196 lines
6.5 KiB
Ruby
196 lines
6.5 KiB
Ruby
require "fileutils"
|
|
require "shellwords"
|
|
|
|
default_platform(:ios)
|
|
|
|
APP_IDENTIFIER = "net.buzzert.sybil2"
|
|
SCHEME = "Sybil"
|
|
TEAM_ID = "DQQH5H6GBD"
|
|
PROFILE_NAME = "Sybil AppStore CI"
|
|
SIGNING_IDENTITY_NAME = "Apple Distribution: James Magahern (DQQH5H6GBD)"
|
|
SIGNING_IDENTITY_SHA1 = "6B74B268C4761720FB2051D01D8BB3E47B55D9F5"
|
|
CI_KEYCHAIN_DIR = "/private/var/lib/act_runner/Library/Keychains"
|
|
CI_LOGIN_KEYCHAIN = File.join(CI_KEYCHAIN_DIR, "login.keychain")
|
|
CI_LOGIN_KEYCHAIN_DB = "#{CI_LOGIN_KEYCHAIN}-db"
|
|
CI_KEYCHAIN_PASSWORD = "sybil-ci-keychain-password"
|
|
MATCH_BRANCH = "master"
|
|
IOS_ROOT = File.expand_path("..", __dir__)
|
|
PROJECT_FILE = File.join(IOS_ROOT, "Sybil.xcodeproj")
|
|
PROJECT_SPEC = File.join(IOS_ROOT, "project.yml")
|
|
|
|
def present?(value)
|
|
!value.to_s.strip.empty?
|
|
end
|
|
|
|
def release_version
|
|
tag = ENV["SYBIL_VERSION_TAG"].to_s
|
|
tag = ENV["GITHUB_REF_NAME"].to_s if !present?(tag)
|
|
tag = ENV["GITHUB_REF"].to_s.sub(%r{\Arefs/tags/}, "") if !present?(tag)
|
|
tag = sh("git describe --tags --abbrev=0").strip if !present?(tag)
|
|
version = tag.sub(%r{\Arelease/}, "").sub(/\Av/, "")
|
|
|
|
unless version.match?(/\A\d+\.\d+\.\d+\z/)
|
|
UI.user_error!("Release tag must look like v1.2.3; got #{tag.inspect}")
|
|
end
|
|
|
|
version
|
|
end
|
|
|
|
def ci_login_keychain_path
|
|
return CI_LOGIN_KEYCHAIN_DB if ENV["CI"]
|
|
|
|
candidates = [
|
|
"/private/var/lib/act_runner/Library/Keychains/login.keychain-db",
|
|
"/var/lib/act_runner/Library/Keychains/login.keychain-db",
|
|
"/Users/runner/Library/Keychains/login.keychain-db",
|
|
File.expand_path("~/Library/Keychains/login.keychain-db"),
|
|
File.expand_path("~/Library/Keychains/login.keychain")
|
|
]
|
|
existing_candidate = candidates.find { |path| File.file?(path) }
|
|
return existing_candidate if existing_candidate
|
|
|
|
keychains = sh("security list-keychains -d user", log: false).shellsplit
|
|
keychains.find { |path| File.basename(path).start_with?("login.keychain") } || keychains.first || "login.keychain"
|
|
end
|
|
|
|
platform :ios do
|
|
private_lane :cleanup_ci_signing_identity do
|
|
next unless ENV["CI"]
|
|
|
|
keychain_path = ENV["MATCH_KEYCHAIN_NAME"].to_s
|
|
keychain_path = ci_login_keychain_path unless present?(keychain_path)
|
|
|
|
sh("security delete-identity -Z #{SIGNING_IDENTITY_SHA1.shellescape} #{keychain_path.shellescape} || true", log: false)
|
|
end
|
|
|
|
private_lane :prepare_ci_keychain do
|
|
next unless ENV["CI"]
|
|
|
|
ENV["HOME"] = "/var/lib/act_runner"
|
|
FileUtils.mkdir_p(CI_KEYCHAIN_DIR)
|
|
unless File.file?(CI_LOGIN_KEYCHAIN_DB)
|
|
sh("security create-keychain -p #{CI_KEYCHAIN_PASSWORD.shellescape} #{CI_LOGIN_KEYCHAIN.shellescape}", log: false)
|
|
end
|
|
|
|
ENV["MATCH_KEYCHAIN_NAME"] = ci_login_keychain_path
|
|
ENV["MATCH_KEYCHAIN_PASSWORD"] = CI_KEYCHAIN_PASSWORD
|
|
sh("security unlock-keychain -p #{CI_KEYCHAIN_PASSWORD.shellescape} #{ENV.fetch("MATCH_KEYCHAIN_NAME").shellescape}", log: false)
|
|
sh("security set-keychain-settings -t 3600 #{ENV.fetch("MATCH_KEYCHAIN_NAME").shellescape}", log: false)
|
|
sh("security default-keychain -d user -s #{ENV.fetch("MATCH_KEYCHAIN_NAME").shellescape}", log: false)
|
|
sh("security login-keychain -d user -s #{ENV.fetch("MATCH_KEYCHAIN_NAME").shellescape} || true", log: false)
|
|
sh("security list-keychains -d user -s #{ENV.fetch("MATCH_KEYCHAIN_NAME").shellescape}", log: false)
|
|
cleanup_ci_signing_identity
|
|
end
|
|
|
|
private_lane :verify_ci_signing_identity do
|
|
next unless ENV["CI"]
|
|
|
|
keychain_path = ENV.fetch("MATCH_KEYCHAIN_NAME")
|
|
sh("security unlock-keychain -p #{ENV.fetch("MATCH_KEYCHAIN_PASSWORD").shellescape} #{keychain_path.shellescape}", log: false)
|
|
sh("security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{ENV.fetch("MATCH_KEYCHAIN_PASSWORD").shellescape} #{keychain_path.shellescape}", log: false)
|
|
|
|
identities = sh("security find-identity -v -p codesigning #{keychain_path.shellescape}", log: false)
|
|
UI.message(identities)
|
|
|
|
unless identities.include?(SIGNING_IDENTITY_NAME)
|
|
UI.user_error!("The runner login keychain does not contain the expected Apple Distribution signing identity")
|
|
end
|
|
end
|
|
|
|
private_lane :app_store_api_key do
|
|
app_store_connect_api_key(
|
|
key_id: ENV.fetch("APP_STORE_CONNECT_KEY_ID"),
|
|
issuer_id: ENV.fetch("APP_STORE_CONNECT_ISSUER_ID"),
|
|
key_content: ENV.fetch("APP_STORE_CONNECT_KEY_CONTENT"),
|
|
is_key_content_base64: true
|
|
)
|
|
end
|
|
|
|
private_lane :sync_match_signing do |options|
|
|
%w[
|
|
APP_STORE_CONNECT_API_KEY
|
|
APP_STORE_CONNECT_API_KEY_PATH
|
|
SIGH_API_KEY
|
|
SIGH_API_KEY_PATH
|
|
].each { |key| ENV.delete(key) }
|
|
|
|
match_options = {
|
|
type: "appstore",
|
|
readonly: options.fetch(:readonly),
|
|
app_identifier: APP_IDENTIFIER,
|
|
team_id: TEAM_ID,
|
|
profile_name: PROFILE_NAME,
|
|
git_branch: MATCH_BRANCH,
|
|
git_full_name: "Sybil Release Bot",
|
|
git_user_email: "james.magahern@me.com",
|
|
api_key: app_store_api_key
|
|
}
|
|
match_options[:git_url] = ENV.fetch("MATCH_GIT_URL")
|
|
match_options[:keychain_name] = ENV["MATCH_KEYCHAIN_NAME"] if present?(ENV["MATCH_KEYCHAIN_NAME"])
|
|
match_options[:keychain_password] = ENV["MATCH_KEYCHAIN_PASSWORD"] if present?(ENV["MATCH_KEYCHAIN_PASSWORD"])
|
|
|
|
match(match_options)
|
|
end
|
|
|
|
desc "Create or update match signing assets"
|
|
lane :setup_signing do
|
|
prepare_ci_keychain
|
|
sync_match_signing(readonly: false)
|
|
end
|
|
|
|
desc "Build and upload to TestFlight"
|
|
lane :beta do
|
|
prepare_ci_keychain
|
|
|
|
api_key = app_store_api_key
|
|
|
|
sh("xcodegen --spec #{PROJECT_SPEC.shellescape}")
|
|
|
|
increment_version_number(
|
|
version_number: release_version,
|
|
xcodeproj: PROJECT_FILE
|
|
)
|
|
|
|
latest_build_number = latest_testflight_build_number(
|
|
app_identifier: APP_IDENTIFIER,
|
|
api_key: api_key,
|
|
initial_build_number: 0
|
|
)
|
|
|
|
increment_build_number(
|
|
build_number: latest_build_number + 1,
|
|
xcodeproj: PROJECT_FILE
|
|
)
|
|
|
|
build_options = {
|
|
project: PROJECT_FILE,
|
|
scheme: SCHEME,
|
|
export_method: "app-store",
|
|
export_options: {
|
|
provisioningProfiles: {
|
|
APP_IDENTIFIER => PROFILE_NAME
|
|
}
|
|
}
|
|
}
|
|
|
|
if ENV["CI"]
|
|
build_options[:xcargs] = [
|
|
"OTHER_CODE_SIGN_FLAGS=#{("--keychain #{ENV.fetch("MATCH_KEYCHAIN_NAME")}").shellescape}"
|
|
].join(" ")
|
|
end
|
|
|
|
begin
|
|
sync_match_signing(readonly: true)
|
|
verify_ci_signing_identity
|
|
build_app(build_options)
|
|
ensure
|
|
cleanup_ci_signing_identity
|
|
end
|
|
|
|
upload_to_testflight(
|
|
api_key: api_key,
|
|
skip_waiting_for_build_processing: true
|
|
)
|
|
end
|
|
end
|