From 1868716cee8c1f4a267ae4ad616a74255820a6a2 Mon Sep 17 00:00:00 2001 From: "amaury.zarzelli" Date: Tue, 28 Nov 2023 16:29:19 +0100 Subject: [PATCH] feat(CICD): add ios deploy --- .github/workflows/ios-deploy.yml | 89 ++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 .github/workflows/ios-deploy.yml diff --git a/.github/workflows/ios-deploy.yml b/.github/workflows/ios-deploy.yml new file mode 100644 index 00000000..e3a124e2 --- /dev/null +++ b/.github/workflows/ios-deploy.yml @@ -0,0 +1,89 @@ +name: iOS deploy + +on: + workflow_dispatch: + push: + tags: + - '**' + +jobs: + build_with_signing: + runs-on: macos-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Make envfile + uses: SpicyPizza/create-envfile@v1.3 + with: + directory: . + file_name: .env + envkey_GP_TOKEN: ${{ secrets.GP_TOKEN }} + fail_on_empty: false + + - name: Get the tagname + id: get_tagname + run: echo TAGNAME=$(echo ${GITHUB_REF##*/}) >> $GITHUB_OUTPUT + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: 20 + + - name: Install app dependencies + run: npm install + + - name: Install the Apple certificate and provisioning profile + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} + P12_PASSWORD: ${{ secrets.P12_PASSWORD }} + BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate and provisioning profile from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + + # apply provisioning profile + mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles + - name: Build app + run: xcodebuild -scheme "IGNProduction" clean archive -archivePath "ign" -configuration "Release Production" + - name: export ipa + env: + EXPORT_PLIST: ${{ secrets.IOS_EXPORT_PRODUCTION }} + run: | + EXPORT_PLINST_PATH=$RUNNER_TEMP/ExportOptions.plist + echo -n "$EXPORT_PLIST" | base64 --decode --output $EXPORT_PLIST_PATH + xcodebuild -exportArchive -archivePath $GITHUB_WORKSPACE/ign.xcarchive -exportOptionsPlist $EXPORT_PLIST_PATH -exportPath $RUNNER_TEMP/export + + - name: Decode auth api key file and save it + env: + API_KEY_BASE64: ${{ secrets.APPSTORE_API_PRIVATE_KEY }} + run: | + ls ~/private_keys + echo -n "$API_KEY_BASE64" | base64 --decode --output ~/private_keys/AuthKey_${{ secrets.APPSTORE_API_KEY_ID }}.p8 + echo "After saving: " + ls ~/private_keys + + - name: "Upload file to test flight using CLI" + run: | + echo "Starting upload" + ls ~/private_keys + xcrun altool — validate-app -f $RUNNER_TEMP/export/IGNProduction.ipa -t ios — apiKey ${{ secrets.APPSTORE_API_KEY_ID }} — apiIssuer ${{ secrets.APPSTORE_ISSUER_ID }} + xcrun altool — upload-app -f $RUNNER_TEMP/export/IGNProduction.ipa -t ios — apiKey “${{ secrets.APPSTORE_API_KEY_ID }}” — apiIssuer “${{ secrets.APPSTORE_ISSUER_ID }}”