Update ios.yml #156
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Meowbili iDevice Workflow | |
on: | |
push: | |
branches: [ "main", "2024" ] | |
paths-ignore: | |
- '.github/workflows/*' | |
- '!.github/workflows/ios.yml' | |
jobs: | |
prepare: | |
name: Prepare App Version | |
runs-on: macos-13 | |
permissions: | |
contents: write | |
pull-requests: write | |
issues: write | |
repository-projects: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set Xcode Version | |
run: sudo xcode-select -s /Applications/Xcode_15.0.app | |
- name: Prepare Version Folder | |
run: mkdir vers | |
- name: Checkout Version Files | |
uses: actions/checkout@v3 | |
with: | |
ref: release-vers | |
persist-credentials: false | |
fetch-depth: 0 | |
path: vers | |
- name: Change Project Version | |
run: | | |
read MVER < vers/ver.txt | |
MVER=$[MVER+1] | |
rm vers/ver.txt | |
echo $MVER >> vers/ver.txt | |
agvtool new-version -all $MVER | |
- name: Commit Files | |
working-directory: vers | |
run: | | |
git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
git config --local user.name "github-actions[bot]" | |
git commit -a -m "Updated versions" | |
- name: Push Changes | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
branch: release-vers | |
directory: vers | |
- name: Upload Proj | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Versioned Project | |
path: ./ | |
build: | |
name: Build and Archive App | |
runs-on: macos-13 | |
needs: | |
- prepare | |
steps: | |
- name: Download Versioned Project | |
uses: actions/download-artifact@v3 | |
with: | |
name: Versioned Project | |
path: ./ | |
- name: Set Xcode Version | |
run: sudo xcode-select -s /Applications/Xcode_15.0.app | |
- name: Install the Apple certificate and provisioning profile for Xcode | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Set Environment Varibles | |
run: | | |
CI=TRUE | |
CI_ARCHIVE_PATH=/Volumes/workspace/build.xcarchive | |
CI_BUNDLE_ID=com.darock.DarockBili | |
CI_PRODUCT=DarockBili | |
CI_PRODUCT_PLATFORM=iOS | |
CI_XCODEBUILD_ACTION=archive | |
CI_XCODE_PROJECT=DarockBili.xcodeproj | |
CI_XCODE_SCHEME=DarockBili | |
TMPDIR=$RUNNER_TEMP | |
- name: Restore Caches | |
uses: actions/cache/restore@v3 | |
with: | |
key: ${{ runner.os }}-main-archive-cache- | |
path: ~/Library/Developer/Xcode/DerivedData | |
- name: Resolve Package Dependencies | |
run: xcodebuild -resolvePackageDependencies -project ./DarockBili.xcodeproj -scheme 'DarockBili Watch App' | |
- name: Get Current Time | |
id: current-time | |
run: echo "time=$(date +"%Y%m%d%H%M%S")" >> $GITHUB_OUTPUT | |
- name: Save Caches | |
uses: actions/cache/save@v3 | |
with: | |
key: ${{ runner.os }}-main-archive-cache-${{ steps.current-time.outputs.time }} | |
path: ~/Library/Developer/Xcode/DerivedData | |
- name: Archive DarockBili App | |
env: | |
ASCAPI_KEY_ID: ${{ secrets.ASCAPI_KEY_ID }} | |
ASCAPI_ISSUER_ID: ${{ secrets.ASCAPI_ISSUER_ID }} | |
run: | | |
xcodebuild archive -project ./DarockBili.xcodeproj -scheme 'DarockBili Watch App' -archivePath ./build.xcarchive -IDEPostProgressNotifications=YES CODE_SIGN_IDENTITY=- AD_HOC_CODE_SIGNING_ALLOWED=YES CODE_SIGN_STYLE=Automatic DEVELOPMENT_TEAM=B57D8PP775 COMPILER_INDEX_STORE_ENABLE=NO | |
- name: Upload Xcode Archive | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Xcode Archive | |
path: ./build.xcarchive | |
build_comp: | |
name: Build Company App | |
runs-on: macos-13 | |
needs: | |
- prepare | |
steps: | |
- name: Download Versioned Project | |
uses: actions/download-artifact@v3 | |
with: | |
name: Versioned Project | |
path: ./ | |
- name: Set Xcode Version | |
run: sudo xcode-select -s /Applications/Xcode_15.0.app | |
- name: Install Apple certificate and provisioning profile for Xcode | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Replace Bundle ID | |
run: sed -i "" 's/com.darock.DarockBili.watchkitapp/com.djbx.life.agent.dat/g' DarockBili.xcodeproj/project.pbxproj | |
- name: Restore Caches | |
uses: actions/cache/restore@v3 | |
with: | |
key: ${{ runner.os }}-main-archive-cache- | |
path: ~/Library/Developer/Xcode/DerivedData | |
- name: Resolve Package Dependencies | |
run: xcodebuild -resolvePackageDependencies -project ./DarockBili.xcodeproj -scheme 'DarockBili Watch App' | |
- name: Get Current Time | |
id: current-time | |
run: echo "time=$(date +"%Y%m%d%H%M%S")" >> $GITHUB_OUTPUT | |
- name: Save Caches | |
uses: actions/cache/save@v3 | |
with: | |
key: ${{ runner.os }}-main-archive-cache-${{ steps.current-time.outputs.time }} | |
path: ~/Library/Developer/Xcode/DerivedData | |
- name: Archive DarockBili App | |
env: | |
ASCAPI_KEY_ID: ${{ secrets.ASCAPI_KEY_ID }} | |
ASCAPI_ISSUER_ID: ${{ secrets.ASCAPI_ISSUER_ID }} | |
run: | | |
xcodebuild archive -project ./DarockBili.xcodeproj -scheme 'DarockBili Watch App' -archivePath ./build.xcarchive -IDEPostProgressNotifications=YES CODE_SIGN_IDENTITY=- AD_HOC_CODE_SIGNING_ALLOWED=YES CODE_SIGN_STYLE=Automatic DEVELOPMENT_TEAM=B57D8PP775 COMPILER_INDEX_STORE_ENABLE=NO | |
- name: Upload Xcode Archive | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Company Xcode Archive | |
path: ./build.xcarchive | |
export: | |
name: Export App Store IPA | |
runs-on: macos-13 | |
needs: | |
- build | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set Xcode Version | |
run: sudo xcode-select -s /Applications/Xcode_15.0.app | |
- name: Download App XCArchive | |
uses: actions/download-artifact@v3 | |
with: | |
name: Xcode Archive | |
path: ./DarockBili_Release.xcarchive | |
- name: Install the Apple certificate and provisioning profile for Xcode | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Set Environment Varibles | |
run: | | |
CI=TRUE | |
CI_ARCHIVE_PATH=/Volumes/workspace/build.xcarchive | |
CI_BUNDLE_ID=com.darock.DarockBili | |
CI_PRODUCT=DarockBili | |
CI_PRODUCT_PLATFORM=iOS | |
CI_XCODEBUILD_ACTION=archive | |
CI_XCODE_PROJECT=DarockBili.xcodeproj | |
CI_XCODE_SCHEME=DarockBili | |
TMPDIR=$RUNNER_TEMP | |
- name: Export IPA File | |
run: | | |
xcodebuild -exportArchive -archivePath ./DarockBili_Release.xcarchive -exportPath ./ -exportOptionsPlist ./ExportOptions/app-store.plist -DVTProvisioningIsManaged=YES -DVTSkipCertificateValidityCheck=YES | |
mv DarockBili.ipa DarockBili_Release.ipa | |
- name: Upload IPA File | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Release IPA | |
path: ./DarockBili_Release.ipa | |
export_unsigned: | |
name: Export Unsigned IPA | |
runs-on: macos-13 | |
needs: | |
- build | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Download App XCArchive | |
uses: actions/download-artifact@v3 | |
with: | |
name: Xcode Archive | |
path: ./DarockBili_Release.xcarchive | |
- name: Export IPA File | |
run: | | |
mkdir Payload | |
cp -r DarockBili_Release.xcarchive/Products/Applications/DarockBili.app Payload | |
zip -q -r DarockBili_Unsigned.ipa Payload | |
- name: Upload IPA File | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Unsigned IPA | |
path: ./DarockBili_Unsigned.ipa | |
export_comp: | |
name: Export Company IPA | |
runs-on: macos-13 | |
needs: | |
- build_comp | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set Xcode Version | |
run: sudo xcode-select -s /Applications/Xcode_15.0.app | |
- name: Download App XCArchive | |
uses: actions/download-artifact@v3 | |
with: | |
name: Company Xcode Archive | |
path: ./DarockBili_Release.xcarchive | |
- name: Install MEMZ Cer and Prov | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Get Company Cer and Prov | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.COMPANY_P12 }} | |
P12_PASSWORD: ${{ secrets.COMPANY_P12_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.COMPANY_PROV }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Export IPA File | |
run: | | |
xcodebuild -exportArchive -archivePath ./DarockBili_Release.xcarchive -exportPath ./ -exportOptionsPlist ./ExportOptions/app-store.plist -DVTProvisioningIsManaged=YES -DVTSkipCertificateValidityCheck=YES | |
mv DarockBili.ipa DarockBili_Release.ipa | |
- name: Resign IPA | |
env: | |
COMPANY_P12_NAME: ${{ secrets.COMPANY_P12_NAME }} | |
run: | | |
CODESIGN_ALLOCATE=`xcrun --find codesign_allocate`; export CODESIGN_ALLOCATE | |
IPA="./DarockBili_Release.ipa" | |
PROVISION="$RUNNER_TEMP/build_pp.mobileprovision" | |
CERTIFICATE="$COMPANY_P12_NAME" | |
# unzip the ipa | |
unzip -q "$IPA" | |
# remove the signature | |
rm -rf Payload/*.app/_CodeSignature | |
rm -rf Payload/*.app/Watch/*.app/_CodeSignature | |
# replace the provision | |
cp "$PROVISION" Payload/*.app/embedded.mobileprovision | |
cp "$PROVISION" Payload/*.app/Watch/*.app/embedded.mobileprovision | |
# sign with the new certificate (--resource-rules has been deprecated OS X Yosemite (10.10), it can safely be removed) | |
/usr/bin/codesign -f -s "$CERTIFICATE" Payload/*.app/Watch/*.app | |
/usr/bin/codesign -f -s "$CERTIFICATE" Payload/*.app | |
# zip it back up | |
zip -qr resigned.ipa Payload | |
- name: Upload IPA File | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Company IPA | |
path: ./resigned.ipa | |
# deploy: | |
# name: Deploy to TestFlight | |
# runs-on: macos-13 | |
# needs: | |
# - export | |
# - test | |
# env: | |
# ASCAPI_ISSUER_ID: ${{ secrets.ASCAPI_ISSUER_ID }} | |
# ASCAPI_KEY_ID: ${{ secrets.ASCAPI_KEY_ID }} | |
# ASCAPI_KEY: ${{ secrets.ASCAPI_KEY }} | |
# steps: | |
# - name: Download App Archive | |
# uses: actions/download-artifact@v3 | |
# with: | |
# name: Release IPA | |
# | |
# - name: Prepare API Key | |
# run: | | |
# mkdir ~/.private_keys | |
# echo "$ASCAPI_KEY" >> ~/.private_keys/AuthKey_${ASCAPI_KEY_ID}.p8 | |
# - name: Upload to App Store Connect | |
# run: xcrun altool --upload-app -f ./DarockBili_Release.ipa -t ios --apiKey $ASCAPI_KEY_ID --apiIssuer $ASCAPI_ISSUER_ID | |