Skip to content

wikimed_2023.12.3

wikimed_2023.12.3 #38

Workflow file for this run

name: Publish Custom App
on:
release:
types: [published]
branches:
- main
# taken from: kiwix/apple .github/workflows/cd.yml
env:
KEYCHAIN: /Users/runner/build.keychain-db
KEYCHAIN_PASSWORD: mysecretpassword
KEYCHAIN_PROFILE: build-profile
SSH_KEY: /tmp/id_rsa
APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8
jobs:
generate_build_deploy:
strategy:
fail-fast: false
matrix:
destination:
- platform: macOS
- platform: iOS
xcode_extra: -sdk iphoneos
runs-on: macos-13
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
path: custom
- name: Set tag variable as an output
id: vars
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
- name: Validate tag
run:
|
cd custom
python src/tag_validator.py ${{ steps.vars.outputs.tag }}
cd ..
- name: Check-out kiwix/apple
uses: actions/checkout@v4
with:
repository: kiwix/apple
path: apple
- name: Install Python dependencies for custom project generation
run: python -m pip install pyyaml
- name: Install Kiwix dependencies
run:
|
cd apple
brew bundle
cd ..
- name: Generate project based on tag
env:
DWDS_HTTP_BASIC_ACCESS_AUTHENTICATION: ${{ secrets.DWDS_HTTP_BASIC_ACCESS_AUTHENTICATION }}
run:
|
# move the custom files under the same folder as the kiwix repo
mv custom/ apple/
cd apple/custom
# make a custom copy of the Info.plist file
cp ../Support/Info.plist Custom.plist
python src/tag_validator.py ${{ steps.vars.outputs.tag }}
python src/generate_and_download.py
# move the custom project file to the main folder
mv custom_project.yml ../
cd ..
# run xcodegen on our custom project
xcodegen -s custom_project.yml
ls -la
- name: Set up scheme, version, build_number from files
run: |
# move the checked out github actions to root folder:
mv apple/.github/ .
BRAND=$(<./apple/custom/.brand_name)
echo "BRAND=$BRAND" >> $GITHUB_ENV
VERSION=$(<./apple/custom/.version_number)
echo "VERSION=$VERSION" >> $GITHUB_ENV
# taken from: kiwix/apple .github/workflows/cd.yml
- name: Set up variables for build
env:
PLATFORM: ${{ matrix.destination.platform }}
UPLOAD_TO: app-store
EXTRA_XCODEBUILD: ${{ matrix.destination.xcode_extra }}
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }}
APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }}
APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}
shell: python
run: |
import os
extra_xcode = os.getenv("EXTRA_XCODEBUILD", "")
if os.getenv("PLATFORM") == "iOS":
extra_xcode += f" -authenticationKeyPath {os.getenv('APPLE_STORE_AUTH_KEY_PATH')}"
extra_xcode += f" -authenticationKeyID {os.getenv('APPLE_STORE_AUTH_KEY_ID')}"
extra_xcode += f" -authenticationKeyIssuerID {os.getenv('APPLE_STORE_AUTH_KEY_ISSUER_ID')}"
with open(os.getenv("GITHUB_ENV"), "a") as fh:
fh.write(f"EXPORT_METHOD={'app-store'}\n")
fh.write(f"EXTRA_XCODEBUILD={extra_xcode}\n")
- name: Prepare use of Apple Distribution Certificate
shell: bash
env:
APPLE_DISTRIBUTION_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }}
APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }}
APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }}
run: |
echo "SIGNING_CERTIFICATE=${APPLE_DISTRIBUTION_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV"
echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV"
echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV"
- name: Add Apple Store Key
env:
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }}
APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }}
shell: bash
run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH
- name: Build xcarchive
uses: ./.github/actions/xcbuild
with:
action: archive
xc-destination: generic/platform=${{ matrix.destination.platform }}
upload-to: "app-store"
# custom app specific
version: ${{ env.VERSION }}
XC_SCHEME: ${{ env.BRAND }}
DOWNLOAD_DEPENDENCIES: false
XC_WORKSPACE: apple/Kiwix.xcodeproj/project.xcworkspace/
# eof custom app specific
APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}
APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}
DEPLOYMENT_SIGNING_CERTIFICATE: ${{ env.SIGNING_CERTIFICATE }}
DEPLOYMENT_SIGNING_CERTIFICATE_P12_PASSWORD: ${{ env.SIGNING_CERTIFICATE_P12_PASSWORD }}
KEYCHAIN: ${{ env.KEYCHAIN }}
KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }}
KEYCHAIN_PROFILE: ${{ env.KEYCHAIN_PROFILE }}
EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }}
- name: Add altool credentials to Keychain
shell: bash
env:
APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}
APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}
APPLE_SIGNING_TEAM: ${{ secrets.APPLE_SIGNING_TEAM }}
run: |
security find-identity -v $KEYCHAIN
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
xcrun notarytool store-credentials \
--apple-id "${APPLE_SIGNING_ALTOOL_USERNAME}" \
--password "${APPLE_SIGNING_ALTOOL_PASSWORD}" \
--team-id "${APPLE_SIGNING_TEAM}" \
--validate \
--keychain $KEYCHAIN \
$KEYCHAIN_PROFILE
- name: Prepare export for ${{ env.EXPORT_METHOD }}
run: |
plutil -create xml1 ./export.plist
plutil -insert destination -string upload ./export.plist
plutil -insert method -string $EXPORT_METHOD ./export.plist
- name: Upload Archive to Apple (App Store or Notarization)
env:
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }}
APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }}
APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}
run: xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID