-
-
Notifications
You must be signed in to change notification settings - Fork 2
188 lines (160 loc) · 7.27 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
name: Publish Custom App
on:
release:
types: [published]
branches:
- main
# taken from: kiwix/apple .github/workflows/cd.yml
env:
KEYCHAIN: /Users/runner/build.keychain-db
KEYCHAIN_PASSWORD: mysecretpassword
KEYCHAIN_PROFILE: build-profile
SSH_KEY: /tmp/id_rsa
APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8
jobs:
generate_build_deploy:
runs-on: macos-13
strategy:
fail-fast: false
matrix:
destination:
- platform: macOS
- platform: iOS
xcode_extra: -sdk iphoneos
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
path: custom
- name: Set tag variable as an output
id: vars
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
- name: Validate tag
run:
|
cd custom
python src/tag_validator.py ${{ steps.vars.outputs.tag }}
cd ..
- name: Check-out kiwix/apple
uses: actions/checkout@v4
with:
repository: kiwix/apple
path: apple
ref: feature/build-optional-dependency-resolve
- name: Install Python dependencies for custom project generation
run: python -m pip install pyyaml
- name: Install Kiwix dependencies
run:
|
# cd apple
# brew bundle
# cd ..
brew install xcodegen
- name: Generate project based on tag
env:
DWDS_HTTP_BASIC_ACCESS_AUTHENTICATION: ${{ secrets.DWDS_HTTP_BASIC_ACCESS_AUTHENTICATION }}
run:
|
# move the custom files under the same folder as the kiwix repo
mv custom/ apple/
cd apple/custom
# make a custom copy of the Info.plist file
cp ../Support/Info.plist Custom.plist
python src/tag_validator.py ${{ steps.vars.outputs.tag }} | python src/generate_and_download.py
# move the custom project file to the main folder
mv custom_project.yml ../
cd ..
# run xcodegen on our custom project
xcodegen -s custom_project.yml
ls -la
- name: Set up scheme, version, build_number from files
run: |
# move the checked out github actions to root folder:
mv apple/.github/ .
BRAND=$(<./apple/custom/.brand_name)
echo "BRAND=$BRAND" >> $GITHUB_ENV
VERSION=$(<./apple/custom/.version_number)
echo "VERSION=$VERSION" >> $GITHUB_ENV
# taken from: kiwix/apple .github/workflows/cd.yml
- name: Set up variables for build
env:
PLATFORM: ${{ matrix.destination.platform }}
UPLOAD_TO: app-store
EXTRA_XCODEBUILD: ${{ matrix.destination.xcode_extra }}
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }}
APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }}
APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}
shell: python
run: |
import os
extra_xcode = os.getenv("EXTRA_XCODEBUILD", "")
if os.getenv("PLATFORM") == "iOS":
extra_xcode += f" -authenticationKeyPath {os.getenv('APPLE_STORE_AUTH_KEY_PATH')}"
extra_xcode += f" -authenticationKeyID {os.getenv('APPLE_STORE_AUTH_KEY_ID')}"
extra_xcode += f" -authenticationKeyIssuerID {os.getenv('APPLE_STORE_AUTH_KEY_ISSUER_ID')}"
with open(os.getenv("GITHUB_ENV"), "a") as fh:
fh.write(f"EXPORT_METHOD={'app-store'}\n")
fh.write(f"EXTRA_XCODEBUILD={extra_xcode}\n")
- name: Prepare use of Apple Distribution Certificate
shell: bash
env:
APPLE_DISTRIBUTION_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }}
APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }}
APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }}
run: |
echo "SIGNING_CERTIFICATE=${APPLE_DISTRIBUTION_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV"
echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV"
echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV"
- name: Add Apple Store Key
env:
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }}
APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }}
shell: bash
run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH
- name: Build xcarchive
uses: ./.github/actions/xcbuild
with:
action: archive
xc-destination: generic/platform=${{ matrix.destination.platform }}
upload-to: "app-store"
# custom app specific
version: ${{ env.VERSION }}
XC_SCHEME: ${{ env.BRAND }}
DOWNLOAD_DEPENDENCIES: false
XC_WORKSPACE: apple/Kiwix.xcodeproj/project.xcworkspace/
# eof custom app specific
APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}
APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}
DEPLOYMENT_SIGNING_CERTIFICATE: ${{ env.SIGNING_CERTIFICATE }}
DEPLOYMENT_SIGNING_CERTIFICATE_P12_PASSWORD: ${{ env.SIGNING_CERTIFICATE_P12_PASSWORD }}
KEYCHAIN: ${{ env.KEYCHAIN }}
KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }}
KEYCHAIN_PROFILE: ${{ env.KEYCHAIN_PROFILE }}
EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }}
- name: Add altool credentials to Keychain
shell: bash
env:
APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}
APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}
APPLE_SIGNING_TEAM: ${{ secrets.APPLE_SIGNING_TEAM }}
run: |
security find-identity -v $KEYCHAIN
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
xcrun notarytool store-credentials \
--apple-id "${APPLE_SIGNING_ALTOOL_USERNAME}" \
--password "${APPLE_SIGNING_ALTOOL_PASSWORD}" \
--team-id "${APPLE_SIGNING_TEAM}" \
--validate \
--keychain $KEYCHAIN \
$KEYCHAIN_PROFILE
- name: Prepare export for ${{ env.EXPORT_METHOD }}
run: |
plutil -create xml1 ./export.plist
plutil -insert destination -string upload ./export.plist
plutil -insert method -string $EXPORT_METHOD ./export.plist
# - name: Upload Archive to Apple (App Store or Notarization)
# env:
# APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }}
# APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }}
# APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}
# run: xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID