Merge pull request #262 from bcgov/feature/app-store-cert-github-acti… #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: [ "master" ] | |
jobs: | |
build-ios: | |
name: Build and sign ios | |
runs-on: macos-latest | |
env: | |
PROJECT: ${{ 'invasivesbc-mussels.iOS.xcworkspace' }} | |
SCHEME: ${{ 'invasivesbc-mussels.iOS' }} | |
DATA_DIR: ${{ 'xcbuild' }} | |
ARCHIVE_NAME: ${{ 'invasivesbc-mussels.iOS.xcarchive' }} | |
EXPORT_DIR: ${{ 'export' }} | |
IPA_NAME: ${{ 'invasivesbc-mussels.iOS.ipa' }} | |
steps: | |
- name: Increase build | |
env: | |
GITHUB_RUN_NUMBER: ${{ github.run_number }} | |
run: | | |
echo "GITHUB_RUN_NUMBER_WITH_OFFSET=$(($GITHUB_RUN_NUMBER+383))" >> $GITHUB_ENV | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Display XCode Path for debug | |
run: | | |
xcode-select -p | |
- name: Cache Pods | |
uses: actions/cache@v3 | |
with: | |
path: ios/Pods | |
key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }} | |
restore-keys: | | |
${{ runner.os }}-pods- | |
- name: CocoaPod Install | |
run: pod install | |
# from https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development | |
- name: Install the Apple certificate and provisioning profile | |
env: | |
# The first two keys are from the bcgov organization secrets | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_PASSWD }} | |
# These two keys are from your app's repo secrets | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISION_PROFILE_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Increment Build No. | |
env: | |
BUILD_NO: ${{ env.GITHUB_RUN_NUMBER_WITH_OFFSET }} | |
run: | | |
# Set Build Number. Not worrying about storing to repo. | |
agvtool new-version -all ${BUILD_NO} | |
- name: Build For Release | |
run: | | |
xcodebuild \ | |
-workspace ipad.xcworkspace \ | |
-scheme ipad \ | |
-configuration Release \ | |
-sdk iphoneos \ | |
-derivedDataPath $DATA_DIR \ | |
-archivePath ${DATA_DIR}/${ARCHIVE_NAME} \ | |
archive | |
- name: Export Archive | |
# This is the step that signs the build | |
run: | | |
xcodebuild \ | |
-exportArchive \ | |
-archivePath ${DATA_DIR}/${ARCHIVE_NAME} \ | |
-exportPath $EXPORT_DIR \ | |
-exportOptionsPlist exportOptions.plist \ | |
-verbose | |
- name: Upload a Build Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ios-release | |
path: ${{ env.EXPORT_DIR }} | |
if-no-files-found: error | |
retention-days: 5 |