buzzert/Sybil-2
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

ios: ci: keychain cleanup

Browse Source
This commit is contained in:
James Magahern
2026-06-25 20:35:39 -07:00
parent 4365798f5e
commit fb28508764
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitea/workflows/testflight-release.yml
View File

@@ -11,6 +11,8 @@ permissions:
jobs: jobs:
testflight: testflight:
runs-on: xcode runs-on: xcode
env:
SIGNING_KEYCHAIN: sybil_signing_temp
defaults: defaults:
run: run:
@@ -74,7 +76,7 @@ jobs:
with: with:
p12-file-base64: ${{ secrets.APPSTORE_CERTIFICATES_FILE_BASE64 }} p12-file-base64: ${{ secrets.APPSTORE_CERTIFICATES_FILE_BASE64 }}
p12-password: ${{ secrets.APPSTORE_CERTIFICATES_PASSWORD }} p12-password: ${{ secrets.APPSTORE_CERTIFICATES_PASSWORD }}
keychain: ${{ env.HOME }}/Library/Keychains/signing_temp keychain: ${{ env.SIGNING_KEYCHAIN }}
- name: Create fastlane environment - name: Create fastlane environment
working-directory: ios working-directory: ios
@@ -186,3 +188,8 @@ jobs:
"${api_url}/repos/${repository}/releases/${release_id}/assets?name=${asset_name}" >/dev/null "${api_url}/repos/${repository}/releases/${release_id}/assets?name=${asset_name}" >/dev/null
echo "Published ${IPA_NAME} to ${release_name}" echo "Published ${IPA_NAME} to ${release_name}"
- name: Clean up temporary keychain
if: always()
run: |
security delete-keychain "${SIGNING_KEYCHAIN}.keychain"

3
ios/fastlane/CI.md
View File

@@ -16,7 +16,8 @@ git push origin release/v1.10.0
The release job runs on the `xcode` runner label, imports the signing p12 with The release job runs on the `xcode` runner label, imports the signing p12 with
`Apple-Actions/import-codesign-certs`, builds and uploads the app with fastlane, `Apple-Actions/import-codesign-certs`, builds and uploads the app with fastlane,
then creates or updates the matching Gitea release with the generated IPA as an then creates or updates the matching Gitea release with the generated IPA as an
asset. asset. The job deletes the temporary signing keychain in an `always()` cleanup
step.
Required repository secrets: Required repository secrets: