|
].join(" ")
|
|
|
|
|
|
|
|
|
|
ipa_path = build_app(
|
|
|
|
|
project: PROJECT_FILE,
|
|
|
|
|
scheme: SCHEME,
|
|
|
|
|
clean: true,
|
|
|
|
|
sdk: "iphoneos",
|
|
|
|
|
export_method: "app-store",
|
|
|
|
|
output_directory: File.join(IOS_ROOT, "build/fastlane"),
|
|
|
|
|
output_name: "Sybil-#{version}-#{build_number}.ipa",
|
|
|
|
|
xcargs: xcode_args,
|
|
|
|
|
export_options: {
|
2026-06-25 20:51:01 -07:00
|
|
|
method: "app-store",
|
2026-06-05 23:19:14 -07:00
|
|
|
destination: "export",
|
2026-06-25 20:51:01 -07:00
|
|
|
signingStyle: "manual",
|
|
|
|
|
provisioningProfiles: {
|
|
|
|
|
APP_IDENTIFIER => PROFILE_SPECIFIER
|
|
|
|
|
},
|
2026-06-05 23:19:14 -07:00
|
|
|
teamID: TEAM_ID,
|
|
|
|
|
manageAppVersionAndBuildNumber: false,
|
|
|
|
|
uploadSymbols: true,
|
|
|
|
|
stripSwiftSymbols: true
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
ipa_path ||= lane_context[SharedValues::IPA_OUTPUT_PATH]
|
|
|
|
|
UI.user_error!("IPA export failed; no IPA path was returned") unless present?(ipa_path) && File.exist?(ipa_path)
|
|
|
|
|
|
2026-06-25 20:51:01 -07:00
|
|
|
upload_to_testflight(
|
|
|
|
|
api_key: api_key,
|
|
|
|
|
app_identifier: APP_IDENTIFIER,
|
|
|
|
|
ipa: ipa_path,
|
|
|
|
|
skip_waiting_for_build_processing: true
|
|
|
|
|
)
|
2026-06-05 23:19:14 -07:00
|
|
|
end
|
|
|
|
|
end
|
