ensuring user role is cached/updated each time we open a project #6970
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: iOS Build | |
on: | |
push: | |
paths: | |
- 'app/**' | |
- 'core/**' | |
- 'scripts/**' | |
- 'cmake/**' | |
- 'cmake_templates/**' | |
- 'CMakeLists.txt' | |
- '.github/workflows/ios.yml' | |
- '.github/secrets/ios/**' | |
release: | |
types: | |
- published | |
env: | |
QT_VERSION: '6.6.3' # use scripts/update_qt_version.bash to change | |
XC_VERSION: ${{ '15.2' }} | |
IOS_CMAKE_TOOLCHAIN_VERSION: "4.4.0" | |
INPUT_SDK_VERSION: arm64-ios-20240517-182 | |
IOS_PROVISIONING_PROFILE_UUID: 59aaa8d7-516a-4592-8c58-d7d1c1f81610 | |
KEYCHAIN: ${{ 'inputapp.keychain' }} | |
CCACHE_DIR: /Users/runner/work/ccache | |
CMAKE_VERSION: '3.29.0' | |
CACHE_VERSION: 0 | |
concurrency: | |
group: ci-${{github.ref}}-ios | |
cancel-in-progress: true | |
jobs: | |
ios_build: | |
if: ( github.repository == 'MerginMaps/mobile' ) && (!contains(github.event.head_commit.message, 'Translate ')) | |
runs-on: macos-13 | |
steps: | |
- name: Select latest Xcode | |
run: "sudo xcode-select -s /Applications/Xcode_$XC_VERSION.app" | |
- uses: actions/checkout@v3 | |
- name: Download ios-cmake toolchain | |
uses: actions/checkout@v3 | |
with: | |
repository: leetal/ios-cmake | |
ref: ${{ env.IOS_CMAKE_TOOLCHAIN_VERSION }} | |
path: ios-cmake | |
# CCache | |
- name: Prepare build cache for pull request | |
uses: pat-s/[email protected] | |
if: github.event_name == 'pull_request' | |
with: | |
path: ${{ env.CCACHE_DIR }} | |
key: build-ios-ccache-${{ github.actor }}-${{ github.head_ref }}-${{ github.sha }} | |
# The head_ref or source branch of the pull request in a workflow run. | |
# The base_ref or target branch of the pull request in a workflow run. | |
restore-keys: | | |
build-ios-ccache-${{ github.actor }}-${{ github.head_ref }}- | |
build-ios-ccache-refs/heads/${{ github.base_ref }}- | |
build-ios-ccache-refs/heads/master- | |
- name: Prepare build cache for branch/tag | |
# use a fork of actions/cache@v2 to upload cache even when the build or test failed | |
uses: pat-s/[email protected] | |
if: github.event_name != 'pull_request' | |
with: | |
path: ${{ env.CCACHE_DIR }} | |
# The branch or tag ref that triggered the workflow run. For branches this in the format refs/heads/<branch_name>, and for tags it is refs/tags/<tag_name> | |
key: build-ios-ccache-${{ github.ref }}-${{ github.sha }} | |
restore-keys: | | |
build-ios-ccache-${{ github.ref }}- | |
build-ios-ccache-refs/heads/master- | |
- name: Install brew deps | |
run: | | |
pip3 install -U pip | |
pip3 install aqtinstall | |
brew install gnupg | |
brew install [email protected] | |
brew install ccache | |
brew install ninja | |
- name: Install CMake and Ninja | |
uses: lukka/get-cmake@latest | |
with: | |
cmakeVersion: ${{ env.CMAKE_VERSION }} | |
- name: Install ccache | |
run: | | |
mkdir -p ${CCACHE_DIR} | |
ccache --set-config=max_size=2.0G | |
ccache -s | |
- name: Extract Mergin API_KEY | |
env: | |
MERGINSECRETS_DECRYPT_KEY: ${{ secrets.MERGINSECRETS_DECRYPT_KEY }} | |
run: | | |
cd core/ | |
/usr/local/opt/[email protected]/bin/openssl \ | |
aes-256-cbc -d \ | |
-in merginsecrets.cpp.enc \ | |
-out merginsecrets.cpp \ | |
-k "$MERGINSECRETS_DECRYPT_KEY" \ | |
-md md5 | |
- name: Configure Keychain | |
run: | | |
security create-keychain -p "" "$KEYCHAIN" | |
security list-keychains -s "$KEYCHAIN" | |
security default-keychain -s "$KEYCHAIN" | |
security unlock-keychain -p "" "$KEYCHAIN" | |
security set-keychain-settings | |
security list-keychains | |
- name: Configure Code Signing | |
env: | |
IOS_GPG_KEY: ${{ secrets.IOS_GPG_KEY }} | |
IOS_CERT_KEY: ${{ secrets.IOS_CERT_KEY }} | |
run: | | |
gpg --quiet --batch --yes --decrypt --passphrase="$IOS_GPG_KEY" --output ./.github/secrets/ios/Certificates_ios_dist.p12 ./.github/secrets/ios/Certificates_ios_dist.p12.gpg | |
security import "./.github/secrets/ios/Certificates_ios_dist.p12" -k "$KEYCHAIN" -P "$IOS_CERT_KEY" -A | |
security set-key-partition-list -S apple-tool:,apple: -s -k "" "$KEYCHAIN" | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
gpg --quiet --batch --yes --decrypt --passphrase="$IOS_GPG_KEY" --output ./.github/secrets/ios/LutraConsultingLtdInputAppStore.mobileprovision ./.github/secrets/ios/LutraConsultingLtdInputAppStore.mobileprovision.gpg | |
cp ./.github/secrets/ios/LutraConsultingLtdInputAppStore.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/${IOS_PROVISIONING_PROFILE_UUID}.mobileprovision | |
# Input SDK | |
- name: Cache Input-SDK | |
id: cache-input-sdk | |
uses: pat-s/[email protected] | |
with: | |
path: ${{ github.workspace }}/input-sdk | |
key: ${{ runner.os }}-input-sdk-v0-${{ env.INPUT_SDK_VERSION }}-${{ env.CACHE_VERSION }} | |
- name: Install Input-SDK | |
if: steps.cache-input-sdk.outputs.cache-hit != 'true' | |
run: | | |
wget -O \ | |
${{ github.workspace }}/input-sdk.tar.gz \ | |
https://github.com/MerginMaps/mobile-sdk/releases/download/${{ env.INPUT_SDK_VERSION }}/mergin-maps-input-sdk-qt-${{ env.QT_VERSION }}-${{ env.INPUT_SDK_VERSION }}.tar.gz | |
mkdir -p ${{ github.workspace }}/input-sdk/arm64-ios | |
cd ${{ github.workspace }}/input-sdk/arm64-ios | |
tar -xvzf ${{ github.workspace }}/input-sdk.tar.gz | |
# Qt | |
- name: Cache Qt | |
id: cache-qt | |
uses: pat-s/[email protected] | |
with: | |
path: ${{ github.workspace }}/Qt | |
key: ${{ runner.os }}-QtCache-v3-${{ env.QT_VERSION }}-ios | |
- name: Install Qt | |
if: steps.cache-qt.outputs.cache-hit != 'true' | |
run: | | |
aqt install-qt \ | |
mac ios ${{ env.QT_VERSION }} \ | |
-m qtsensors qtconnectivity qt5compat qtmultimedia qtpositioning qtshadertools \ | |
-O ${{ github.workspace }}/Qt | |
aqt install-qt \ | |
mac desktop ${{ env.QT_VERSION }} \ | |
-m qtsensors qtconnectivity qt5compat qtmultimedia qtpositioning qtshadertools \ | |
-O ${{ github.workspace }}/Qt | |
- name: Calculate a build number | |
env: | |
OFFFSET: 10 # offset for build number - due to previous builds ~ new builds must always have a higher number | |
run: | | |
BUILD_NUM=$GITHUB_RUN_NUMBER$((GITHUB_RUN_ATTEMPT + OFFFSET)) | |
TIMESTAMP=`date "+%y.%-m"` | |
CF_BUNDLE_VERSION=${TIMESTAMP}.${BUILD_NUM} | |
echo "INPUT_VERSION_CODE=${CF_BUNDLE_VERSION}" >> $GITHUB_ENV | |
echo "Build number: ${CF_BUNDLE_VERSION}" | |
- name: Create build system with cmake | |
run: | | |
mkdir -p install-Input | |
mkdir -p build-INPUT | |
cd build-INPUT | |
ls -1 ${{ github.workspace }}/Qt/${{ env.QT_VERSION }} | |
# run cmake | |
cmake \ | |
-DCMAKE_TOOLCHAIN_FILE:PATH="${{ github.workspace }}/ios-cmake/ios.toolchain.cmake" \ | |
-DCMAKE_PREFIX_PATH=${{ github.workspace }}/Qt/${{ env.QT_VERSION }}/ios \ | |
-DIOS_USE_PRODUCTION_SIGNING=TRUE \ | |
-DQT_HOST_PATH=${{ github.workspace }}/Qt/${{ env.QT_VERSION }}/macos \ | |
-DIOS=TRUE \ | |
-DUSE_MM_SERVER_API_KEY=TRUE \ | |
-DCMAKE_INSTALL_PREFIX:PATH=../install-Input \ | |
-DINPUT_SDK_PATH=${{ github.workspace }}/input-sdk/arm64-ios \ | |
-G "Xcode" \ | |
-DCMAKE_CXX_COMPILER_LAUNCHER=ccache \ | |
-S ${{ github.workspace }} \ | |
-B ./ | |
- name: Build Input | |
run: | | |
cd build-INPUT | |
xcodebuild \ | |
-project Input.xcodeproj/ \ | |
-scheme Input \ | |
-sdk iphoneos \ | |
-configuration Release \ | |
archive -archivePath Input.xcarchive \ | |
"OTHER_CODE_SIGN_FLAGS=--keychain '$KEYCHAIN'" | |
- name: Create Input Package | |
run: | | |
INPUT_DIR=`pwd` | |
cd build-INPUT | |
xcodebuild \ | |
-archivePath Input.xcarchive \ | |
-exportOptionsPlist $INPUT_DIR/scripts/ci/ios/exportOptions.plist \ | |
-exportPath $PWD \ | |
-allowProvisioningUpdates \ | |
-exportArchive | |
- name: Upload .ipa to TestFlight | |
env: | |
INPUTAPP_BOT_APPLEID_PASS: ${{ secrets.INPUTAPP_BOT_APPLEID_PASS }} | |
INPUTAPP_BOT_APPLEID_USER: ${{ secrets.INPUTAPP_BOT_APPLEID_USER }} | |
INPUTAPP_BOT_GITHUB_TOKEN: ${{ secrets.INPUTAPP_BOT_GITHUB_TOKEN }} | |
if: success() | |
run: | | |
CF_BUNDLE_VERSION=`/usr/libexec/PlistBuddy -c "Print :CFBundleVersion" build-INPUT/app/CMakeFiles/Input.dir/Info.plist` | |
echo "Publishing ios ${CF_BUNDLE_VERSION}" | |
xcrun altool --upload-app -t ios -f build-INPUT/Input.ipa -u "$INPUTAPP_BOT_APPLEID_USER" -p "$INPUTAPP_BOT_APPLEID_PASS" --verbose | |
# Add comment to GitHub | |
GITHUB_API=https://api.github.com/repos/MerginMaps/mobile/commits/${GITHUB_SHA}/comments | |
curl -u inputapp-bot:${INPUTAPP_BOT_GITHUB_TOKEN} -X POST --data '{"body": "iOS - version '${CF_BUNDLE_VERSION}' just submitted!"}' ${GITHUB_API} |