Skip to content

Merge pull request #262 from bcgov/feature/app-store-cert-github-acti… #6

Merge pull request #262 from bcgov/feature/app-store-cert-github-acti…

Merge pull request #262 from bcgov/feature/app-store-cert-github-acti… #6

Workflow file for this run

name: Build
on:
push:
branches: [ "master" ]
jobs:
build-ios:
name: Build and sign ios
runs-on: macos-latest
env:
PROJECT: ${{ 'invasivesbc-mussels.iOS.xcworkspace' }}
SCHEME: ${{ 'invasivesbc-mussels.iOS' }}
DATA_DIR: ${{ 'xcbuild' }}
ARCHIVE_NAME: ${{ 'invasivesbc-mussels.iOS.xcarchive' }}
EXPORT_DIR: ${{ 'export' }}
IPA_NAME: ${{ 'invasivesbc-mussels.iOS.ipa' }}
steps:
- name: Increase build
env:
GITHUB_RUN_NUMBER: ${{ github.run_number }}
run: |
echo "GITHUB_RUN_NUMBER_WITH_OFFSET=$(($GITHUB_RUN_NUMBER+383))" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v3
- name: Display XCode Path for debug
run: |
xcode-select -p
- name: Cache Pods
uses: actions/cache@v3
with:
path: ios/Pods
key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }}
restore-keys: |
${{ runner.os }}-pods-
- name: CocoaPod Install
run: pod install
# from https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
- name: Install the Apple certificate and provisioning profile
env:
# The first two keys are from the bcgov organization secrets
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_PASSWD }}
# These two keys are from your app's repo secrets
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Increment Build No.
env:
BUILD_NO: ${{ env.GITHUB_RUN_NUMBER_WITH_OFFSET }}
run: |
# Set Build Number. Not worrying about storing to repo.
agvtool new-version -all ${BUILD_NO}
- name: Build For Release
run: |
xcodebuild \
-workspace ipad.xcworkspace \
-scheme ipad \
-configuration Release \
-sdk iphoneos \
-derivedDataPath $DATA_DIR \
-archivePath ${DATA_DIR}/${ARCHIVE_NAME} \
archive
- name: Export Archive
# This is the step that signs the build
run: |
xcodebuild \
-exportArchive \
-archivePath ${DATA_DIR}/${ARCHIVE_NAME} \
-exportPath $EXPORT_DIR \
-exportOptionsPlist exportOptions.plist \
-verbose
- name: Upload a Build Artifact
uses: actions/upload-artifact@v3
with:
name: ios-release
path: ${{ env.EXPORT_DIR }}
if-no-files-found: error
retention-days: 5