diff --git a/.github/workflows/add_identifiers.yml b/.github/workflows/add_identifiers.yml
index aab334ab6..8ff87a55f 100644
--- a/.github/workflows/add_identifiers.yml
+++ b/.github/workflows/add_identifiers.yml
@@ -24,8 +24,15 @@ jobs:
# Patch Fastlane Match to not print tables
- name: Patch Match Tables
- run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"
-
+ run: |
+ TABLE_PRINTER_PATH=$(ruby -e 'puts Gem::Specification.find_by_name("fastlane").gem_dir')/match/lib/match/table_printer.rb
+ if [ -f "$TABLE_PRINTER_PATH" ]; then
+ sed -i "" "/puts(Terminal::Table.new(params))/d" "$TABLE_PRINTER_PATH"
+ else
+ echo "table_printer.rb not found"
+ exit 1
+ fi
+
# Install project dependencies
- name: Install Project Dependencies
run: bundle install
diff --git a/.github/workflows/build_loop.yml b/.github/workflows/build_loop.yml
index dc84dbee8..254c4015f 100644
--- a/.github/workflows/build_loop.yml
+++ b/.github/workflows/build_loop.yml
@@ -2,26 +2,27 @@ name: 4. Build Loop
run-name: Build Loop (${{ github.ref_name }})
on:
workflow_dispatch:
-
+
## Remove the "#" sign from the beginning of the line below to get automated builds on push (code changes in your repository)
#push:
-
+
schedule:
- - cron: '0 8 * * 3' # Checks for updates at 08:00 UTC every Wednesday
- - cron: '0 6 1 * *' # Builds the app on the 1st of every month at 06:00 UTC
+ - cron: "0 8 * * 3" # Checks for updates at 08:00 UTC every Wednesday
+ - cron: "0 6 1 * *" # Builds the app on the 1st of every month at 06:00 UTC
env:
UPSTREAM_REPO: LoopKit/LoopWorkspace
UPSTREAM_BRANCH: ${{ github.ref_name }} # branch on upstream repository to sync from (replace with specific branch name if needed)
TARGET_BRANCH: ${{ github.ref_name }} # target branch on fork to be kept in sync, and target branch on upstream to be kept alive (replace with specific branch name if needed)
- ALIVE_BRANCH: alive
+ ALIVE_BRANCH_MAIN: alive-main
+ ALIVE_BRANCH_DEV: alive-dev
jobs:
validate:
name: Validate
uses: ./.github/workflows/validate_secrets.yml
secrets: inherit
-
+
# Checks if GH_PAT holds workflow permissions
# Checks for existence of alive branch; if non-existent creates it
check_alive_and_permissions:
@@ -32,126 +33,155 @@ jobs:
contents: write
outputs:
WORKFLOW_PERMISSION: ${{ steps.workflow-permission.outputs.has_permission }}
-
+
steps:
- - name: Check for workflow permissions
- id: workflow-permission
- env:
- TOKEN_TO_CHECK: ${{ secrets.GH_PAT }}
- run: |
- PERMISSIONS=$(curl -sS -f -I -H "Authorization: token ${{ env.TOKEN_TO_CHECK }}" https://api.github.com | grep ^x-oauth-scopes: | cut -d' ' -f2-);
-
- if [[ $PERMISSIONS =~ "workflow" || $PERMISSIONS == "" ]]; then
- echo "GH_PAT holds workflow permissions or is fine-grained PAT."
- echo "has_permission=true" >> $GITHUB_OUTPUT # Set WORKFLOW_PERMISSION to false.
- else
- echo "GH_PAT lacks workflow permissions."
- echo "Automated build features will be skipped!"
- echo "has_permission=false" >> $GITHUB_OUTPUT # Set WORKFLOW_PERMISSION to false.
- fi
-
- - name: Check for alive branch
- if: steps.workflow-permission.outputs.has_permission == 'true'
- env:
- GITHUB_TOKEN: ${{ secrets.GH_PAT }}
- run: |
- if [[ "$(gh api -H "Accept: application/vnd.github+json" /repos/${{ github.repository_owner }}/LoopWorkspace/branches | jq --raw-output 'any(.name=="alive")')" == "true" ]]; then
- echo "Branch 'alive' exists."
- echo "ALIVE_BRANCH_EXISTS=true" >> $GITHUB_ENV # Set ALIVE_BRANCH_EXISTS to true
- else
- echo "Branch 'alive' does not exist."
- echo "ALIVE_BRANCH_EXISTS=false" >> $GITHUB_ENV # Set ALIVE_BRANCH_EXISTS to false
- fi
-
- - name: Create alive branch
- if: env.ALIVE_BRANCH_EXISTS == 'false'
- env:
- GITHUB_TOKEN: ${{ secrets.GH_PAT }}
- run: |
- # Get ref for LoopKit/LoopWorkspace:dev
- SHA=$(curl -sS https://api.github.com/repos/${{ env.UPSTREAM_REPO }}/git/refs \
- | jq '.[] | select(.ref == "refs/heads/dev" ) | .object.sha' \
- | tr -d '"'
- );
-
- # Create alive branch based on LoopKit/LoopWorkspace:dev
- gh api \
- --method POST \
- -H "Authorization: token $GITHUB_TOKEN" \
- -H "Accept: application/vnd.github.v3+json" \
- /repos/${{ github.repository_owner }}/LoopWorkspace/git/refs \
- -f ref='refs/heads/alive' \
- -f sha=$SHA
-
+ - name: Check for workflow permissions
+ id: workflow-permission
+ env:
+ TOKEN_TO_CHECK: ${{ secrets.GH_PAT }}
+ run: |
+ PERMISSIONS=$(curl -sS -f -I -H "Authorization: token ${{ env.TOKEN_TO_CHECK }}" https://api.github.com | grep ^x-oauth-scopes: | cut -d' ' -f2-);
+
+ if [[ $PERMISSIONS =~ "workflow" || $PERMISSIONS == "" ]]; then
+ echo "GH_PAT holds workflow permissions or is fine-grained PAT."
+ echo "has_permission=true" >> $GITHUB_OUTPUT # Set WORKFLOW_PERMISSION to false.
+ else
+ echo "GH_PAT lacks workflow permissions."
+ echo "Automated build features will be skipped!"
+ echo "has_permission=false" >> $GITHUB_OUTPUT # Set WORKFLOW_PERMISSION to false.
+ fi
+
+ - name: Check for alive branches
+ if: steps.workflow-permission.outputs.has_permission == 'true'
+ env:
+ GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+ run: |
+ if [[ $(gh api -H "Accept: application/vnd.github+json" /repos/${{ github.repository_owner }}/LoopWorkspace/branches | jq --raw-output '[.[] | select(.name == "alive-main" or .name == "alive-dev")] | length > 0') == "true" ]]; then
+ echo "Branches 'alive-main' or 'alive-dev' exist."
+ echo "ALIVE_BRANCH_EXISTS=true" >> $GITHUB_ENV
+ else
+ echo "Branches 'alive-main' and 'alive-dev' do not exist."
+ echo "ALIVE_BRANCH_EXISTS=false" >> $GITHUB_ENV
+ fi
+
+ - name: Create alive branches
+ if: env.ALIVE_BRANCH_EXISTS == 'false'
+ env:
+ GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+ run: |
+ # Get ref for LoopKit/LoopWorkspace:main
+ SHA_MAIN=$(curl -sS -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/${{ env.UPSTREAM_REPO }}/git/refs/heads/main | jq -r '.object.sha')
+
+ # Get ref for LoopKit/LoopWorkspace:dev
+ SHA_DEV=$(curl -sS -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/${{ env.UPSTREAM_REPO }}/git/refs/heads/dev | jq -r '.object.sha')
+
+ # Create alive-main branch based on LoopKit/LoopWorkspace:main
+ gh api \
+ --method POST \
+ -H "Authorization: token $GITHUB_TOKEN" \
+ -H "Accept: application/vnd.github.v3+json" \
+ /repos/${{ github.repository_owner }}/LoopWorkspace/git/refs \
+ -f ref='refs/heads/alive-main' \
+ -f sha=$SHA_MAIN
+
+ # Create alive-dev branch based on LoopKit/LoopWorkspace:dev
+ gh api \
+ --method POST \
+ -H "Authorization: token $GITHUB_TOKEN" \
+ -H "Accept: application/vnd.github.v3+json" \
+ /repos/${{ github.repository_owner }}/LoopWorkspace/git/refs \
+ -f ref='refs/heads/alive-dev' \
+ -f sha=$SHA_DEV
+
# Checks for changes in upstream repository; if changes exist prompts sync for build
# Performs keepalive to avoid stale fork
check_latest_from_upstream:
needs: [validate, check_alive_and_permissions]
runs-on: ubuntu-latest
name: Check upstream and keep alive
- outputs:
+ outputs:
NEW_COMMITS: ${{ steps.sync.outputs.has_new_commits }}
-
+ ABORT_SYNC: ${{ steps.check_branch.outputs.ABORT_SYNC }}
+
steps:
- - name: Checkout target repo
- if: |
- needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- (vars.SCHEDULED_BUILD != 'false' || vars.SCHEDULED_SYNC != 'false')
- uses: actions/checkout@v4
- with:
- token: ${{ secrets.GH_PAT }}
- ref: alive
-
- - name: Sync upstream changes
- if: | # do not run the upstream sync action on the upstream repository
- needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- vars.SCHEDULED_SYNC != 'false' && github.repository_owner != 'LoopKit'
- id: sync
- uses: aormsby/Fork-Sync-With-Upstream-action@v3.4.1
- with:
- target_sync_branch: ${{ env.ALIVE_BRANCH }}
- shallow_since: 6 months ago
- target_repo_token: ${{ secrets.GH_PAT }}
- upstream_sync_branch: ${{ env.UPSTREAM_BRANCH }}
- upstream_sync_repo: ${{ env.UPSTREAM_REPO }}
-
- # Display a sample message based on the sync output var 'has_new_commits'
- - name: New commits found
- if: |
- needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'true'
- run: echo "New commits were found to sync."
-
- - name: No new commits
- if: |
- needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'false'
- run: echo "There were no new commits."
-
- - name: Show value of 'has_new_commits'
- if: needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && vars.SCHEDULED_SYNC != 'false'
- run: |
- echo ${{ steps.sync.outputs.has_new_commits }}
- echo "NEW_COMMITS=${{ steps.sync.outputs.has_new_commits }}" >> $GITHUB_OUTPUT
-
- # Keep repository "alive": add empty commits to ALIVE_BRANCH after "time_elapsed" days of inactivity to avoid inactivation of scheduled workflows
- - name: Keep alive
- if: |
- needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- (vars.SCHEDULED_BUILD != 'false' || vars.SCHEDULED_SYNC != 'false')
- uses: gautamkrishnar/keepalive-workflow@v1 # using the workflow with default settings
- with:
- time_elapsed: 20 # Time elapsed from the previous commit to trigger a new automated commit (in days)
-
- - name: Show scheduled build configuration message
- if: needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION != 'true'
- run: |
- echo "### :calendar: Scheduled Sync and Build Disabled :mobile_phone_off:" >> $GITHUB_STEP_SUMMARY
- echo "You have not yet configured the scheduled sync and build for Loop's browser build." >> $GITHUB_STEP_SUMMARY
- echo "Synchronizing your fork of LoopWorkspace with the upstream repository LoopKit/LoopWorkspace will be skipped." >> $GITHUB_STEP_SUMMARY
- echo "If you want to enable automatic builds and updates for your Loop, please follow the instructions \
- under the following path LoopWorkspace/fastlane/testflight.md." >> $GITHUB_STEP_SUMMARY
-
+ - name: Check if running on main or dev branch
+ if: |
+ needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
+ (vars.SCHEDULED_BUILD != 'false' || vars.SCHEDULED_SYNC != 'false')
+ id: check_branch
+ run: |
+ if [ "${GITHUB_REF##*/}" = "main" ]; then
+ echo "Running on main branch"
+ echo "ALIVE_BRANCH=${ALIVE_BRANCH_MAIN}" >> $GITHUB_OUTPUT
+ echo "ABORT_SYNC=false" >> $GITHUB_OUTPUT
+ elif [ "${GITHUB_REF##*/}" = "dev" ]; then
+ echo "Running on dev branch"
+ echo "ALIVE_BRANCH=${ALIVE_BRANCH_DEV}" >> $GITHUB_OUTPUT
+ echo "ABORT_SYNC=false" >> $GITHUB_OUTPUT
+ else
+ echo "Not running on main or dev branch"
+ echo "ABORT_SYNC=true" >> $GITHUB_OUTPUT
+ fi
+
+ - name: Checkout target repo
+ if: |
+ needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
+ (vars.SCHEDULED_BUILD != 'false' || vars.SCHEDULED_SYNC != 'false')
+ uses: actions/checkout@v4
+ with:
+ token: ${{ secrets.GH_PAT }}
+ ref: ${{ steps.check_branch.outputs.ALIVE_BRANCH }}
+
+ - name: Sync upstream changes
+ if: | # do not run the upstream sync action on the upstream repository
+ needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
+ vars.SCHEDULED_SYNC != 'false' && github.repository_owner != 'LoopKit' && steps.check_branch.outputs.ABORT_SYNC == 'false'
+ id: sync
+ uses: aormsby/Fork-Sync-With-Upstream-action@v3.4.1
+ with:
+ target_sync_branch: ${{ steps.check_branch.outputs.ALIVE_BRANCH }}
+ shallow_since: 6 months ago
+ target_repo_token: ${{ secrets.GH_PAT }}
+ upstream_sync_branch: ${{ env.UPSTREAM_BRANCH }}
+ upstream_sync_repo: ${{ env.UPSTREAM_REPO }}
+
+ # Display a sample message based on the sync output var 'has_new_commits'
+ - name: New commits found
+ if: |
+ needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
+ vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'true'
+ run: echo "New commits were found to sync."
+
+ - name: No new commits
+ if: |
+ needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
+ vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'false'
+ run: echo "There were no new commits."
+
+ - name: Show value of 'has_new_commits'
+ if: needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' && vars.SCHEDULED_SYNC != 'false' && steps.check_branch.outputs.ABORT_SYNC == 'false'
+ run: |
+ echo ${{ steps.sync.outputs.has_new_commits }}
+ echo "NEW_COMMITS=${{ steps.sync.outputs.has_new_commits }}" >> $GITHUB_OUTPUT
+
+ # Keep repository "alive": add empty commits to ALIVE_BRANCH after "time_elapsed" days of inactivity to avoid inactivation of scheduled workflows
+ - name: Keep alive
+ if: |
+ needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
+ (vars.SCHEDULED_BUILD != 'false' || vars.SCHEDULED_SYNC != 'false')
+ uses: gautamkrishnar/keepalive-workflow@v1 # using the workflow with default settings
+ with:
+ time_elapsed: 20 # Time elapsed from the previous commit to trigger a new automated commit (in days)
+
+ - name: Show scheduled build configuration message
+ if: needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION != 'true'
+ run: |
+ echo "### :calendar: Scheduled Sync and Build Disabled :mobile_phone_off:" >> $GITHUB_STEP_SUMMARY
+ echo "You have not yet configured the scheduled sync and build for Loop's browser build." >> $GITHUB_STEP_SUMMARY
+ echo "Synchronizing your fork of LoopWorkspace with the upstream repository LoopKit/LoopWorkspace will be skipped." >> $GITHUB_STEP_SUMMARY
+ echo "If you want to enable automatic builds and updates for your Loop, please follow the instructions \
+ under the following path LoopWorkspace/fastlane/testflight.md." >> $GITHUB_STEP_SUMMARY
+
# Builds Loop
build:
name: Build
@@ -159,16 +189,17 @@ jobs:
runs-on: macos-14
permissions:
contents: write
- if: | # runs if started manually, or if sync schedule is set and enabled and scheduled on the first Saturday each month, or if sync schedule is set and enabled and new commits were found
- github.event_name == 'workflow_dispatch' ||
- (needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- (vars.SCHEDULED_BUILD != 'false' && github.event.schedule == '0 6 1 * *') ||
- (vars.SCHEDULED_SYNC != 'false' && needs.check_latest_from_upstream.outputs.NEW_COMMITS == 'true' )
- )
+ if:
+ | # runs if started manually, or if sync schedule is set and enabled and scheduled on the first Saturday each month, or if sync schedule is set and enabled and new commits were found
+ github.event_name == 'workflow_dispatch' ||
+ (needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
+ (vars.SCHEDULED_BUILD != 'false' && github.event.schedule == '0 6 1 * *') ||
+ (vars.SCHEDULED_SYNC != 'false' && needs.check_latest_from_upstream.outputs.NEW_COMMITS == 'true' )
+ )
steps:
- name: Select Xcode version
run: "sudo xcode-select --switch /Applications/Xcode_15.4.app/Contents/Developer"
-
+
- name: Checkout Repo for syncing
if: |
needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
@@ -176,12 +207,12 @@ jobs:
uses: actions/checkout@v4
with:
token: ${{ secrets.GH_PAT }}
- ref: ${{ env.TARGET_BRANCH }}
-
+ ref: ${{ env.TARGET_BRANCH }}
+
- name: Sync upstream changes
if: | # do not run the upstream sync action on the upstream repository
needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- vars.SCHEDULED_SYNC != 'false' && github.repository_owner != 'LoopKit'
+ vars.SCHEDULED_SYNC != 'false' && github.repository_owner != 'LoopKit' && needs.check_latest_from_upstream.outputs.ABORT_SYNC == 'false'
id: sync
uses: aormsby/Fork-Sync-With-Upstream-action@v3.4.1
with:
@@ -190,24 +221,24 @@ jobs:
target_repo_token: ${{ secrets.GH_PAT }}
upstream_sync_branch: ${{ env.UPSTREAM_BRANCH }}
upstream_sync_repo: ${{ env.UPSTREAM_REPO }}
-
+
# Display a sample message based on the sync output var 'has_new_commits'
- name: New commits found
if: |
needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'true'
+ vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'true' && needs.check_latest_from_upstream.outputs.ABORT_SYNC == 'false'
run: echo "New commits were found to sync."
-
+
- name: No new commits
if: |
needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true' &&
- vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'false'
+ vars.SCHEDULED_SYNC != 'false' && steps.sync.outputs.has_new_commits == 'false' && needs.check_latest_from_upstream.outputs.ABORT_SYNC == 'false'
run: echo "There were no new commits."
-
+
- name: Show value of 'has_new_commits'
if: |
needs.check_alive_and_permissions.outputs.WORKFLOW_PERMISSION == 'true'
- && vars.SCHEDULED_SYNC != 'false'
+ && vars.SCHEDULED_SYNC != 'false' && needs.check_latest_from_upstream.outputs.ABORT_SYNC == 'false'
run: |
echo ${{ steps.sync.outputs.has_new_commits }}
echo "NEW_COMMITS=${{ steps.sync.outputs.has_new_commits }}" >> $GITHUB_OUTPUT
@@ -218,7 +249,7 @@ jobs:
token: ${{ secrets.GH_PAT }}
submodules: recursive
ref: ${{ env.TARGET_BRANCH }}
-
+
# Customize Loop: Download and apply patches
- name: Customize Loop
run: |
@@ -233,24 +264,30 @@ jobs:
# Template for customizing submodule Loop (changes Loop app name to "CustomLoop")
# Remove the "#" sign from the beginning of the line below to activate:
#curl https://github.com/loopnlearn/Loop/commit/d206432b024279ef710df462b20bd464cd9682d4.patch | git apply --directory=Loop -v --whitespace=fix
-
+
# Submodule LoopKit patches:
# General template for customizing submodule LoopKit
# Copy url from a GitHub commit or pull request and insert below, and remove the "#" sign from the beginning of the line to activate:
#curl url_to_github_commit.patch | git apply --directory=LoopKit -v --whitespace=fix
-
+
# Submodule xxxxx patches:
# Add patches for customization of additional submodules by following the templates above,
# and make sure to specify the submodule by setting "--directory=(submodule_name)".
# Several patches may be added per submodule.
# Adding comments (#) may be useful to easily tell the individual patches apart.
-
-
+
# Patch Fastlane Match to not print tables
- name: Patch Match Tables
- run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"
-
+ run: |
+ TABLE_PRINTER_PATH=$(ruby -e 'puts Gem::Specification.find_by_name("fastlane").gem_dir')/match/lib/match/table_printer.rb
+ if [ -f "$TABLE_PRINTER_PATH" ]; then
+ sed -i "" "/puts(Terminal::Table.new(params))/d" "$TABLE_PRINTER_PATH"
+ else
+ echo "table_printer.rb not found"
+ exit 1
+ fi
+
# Install project dependencies
- name: Install Project Dependencies
run: bundle install
@@ -258,10 +295,10 @@ jobs:
# Sync the GitHub runner clock with the Windows time server (workaround as suggested in https://github.com/actions/runner/issues/2996)
- name: Sync clock
run: sudo sntp -sS time.windows.com
-
+
# Build signed Loop IPA file
- name: Fastlane Build & Archive
- run: bundle exec fastlane build_loop
+ run: bundle exec fastlane build_loop
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
@@ -269,7 +306,7 @@ jobs:
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
-
+
# Upload to TestFlight
- name: Fastlane upload to TestFlight
run: bundle exec fastlane release
@@ -289,4 +326,4 @@ jobs:
name: build-artifacts
path: |
artifacts
- buildlog
+ buildlog
\ No newline at end of file
diff --git a/.github/workflows/create_certs.yml b/.github/workflows/create_certs.yml
index 90bb4f75b..9c4b51722 100644
--- a/.github/workflows/create_certs.yml
+++ b/.github/workflows/create_certs.yml
@@ -24,8 +24,15 @@ jobs:
# Patch Fastlane Match to not print tables
- name: Patch Match Tables
- run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"
-
+ run: |
+ TABLE_PRINTER_PATH=$(ruby -e 'puts Gem::Specification.find_by_name("fastlane").gem_dir')/match/lib/match/table_printer.rb
+ if [ -f "$TABLE_PRINTER_PATH" ]; then
+ sed -i "" "/puts(Terminal::Table.new(params))/d" "$TABLE_PRINTER_PATH"
+ else
+ echo "table_printer.rb not found"
+ exit 1
+ fi
+
# Install project dependencies
- name: Install Project Dependencies
run: bundle install
diff --git a/.github/workflows/validate_secrets.yml b/.github/workflows/validate_secrets.yml
index 5ad976a01..15562a740 100644
--- a/.github/workflows/validate_secrets.yml
+++ b/.github/workflows/validate_secrets.yml
@@ -16,14 +16,14 @@ jobs:
id: access-token
run: |
# Validate Access Token
-
+
# Ensure that gh exit codes are handled when output is piped.
set -o pipefail
-
+
# Define patterns to validate the access token (GH_PAT) and distinguish between classic and fine-grained tokens.
GH_PAT_CLASSIC_PATTERN='^ghp_[a-zA-Z0-9]{36}$'
GH_PAT_FINE_GRAINED_PATTERN='^github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}$'
-
+
# Validate Access Token (GH_PAT)
if [ -z "$GH_PAT" ]; then
failed=true
@@ -65,12 +65,12 @@ jobs:
echo "has_workflow_permission=true" >> $GITHUB_OUTPUT
fi
fi
-
+
# Exit unsuccessfully if secret validation failed.
if [ $failed ]; then
exit 2
fi
-
+
validate-match-secrets:
name: Match-Secrets
needs: validate-access-token
@@ -81,10 +81,10 @@ jobs:
- name: Validate Match-Secrets
run: |
# Validate Match-Secrets
-
+
# Ensure that gh exit codes are handled when output is piped.
set -o pipefail
-
+
# If a Match-Secrets repository does not exist, attempt to create one.
if ! visibility=$(gh repo view ${{ github.repository_owner }}/Match-Secrets --json visibility | jq --raw-output '.visibility | ascii_downcase'); then
echo "A '${{ github.repository_owner }}/Match-Secrets' repository could not be found using the GH_PAT secret. Attempting to create one..."
@@ -103,12 +103,12 @@ jobs:
else
echo "Found a private '${{ github.repository_owner }}/Match-Secrets' repository to use."
fi
-
+
# Exit unsuccessfully if secret validation failed.
if [ $failed ]; then
exit 2
fi
-
+
validate-fastlane-secrets:
name: Fastlane
needs: [validate-access-token, validate-match-secrets]
@@ -124,18 +124,18 @@ jobs:
steps:
- name: Checkout Repo
uses: actions/checkout@v4
-
+
- name: Install Project Dependencies
run: bundle install
# Sync the GitHub runner clock with the Windows time server (workaround as suggested in https://github.com/actions/runner/issues/2996)
- name: Sync clock
run: sudo sntp -sS time.windows.com
-
+
- name: Validate Fastlane Secrets
run: |
# Validate Fastlane Secrets
-
+
# Validate TEAMID
if [ -z "$TEAMID" ]; then
failed=true
@@ -147,20 +147,20 @@ jobs:
failed=true
echo "::error::The TEAMID secret is set but invalid. Verify that it is set correctly (only uppercase letters and numbers) and try again."
fi
-
+
# Validate MATCH_PASSWORD
if [ -z "$MATCH_PASSWORD" ]; then
failed=true
echo "::error::The MATCH_PASSWORD secret is unset or empty. Set it and try again."
fi
-
+
# Ensure that fastlane exit codes are handled when output is piped.
set -o pipefail
-
+
# Validate FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY
FASTLANE_KEY_ID_PATTERN='^[A-Z0-9]+$'
FASTLANE_ISSUER_ID_PATTERN='^\{?[A-F0-9a-f]{8}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{4}-[A-F0-9a-f]{12}\}?$'
-
+
if [ -z "$FASTLANE_ISSUER_ID" ] || [ -z "$FASTLANE_KEY_ID" ] || [ -z "$FASTLANE_KEY" ]; then
failed=true
[ -z "$FASTLANE_ISSUER_ID" ] && echo "::error::The FASTLANE_ISSUER_ID secret is unset or empty. Set it and try again."
@@ -168,13 +168,13 @@ jobs:
[ -z "$FASTLANE_KEY" ] && echo "::error::The FASTLANE_KEY secret is unset or empty. Set it and try again."
elif [ ${#FASTLANE_KEY_ID} -ne 10 ]; then
failed=true
- echo "::error::The FASTLANE_KEY_ID secret is set but has wrong length. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/api and try again."
+ echo "::error::The FASTLANE_KEY_ID secret is set but has wrong length. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/integrations/api and try again."
elif ! [[ $FASTLANE_KEY_ID =~ $FASTLANE_KEY_ID_PATTERN ]]; then
failed=true
- echo "::error::The FASTLANE_KEY_ID secret is set but invalid. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/api and try again."
+ echo "::error::The FASTLANE_KEY_ID secret is set but invalid. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/integrations/api and try again."
elif ! [[ $FASTLANE_ISSUER_ID =~ $FASTLANE_ISSUER_ID_PATTERN ]]; then
failed=true
- echo "::error::The FASTLANE_ISSUER_ID secret is set but invalid. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/api and try again."
+ echo "::error::The FASTLANE_ISSUER_ID secret is set but invalid. Verify that you copied it correctly from the 'Keys' tab at https://appstoreconnect.apple.com/access/integrations/api and try again."
elif ! echo "$FASTLANE_KEY" | openssl pkcs8 -nocrypt >/dev/null; then
failed=true
echo "::error::The FASTLANE_KEY secret is set but invalid. Verify that you copied it correctly from the API Key file (*.p8) you downloaded and try again."
@@ -190,7 +190,7 @@ jobs:
echo "::error::Unable to create a valid authorization token for the App Store Connect API. Verify that the FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY secrets are set correctly and try again."
fi
fi
-
+
# Exit unsuccessfully if secret validation failed.
if [ $failed ]; then
exit 2