Publish Custom App #23
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Custom App | |
| on: | |
| release: | |
| types: [published] | |
| branches: | |
| - main | |
| # taken from: kiwix/apple .github/workflows/cd.yml | |
| env: | |
| KEYCHAIN: /Users/runner/build.keychain-db | |
| KEYCHAIN_PASSWORD: mysecretpassword | |
| KEYCHAIN_PROFILE: build-profile | |
| SSH_KEY: /tmp/id_rsa | |
| APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 | |
| jobs: | |
| generate_build_deploy: | |
| runs-on: macos-13 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| destination: | |
| - platform: macOS | |
| - platform: iOS | |
| xcode_extra: -sdk iphoneos | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| path: custom | |
| - name: Set tag variable as an output | |
| id: vars | |
| run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT | |
| - name: Validate tag | |
| run: | |
| | | |
| cd custom | |
| python src/tag_validator.py ${{ steps.vars.outputs.tag }} | |
| cd .. | |
| - name: Check-out kiwix/apple | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: kiwix/apple | |
| path: apple | |
| ref: feature/build-optional-dependency-resolve | |
| - name: Install Python dependencies for custom project generation | |
| run: python -m pip install pyyaml | |
| - name: Install Kiwix dependencies | |
| run: | |
| | | |
| # cd apple | |
| # brew bundle | |
| # cd .. | |
| brew install xcodegen | |
| - name: Generate project based on tag | |
| env: | |
| DWDS_HTTP_BASIC_ACCESS_AUTHENTICATION: ${{ secrets.DWDS_HTTP_BASIC_ACCESS_AUTHENTICATION }} | |
| run: | |
| | | |
| # move the custom files under the same folder as the kiwix repo | |
| mv custom/ apple/ | |
| cd apple/custom | |
| # make a custom copy of the Info.plist file | |
| cp ../Support/Info.plist Custom.plist | |
| python src/tag_validator.py ${{ steps.vars.outputs.tag }} | python src/generate_and_download.py | |
| # move the custom project file to the main folder | |
| mv custom_project.yml ../ | |
| cd .. | |
| # run xcodegen on our custom project | |
| xcodegen -s custom_project.yml | |
| ls -la | |
| - name: Set up scheme, version, build_number from files | |
| run: | | |
| cd apple | |
| BRAND=$(<./custom/.brand_name) | |
| echo "BRAND=$BRAND" >> $GITHUB_ENV | |
| VERSION=$(<./custom/.version_number) | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| # taken from: kiwix/apple .github/workflows/cd.yml | |
| - name: Set up variables for build | |
| env: | |
| PLATFORM: ${{ matrix.destination.platform }} | |
| UPLOAD_TO: app-store | |
| EXTRA_XCODEBUILD: ${{ matrix.destination.xcode_extra }} | |
| APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} | |
| APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} | |
| APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} | |
| shell: python | |
| run: | | |
| import os | |
| extra_xcode = os.getenv("EXTRA_XCODEBUILD", "") | |
| if os.getenv("PLATFORM") == "iOS": | |
| extra_xcode += f" -authenticationKeyPath {os.getenv('APPLE_STORE_AUTH_KEY_PATH')}" | |
| extra_xcode += f" -authenticationKeyID {os.getenv('APPLE_STORE_AUTH_KEY_ID')}" | |
| extra_xcode += f" -authenticationKeyIssuerID {os.getenv('APPLE_STORE_AUTH_KEY_ISSUER_ID')}" | |
| with open(os.getenv("GITHUB_ENV"), "a") as fh: | |
| fh.write(f"EXPORT_METHOD={'app-store'}\n") | |
| fh.write(f"EXTRA_XCODEBUILD={extra_xcode}\n") | |
| - name: Prepare use of Apple Distribution Certificate | |
| shell: bash | |
| env: | |
| APPLE_DISTRIBUTION_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} | |
| APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} | |
| APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} | |
| run: | | |
| echo "SIGNING_CERTIFICATE=${APPLE_DISTRIBUTION_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" | |
| echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" | |
| echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV" | |
| - name: Add Apple Store Key | |
| env: | |
| APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} | |
| APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} | |
| shell: bash | |
| run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH | |
| - name: Build xcarchive | |
| uses: ./apple/custom/.github/actions/xcbuild | |
| with: | |
| action: archive | |
| xc-destination: generic/platform=${{ matrix.destination.platform }} | |
| upload-to: "app-store" | |
| # custom app specific | |
| version: ${{ env.VERSION }} | |
| XC_SCHEME: ${{ env.BRAND }} | |
| DOWNLOAD_DEPENDENCIES: false | |
| # eof custom app specific | |
| APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} | |
| APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} | |
| DEPLOYMENT_SIGNING_CERTIFICATE: ${{ env.SIGNING_CERTIFICATE }} | |
| DEPLOYMENT_SIGNING_CERTIFICATE_P12_PASSWORD: ${{ env.SIGNING_CERTIFICATE_P12_PASSWORD }} | |
| KEYCHAIN: ${{ env.KEYCHAIN }} | |
| KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} | |
| KEYCHAIN_PROFILE: ${{ env.KEYCHAIN_PROFILE }} | |
| EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} | |
| - name: Add altool credentials to Keychain | |
| shell: bash | |
| env: | |
| APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} | |
| APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }} | |
| APPLE_SIGNING_TEAM: ${{ secrets.APPLE_SIGNING_TEAM }} | |
| run: | | |
| security find-identity -v $KEYCHAIN | |
| security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN | |
| xcrun notarytool store-credentials \ | |
| --apple-id "${APPLE_SIGNING_ALTOOL_USERNAME}" \ | |
| --password "${APPLE_SIGNING_ALTOOL_PASSWORD}" \ | |
| --team-id "${APPLE_SIGNING_TEAM}" \ | |
| --validate \ | |
| --keychain $KEYCHAIN \ | |
| $KEYCHAIN_PROFILE | |
| - name: Prepare export for ${{ env.EXPORT_METHOD }} | |
| run: | | |
| plutil -create xml1 ./export.plist | |
| plutil -insert destination -string upload ./export.plist | |
| plutil -insert method -string $EXPORT_METHOD ./export.plist | |
| # - name: Upload Archive to Apple (App Store or Notarization) | |
| # env: | |
| # APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} | |
| # APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} | |
| # APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} | |
| # run: xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID |