require "shellwords" default_platform(:ios) APP_IDENTIFIER = "net.buzzert.sybil2" SCHEME = "Sybil" TEAM_ID = "DQQH5H6GBD" PROFILE_NAME = "Sybil AppStore CI" CI_KEYCHAIN_NAME = "sybil_ci_keychain" CI_KEYCHAIN_PASSWORD = "sybil-ci-keychain-password" CI_KEYCHAIN_DB_PATH = File.expand_path("~/Library/Keychains/#{CI_KEYCHAIN_NAME}-db") IOS_ROOT = File.expand_path("..", __dir__) PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj") PROJECT_SPEC = File.join(IOS_ROOT, "project.yml") def present?(value) !value.to_s.strip.empty? end def ci? present?(ENV["CI"]) end def release_version tag = ENV["SYBIL_VERSION_TAG"] tag = ENV["GITHUB_REF_NAME"] if !present?(tag) tag = ENV["GITHUB_REF"].to_s.sub(%r{\Arefs/tags/}, "") if !present?(tag) tag = sh("git describe --tags --abbrev=0").strip if !present?(tag) match = tag.to_s.match(%r{\Arelease/ios/v(\d+\.\d+\.\d+)\z}) unless match UI.user_error!("Release tag must look like release/ios/v1.2.3; got #{tag.inspect}") end match[1] end # App Store Connect requires CFBundleVersion to be unique and strictly # increasing app-wide (not just per marketing version), so we derive it from # the monotonic CI run number rather than querying TestFlight (that query can # lag behind builds still processing and hand back a colliding value). def build_number value = present?(ENV["SYBIL_BUILD_NUMBER"]) ? ENV["SYBIL_BUILD_NUMBER"] : ENV["GITHUB_RUN_NUMBER"] unless value.to_s.match?(/\A\d+\z/) UI.user_error!("Build number must come from SYBIL_BUILD_NUMBER/GITHUB_RUN_NUMBER; got #{value.inspect}") end value.to_i end platform :ios do private_lane :app_store_api_key do app_store_connect_api_key( key_id: ENV.fetch("APP_STORE_CONNECT_KEY_ID"), issuer_id: ENV.fetch("APP_STORE_CONNECT_ISSUER_ID"), key_content: ENV.fetch("APP_STORE_CONNECT_KEY_CONTENT"), is_key_content_base64: true ) end # CI has no login keychain, so create a dedicated throwaway one for match to # import the distribution cert into. The runner's launchd job sets # SessionCreate, so add_to_search_list actually makes it visible to xcodebuild. private_lane :prepare_ci_keychain do next unless ci? delete_keychain(name: CI_KEYCHAIN_NAME) if File.file?(CI_KEYCHAIN_DB_PATH) create_keychain( name: CI_KEYCHAIN_NAME, password: CI_KEYCHAIN_PASSWORD, unlock: true, timeout: 3600, add_to_search_list: true ) ENV["MATCH_KEYCHAIN_NAME"] = CI_KEYCHAIN_NAME ENV["MATCH_KEYCHAIN_PASSWORD"] = CI_KEYCHAIN_PASSWORD end private_lane :sync_signing do |options| match( type: "appstore", readonly: options.fetch(:readonly), app_identifier: APP_IDENTIFIER, team_id: TEAM_ID, profile_name: PROFILE_NAME, git_url: ENV.fetch("MATCH_GIT_URL"), git_branch: "master", git_full_name: "Sybil Release Bot", git_user_email: "james.magahern@me.com", api_key: options.fetch(:api_key) ) end desc "Create or update match signing assets" lane :setup_signing do sync_signing(api_key: app_store_api_key, readonly: false) end desc "Build and upload to TestFlight" lane :beta do prepare_ci_keychain api_key = app_store_api_key sh("xcodegen", "--spec", PROJECT_SPEC) increment_version_number(version_number: release_version, xcodeproj: PROJECT_FILE) increment_build_number(build_number: build_number, xcodeproj: PROJECT_FILE) sync_signing(api_key: api_key, readonly: true) build_app( project: PROJECT_FILE, scheme: SCHEME, export_method: "app-store", codesigning_identity: "Apple Distribution", xcargs: [ "DEVELOPMENT_TEAM=#{TEAM_ID.shellescape}", "CODE_SIGN_STYLE=Manual", "CODE_SIGN_IDENTITY=Apple\\ Distribution", "PROVISIONING_PROFILE_SPECIFIER=#{PROFILE_NAME.shellescape}" ].join(" "), export_options: { signingStyle: "manual", teamID: TEAM_ID, provisioningProfiles: { APP_IDENTIFIER => PROFILE_NAME } } ) upload_to_testflight( api_key: api_key, skip_waiting_for_build_processing: true ) end end