Compare commits
3 Commits
release/v1
...
release/v1
| Author | SHA1 | Date | |
|---|---|---|---|
| 0ae551615f | |||
| 88bef50ae7 | |||
| 0d069b4233 |
@@ -91,8 +91,7 @@ jobs:
|
|||||||
developer_dir="$(xcode-select -p)"
|
developer_dir="$(xcode-select -p)"
|
||||||
signing_dir="$(mktemp -d "${RUNNER_TEMP:-${TMPDIR:-/tmp}}/sybil-signing.XXXXXX")"
|
signing_dir="$(mktemp -d "${RUNNER_TEMP:-${TMPDIR:-/tmp}}/sybil-signing.XXXXXX")"
|
||||||
mkdir -p "${HOME}/Library/Keychains"
|
mkdir -p "${HOME}/Library/Keychains"
|
||||||
keychain_dir="$(cd "${HOME}/Library/Keychains" && pwd -P)"
|
keychain_name="${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}-${GITHUB_RUN_ID:-$(uuidgen)}.keychain"
|
||||||
keychain_path="${keychain_dir}/${SIGNING_KEYCHAIN}-${GITHUB_RUN_ID:-$(uuidgen)}.keychain-db"
|
|
||||||
certificate_path="${signing_dir}/appstore-signing.p12"
|
certificate_path="${signing_dir}/appstore-signing.p12"
|
||||||
wwdr_certificate_path="${signing_dir}/AppleWWDRCAG3.cer"
|
wwdr_certificate_path="${signing_dir}/AppleWWDRCAG3.cer"
|
||||||
profile_path="${signing_dir}/Sybil_AppStore_CI.mobileprovision"
|
profile_path="${signing_dir}/Sybil_AppStore_CI.mobileprovision"
|
||||||
@@ -124,35 +123,37 @@ jobs:
|
|||||||
base_keychains+=("${existing_keychain}")
|
base_keychains+=("${existing_keychain}")
|
||||||
done < <(security list-keychains -d user | sed 's/[ "]//g')
|
done < <(security list-keychains -d user | sed 's/[ "]//g')
|
||||||
|
|
||||||
security delete-keychain "${keychain_path}" >/dev/null 2>&1 || true
|
security delete-keychain "${keychain_name}" >/dev/null 2>&1 || true
|
||||||
rm -f "${keychain_path}"
|
rm -f "${HOME}/Library/Keychains/${keychain_name}-db"
|
||||||
security create-keychain -p "${keychain_password}" "${keychain_path}"
|
security create-keychain -p "${keychain_password}" "${keychain_name}"
|
||||||
security set-keychain-settings -lut 21600 "${keychain_path}"
|
security set-keychain-settings -lut 21600 "${keychain_name}"
|
||||||
security unlock-keychain -p "${keychain_password}" "${keychain_path}"
|
security unlock-keychain -p "${keychain_password}" "${keychain_name}"
|
||||||
security import "${wwdr_certificate_path}" \
|
security import "${wwdr_certificate_path}" \
|
||||||
-k "${keychain_path}" \
|
-k "${keychain_name}" \
|
||||||
-T /usr/bin/codesign \
|
-T /usr/bin/codesign \
|
||||||
-T /usr/bin/security \
|
-T /usr/bin/security \
|
||||||
-T /usr/bin/xcodebuild
|
-T /usr/bin/xcodebuild
|
||||||
security import "${certificate_path}" \
|
security import "${certificate_path}" \
|
||||||
-k "${keychain_path}" \
|
-k "${keychain_name}" \
|
||||||
-P "${APPSTORE_CERTIFICATES_PASSWORD}" \
|
-P "${APPSTORE_CERTIFICATES_PASSWORD}" \
|
||||||
-T /usr/bin/codesign \
|
-T /usr/bin/codesign \
|
||||||
-T /usr/bin/security \
|
-T /usr/bin/security \
|
||||||
-T /usr/bin/xcodebuild \
|
-T /usr/bin/xcodebuild \
|
||||||
-T "${developer_dir}/usr/bin/xcodebuild"
|
-T "${developer_dir}/usr/bin/xcodebuild"
|
||||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${keychain_password}" "${keychain_path}"
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${keychain_password}" "${keychain_name}"
|
||||||
if [[ "${#base_keychains[@]}" -gt 0 ]]; then
|
if [[ "${#base_keychains[@]}" -gt 0 ]]; then
|
||||||
security list-keychains -d user -s "${keychain_path}" "${base_keychains[@]}"
|
security list-keychains -d user -s "${keychain_name}" "${base_keychains[@]}"
|
||||||
else
|
else
|
||||||
security list-keychains -d user -s "${keychain_path}"
|
security list-keychains -d user -s "${keychain_name}"
|
||||||
fi
|
fi
|
||||||
security default-keychain -d user -s "${keychain_path}"
|
security default-keychain -d user -s "${keychain_name}"
|
||||||
|
keychain_path="$(security list-keychains -d user | sed 's/[ "]//g' | head -n 1)"
|
||||||
security find-identity -v -p codesigning "${keychain_path}"
|
security find-identity -v -p codesigning "${keychain_path}"
|
||||||
security find-identity -v -p codesigning
|
security find-identity -v -p codesigning
|
||||||
echo "Installed ${profile_name} (${profile_uuid}) provisioning profile"
|
echo "Installed ${profile_name} (${profile_uuid}) provisioning profile"
|
||||||
{
|
{
|
||||||
echo "SYBIL_SIGNING_KEYCHAIN_PATH=${keychain_path}"
|
echo "SYBIL_SIGNING_KEYCHAIN_PATH=${keychain_path}"
|
||||||
|
echo "SYBIL_SIGNING_KEYCHAIN_NAME=${keychain_name}"
|
||||||
echo "SYBIL_SIGNING_KEYCHAIN_PASSWORD=${keychain_password}"
|
echo "SYBIL_SIGNING_KEYCHAIN_PASSWORD=${keychain_password}"
|
||||||
echo "SYBIL_PREVIOUS_DEFAULT_KEYCHAIN=${previous_default_keychain}"
|
echo "SYBIL_PREVIOUS_DEFAULT_KEYCHAIN=${previous_default_keychain}"
|
||||||
echo "SYBIL_PROVISIONING_PROFILE_UUID=${profile_uuid}"
|
echo "SYBIL_PROVISIONING_PROFILE_UUID=${profile_uuid}"
|
||||||
|
|||||||
@@ -7,7 +7,8 @@ SYBIL_PROVIDER_PUBLIC_ID=c043d167-ad88-4036-84ea-76c223f1b1b2
|
|||||||
SYBIL_PROVISIONING_PROFILE_SPECIFIER=Sybil AppStore CI
|
SYBIL_PROVISIONING_PROFILE_SPECIFIER=Sybil AppStore CI
|
||||||
SYBIL_PROVISIONING_PROFILE_UUID=
|
SYBIL_PROVISIONING_PROFILE_UUID=
|
||||||
SYBIL_CODE_SIGN_IDENTITY=Apple Distribution: James Magahern (DQQH5H6GBD)
|
SYBIL_CODE_SIGN_IDENTITY=Apple Distribution: James Magahern (DQQH5H6GBD)
|
||||||
SYBIL_XCODE_CODE_SIGN_IDENTITY=Apple Distribution
|
SYBIL_XCODE_CODE_SIGN_IDENTITY=6B74B268C4761720FB2051D01D8BB3E47B55D9F5
|
||||||
|
SYBIL_EXPORT_SIGNING_CERTIFICATE=Apple Distribution
|
||||||
SYBIL_SIGNING_CERTIFICATE_ID=
|
SYBIL_SIGNING_CERTIFICATE_ID=
|
||||||
SYBIL_SIGNING_KEYCHAIN=
|
SYBIL_SIGNING_KEYCHAIN=
|
||||||
|
|
||||||
|
|||||||
@@ -47,8 +47,9 @@ default.
|
|||||||
|
|
||||||
Fastlane keeps two signing names separate. `SYBIL_CODE_SIGN_IDENTITY` is the
|
Fastlane keeps two signing names separate. `SYBIL_CODE_SIGN_IDENTITY` is the
|
||||||
exact certificate common name used when exporting a local p12 for secrets, while
|
exact certificate common name used when exporting a local p12 for secrets, while
|
||||||
`SYBIL_XCODE_CODE_SIGN_IDENTITY` defaults to the generic `Apple Distribution`
|
`SYBIL_XCODE_CODE_SIGN_IDENTITY` defaults to the certificate SHA-1 fingerprint
|
||||||
selector that Xcode uses during archive/export.
|
that Xcode uses during archive. `SYBIL_EXPORT_SIGNING_CERTIFICATE` defaults to
|
||||||
|
the generic `Apple Distribution` selector used in the export options.
|
||||||
|
|
||||||
The Release signing settings are also present in `Apps/Sybil/project.yml` so
|
The Release signing settings are also present in `Apps/Sybil/project.yml` so
|
||||||
XcodeGen emits a manually signed App Store archive configuration. CI passes the
|
XcodeGen emits a manually signed App Store archive configuration. CI passes the
|
||||||
|
|||||||
@@ -20,7 +20,8 @@ APP_STORE_APPLE_ID = ENV.fetch("SYBIL_APP_STORE_APPLE_ID", "6759442828")
|
|||||||
PROVIDER_PUBLIC_ID = ENV.fetch("SYBIL_PROVIDER_PUBLIC_ID", "c043d167-ad88-4036-84ea-76c223f1b1b2")
|
PROVIDER_PUBLIC_ID = ENV.fetch("SYBIL_PROVIDER_PUBLIC_ID", "c043d167-ad88-4036-84ea-76c223f1b1b2")
|
||||||
PROFILE_SPECIFIER = ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"].to_s.strip.empty? ? "Sybil AppStore CI" : ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"]
|
PROFILE_SPECIFIER = ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"].to_s.strip.empty? ? "Sybil AppStore CI" : ENV["SYBIL_PROVISIONING_PROFILE_SPECIFIER"]
|
||||||
SIGNING_CERTIFICATE_NAME = ENV["SYBIL_CODE_SIGN_IDENTITY"].to_s.strip.empty? ? "Apple Distribution: James Magahern (DQQH5H6GBD)" : ENV["SYBIL_CODE_SIGN_IDENTITY"]
|
SIGNING_CERTIFICATE_NAME = ENV["SYBIL_CODE_SIGN_IDENTITY"].to_s.strip.empty? ? "Apple Distribution: James Magahern (DQQH5H6GBD)" : ENV["SYBIL_CODE_SIGN_IDENTITY"]
|
||||||
XCODE_CODE_SIGN_IDENTITY = ENV["SYBIL_XCODE_CODE_SIGN_IDENTITY"].to_s.strip.empty? ? "Apple Distribution" : ENV["SYBIL_XCODE_CODE_SIGN_IDENTITY"]
|
XCODE_CODE_SIGN_IDENTITY = ENV["SYBIL_XCODE_CODE_SIGN_IDENTITY"].to_s.strip.empty? ? "6B74B268C4761720FB2051D01D8BB3E47B55D9F5" : ENV["SYBIL_XCODE_CODE_SIGN_IDENTITY"]
|
||||||
|
EXPORT_SIGNING_CERTIFICATE = ENV["SYBIL_EXPORT_SIGNING_CERTIFICATE"].to_s.strip.empty? ? "Apple Distribution" : ENV["SYBIL_EXPORT_SIGNING_CERTIFICATE"]
|
||||||
IOS_ROOT = File.expand_path("..", __dir__)
|
IOS_ROOT = File.expand_path("..", __dir__)
|
||||||
PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj")
|
PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj")
|
||||||
PROJECT_SPEC = File.join(IOS_ROOT, "project.yml")
|
PROJECT_SPEC = File.join(IOS_ROOT, "project.yml")
|
||||||
@@ -457,7 +458,7 @@ platform :ios do
|
|||||||
provisioningProfiles: {
|
provisioningProfiles: {
|
||||||
APP_IDENTIFIER => PROFILE_SPECIFIER
|
APP_IDENTIFIER => PROFILE_SPECIFIER
|
||||||
},
|
},
|
||||||
signingCertificate: XCODE_CODE_SIGN_IDENTITY,
|
signingCertificate: EXPORT_SIGNING_CERTIFICATE,
|
||||||
teamID: TEAM_ID,
|
teamID: TEAM_ID,
|
||||||
manageAppVersionAndBuildNumber: false,
|
manageAppVersionAndBuildNumber: false,
|
||||||
uploadSymbols: true,
|
uploadSymbols: true,
|
||||||
|
|||||||
Reference in New Issue
Block a user