Compare commits
2 Commits
release/v1
...
release/v1
| Author | SHA1 | Date | |
|---|---|---|---|
| f445730a41 | |||
| 76cb808c33 |
@@ -85,6 +85,7 @@ jobs:
|
|||||||
|
|
||||||
keychain_password="$(uuidgen)"
|
keychain_password="$(uuidgen)"
|
||||||
keychain_path="${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db"
|
keychain_path="${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db"
|
||||||
|
previous_default_keychain="$(security default-keychain -d user | sed 's/[ "]//g' || true)"
|
||||||
mkdir -p "${HOME}/Library/Keychains" "${HOME}/Library/MobileDevice/Provisioning Profiles" ios/build/secrets
|
mkdir -p "${HOME}/Library/Keychains" "${HOME}/Library/MobileDevice/Provisioning Profiles" ios/build/secrets
|
||||||
|
|
||||||
printf '%s' "${APPSTORE_CERTIFICATES_FILE_BASE64}" | base64 --decode > ios/build/secrets/appstore-signing.p12
|
printf '%s' "${APPSTORE_CERTIFICATES_FILE_BASE64}" | base64 --decode > ios/build/secrets/appstore-signing.p12
|
||||||
@@ -95,6 +96,7 @@ jobs:
|
|||||||
security set-keychain-settings -lut 21600 "${keychain_path}"
|
security set-keychain-settings -lut 21600 "${keychain_path}"
|
||||||
security unlock-keychain -p "${keychain_password}" "${keychain_path}"
|
security unlock-keychain -p "${keychain_password}" "${keychain_path}"
|
||||||
security list-keychains -d user -s "${keychain_path}" $(security list-keychains -d user | sed 's/[ "]//g')
|
security list-keychains -d user -s "${keychain_path}" $(security list-keychains -d user | sed 's/[ "]//g')
|
||||||
|
security default-keychain -d user -s "${keychain_path}"
|
||||||
security import ios/build/secrets/AppleWWDRCAG3.cer \
|
security import ios/build/secrets/AppleWWDRCAG3.cer \
|
||||||
-k "${keychain_path}" \
|
-k "${keychain_path}" \
|
||||||
-T /usr/bin/codesign \
|
-T /usr/bin/codesign \
|
||||||
@@ -111,6 +113,7 @@ jobs:
|
|||||||
{
|
{
|
||||||
echo "SYBIL_SIGNING_KEYCHAIN_PATH=${keychain_path}"
|
echo "SYBIL_SIGNING_KEYCHAIN_PATH=${keychain_path}"
|
||||||
echo "SYBIL_SIGNING_KEYCHAIN_PASSWORD=${keychain_password}"
|
echo "SYBIL_SIGNING_KEYCHAIN_PASSWORD=${keychain_password}"
|
||||||
|
echo "SYBIL_PREVIOUS_DEFAULT_KEYCHAIN=${previous_default_keychain}"
|
||||||
} >> "${GITHUB_ENV}"
|
} >> "${GITHUB_ENV}"
|
||||||
|
|
||||||
- name: Build and upload to TestFlight
|
- name: Build and upload to TestFlight
|
||||||
@@ -129,6 +132,7 @@ jobs:
|
|||||||
|
|
||||||
security unlock-keychain -p "${SYBIL_SIGNING_KEYCHAIN_PASSWORD}" "${SYBIL_SIGNING_KEYCHAIN_PATH}"
|
security unlock-keychain -p "${SYBIL_SIGNING_KEYCHAIN_PASSWORD}" "${SYBIL_SIGNING_KEYCHAIN_PATH}"
|
||||||
security list-keychains -d user -s "${SYBIL_SIGNING_KEYCHAIN_PATH}" $(security list-keychains -d user | sed 's/[ "]//g')
|
security list-keychains -d user -s "${SYBIL_SIGNING_KEYCHAIN_PATH}" $(security list-keychains -d user | sed 's/[ "]//g')
|
||||||
|
security default-keychain -d user -s "${SYBIL_SIGNING_KEYCHAIN_PATH}"
|
||||||
security find-identity -v -p codesigning "${SYBIL_SIGNING_KEYCHAIN_PATH}"
|
security find-identity -v -p codesigning "${SYBIL_SIGNING_KEYCHAIN_PATH}"
|
||||||
|
|
||||||
SYBIL_VERSION_TAG="${TAG_NAME}" bundle exec fastlane ios beta
|
SYBIL_VERSION_TAG="${TAG_NAME}" bundle exec fastlane ios beta
|
||||||
@@ -220,4 +224,7 @@ jobs:
|
|||||||
- name: Clean up temporary keychain
|
- name: Clean up temporary keychain
|
||||||
if: always()
|
if: always()
|
||||||
run: |
|
run: |
|
||||||
|
if [[ -n "${SYBIL_PREVIOUS_DEFAULT_KEYCHAIN:-}" ]]; then
|
||||||
|
security default-keychain -d user -s "${SYBIL_PREVIOUS_DEFAULT_KEYCHAIN}" || true
|
||||||
|
fi
|
||||||
security delete-keychain "${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db" || true
|
security delete-keychain "${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db" || true
|
||||||
|
|||||||
@@ -14,10 +14,12 @@ git push origin release/v1.10.0
|
|||||||
```
|
```
|
||||||
|
|
||||||
The release job runs on the `xcode` runner label, imports the signing p12 into
|
The release job runs on the `xcode` runner label, imports the signing p12 into
|
||||||
a temporary keychain, installs the App Store provisioning profile, builds and
|
a temporary per-user keychain, makes that keychain the user default for the
|
||||||
|
duration of the job, installs the App Store provisioning profile, builds and
|
||||||
uploads the app with fastlane, then creates or updates the matching Gitea
|
uploads the app with fastlane, then creates or updates the matching Gitea
|
||||||
release with the generated IPA as an asset. The job deletes the temporary
|
release with the generated IPA as an asset. The job restores the previous user
|
||||||
signing keychain in an `always()` cleanup step.
|
default keychain and deletes the temporary signing keychain in an `always()`
|
||||||
|
cleanup step.
|
||||||
|
|
||||||
Required repository secrets:
|
Required repository secrets:
|
||||||
|
|
||||||
|
|||||||
@@ -411,7 +411,8 @@ platform :ios do
|
|||||||
xcode_build_setting("CODE_SIGN_STYLE", "Manual"),
|
xcode_build_setting("CODE_SIGN_STYLE", "Manual"),
|
||||||
xcode_build_setting("DEVELOPMENT_TEAM", TEAM_ID),
|
xcode_build_setting("DEVELOPMENT_TEAM", TEAM_ID),
|
||||||
xcode_build_setting("PROVISIONING_PROFILE_SPECIFIER", PROFILE_SPECIFIER),
|
xcode_build_setting("PROVISIONING_PROFILE_SPECIFIER", PROFILE_SPECIFIER),
|
||||||
xcode_build_setting("CODE_SIGN_IDENTITY", XCODE_CODE_SIGN_IDENTITY)
|
xcode_build_setting("CODE_SIGN_IDENTITY", XCODE_CODE_SIGN_IDENTITY),
|
||||||
|
xcode_build_setting("CODE_SIGN_IDENTITY[sdk=iphoneos*]", XCODE_CODE_SIGN_IDENTITY)
|
||||||
]
|
]
|
||||||
if present?(ENV["SYBIL_SIGNING_KEYCHAIN_PATH"])
|
if present?(ENV["SYBIL_SIGNING_KEYCHAIN_PATH"])
|
||||||
xcode_args << xcode_build_setting("OTHER_CODE_SIGN_FLAGS", "--keychain #{ENV.fetch("SYBIL_SIGNING_KEYCHAIN_PATH")}")
|
xcode_args << xcode_build_setting("OTHER_CODE_SIGN_FLAGS", "--keychain #{ENV.fetch("SYBIL_SIGNING_KEYCHAIN_PATH")}")
|
||||||
|
|||||||
Reference in New Issue
Block a user