testing higher project version to check how iOS app-store reacts #58
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD | |
on: | |
push: | |
branches: [cd] | |
schedule: | |
- cron: '0 1 * * *' | |
workflow_dispatch: | |
release: | |
types: [published] | |
env: | |
LIBKIWIX_VERSION: "13.0.0" | |
KEYCHAIN: /Users/runner/build.keychain-db | |
KEYCHAIN_PASSWORD: mysecretpassword | |
KEYCHAIN_PROFILE: build-profile | |
SSH_KEY: /tmp/id_rsa | |
APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 | |
jobs: | |
build_and_deploy: | |
strategy: | |
fail-fast: false | |
matrix: | |
destination: | |
- platform: macOS | |
uploadto: dmg | |
- platform: macOS | |
uploadto: app-store | |
- platform: iOS | |
uploadto: ipa | |
xcode_extra: -sdk iphoneos | |
- platform: iOS | |
uploadto: app-store | |
xcode_extra: -sdk iphoneos | |
runs-on: macos-13 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Decide whether building nightly or release | |
env: | |
PLATFORM: ${{ matrix.destination.platform }} | |
UPLOAD_TO: ${{ matrix.destination.uploadto }} | |
EXTRA_XCODEBUILD: ${{ matrix.destination.xcode_extra }} | |
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} | |
APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} | |
APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} | |
shell: python | |
run: | | |
import datetime | |
import os | |
if os.getenv("GITHUB_EVENT_NAME", "") == "release": | |
is_release = True | |
version = os.getenv("GITHUB_REF_NAME") | |
upload_folder = f"release/{version}" | |
else: | |
is_release = False | |
version = str(datetime.date.today()) | |
upload_folder = f"nightly/{version}" | |
export_method = "developer-id" if os.getenv("UPLOAD_TO") == "dmg" else "app-store" | |
extra_xcode = os.getenv("EXTRA_XCODEBUILD", "") | |
if os.getenv("PLATFORM") == "iOS": | |
extra_xcode += f" -authenticationKeyPath {os.getenv('APPLE_STORE_AUTH_KEY_PATH')}" | |
extra_xcode += f" -authenticationKeyID {os.getenv('APPLE_STORE_AUTH_KEY_ID')}" | |
extra_xcode += f" -authenticationKeyIssuerID {os.getenv('APPLE_STORE_AUTH_KEY_ISSUER_ID')}" | |
with open(os.getenv("GITHUB_ENV"), "a") as fh: | |
fh.write(f"VERSION={version}\n") | |
fh.write(f"ISRELEASE={'yes' if is_release else ''}\n") | |
fh.write(f"EXPORT_METHOD={export_method}\n") | |
fh.write(f"UPLOAD_FOLDER={upload_folder}\n") | |
fh.write(f"EXTRA_XCODEBUILD={extra_xcode}\n") | |
- name: Prepare use of Developper ID Certificate | |
if: ${{ matrix.destination.uploadto == 'dmg' }} | |
shell: bash | |
env: | |
APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }} | |
APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }} | |
APPLE_DEVELOPER_ID_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }} | |
run: | | |
echo "SIGNING_CERTIFICATE=${APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" | |
echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" | |
echo "SIGNING_IDENTITY=${APPLE_DEVELOPER_ID_SIGNING_IDENTITY}" >> "$GITHUB_ENV" | |
- name: Prepare use of Apple Development Certificate | |
if: ${{ matrix.destination.uploadto == 'ipa' }} | |
shell: bash | |
env: | |
APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} | |
APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} | |
APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} | |
run: | | |
echo "SIGNING_CERTIFICATE=${APPLE_DEVELOPMENT_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" | |
echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" | |
echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV" | |
- name: Prepare use of Apple Distribution Certificate | |
if: ${{ matrix.destination.uploadto == 'app-store' }} | |
shell: bash | |
env: | |
APPLE_DISTRIBUTION_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} | |
APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} | |
APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} | |
run: | | |
echo "SIGNING_CERTIFICATE=${APPLE_DISTRIBUTION_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" | |
echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" | |
echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV" | |
- name: Add Apple Store Key | |
env: | |
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} | |
APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} | |
shell: bash | |
run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH | |
- name: Build xcarchive | |
uses: ./.github/actions/xcbuild | |
with: | |
action: archive | |
xc-destination: generic/platform=${{ matrix.destination.platform }} | |
upload-to: ${{ matrix.destination.uploadto }} | |
libkiwix-version: ${{ env.LIBKIWIX_VERSION }} | |
version: ${{ env.VERSION }} | |
APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} | |
APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} | |
DEPLOYMENT_SIGNING_CERTIFICATE: ${{ env.SIGNING_CERTIFICATE }} | |
DEPLOYMENT_SIGNING_CERTIFICATE_P12_PASSWORD: ${{ env.SIGNING_CERTIFICATE_P12_PASSWORD }} | |
KEYCHAIN: ${{ env.KEYCHAIN }} | |
KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} | |
KEYCHAIN_PROFILE: ${{ env.KEYCHAIN_PROFILE }} | |
EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} | |
- name: Add altool credentials to Keychain | |
shell: bash | |
env: | |
APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} | |
APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }} | |
APPLE_SIGNING_TEAM: ${{ secrets.APPLE_SIGNING_TEAM }} | |
run: | | |
security find-identity -v $KEYCHAIN | |
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN | |
xcrun notarytool store-credentials \ | |
--apple-id "${APPLE_SIGNING_ALTOOL_USERNAME}" \ | |
--password "${APPLE_SIGNING_ALTOOL_PASSWORD}" \ | |
--team-id "${APPLE_SIGNING_TEAM}" \ | |
--validate \ | |
--keychain $KEYCHAIN \ | |
$KEYCHAIN_PROFILE | |
- name: Prepare export for ${{ env.EXPORT_METHOD }} | |
if: ${{ matrix.destination.uploadto != 'ipa' }} | |
run: | | |
plutil -create xml1 ./export.plist | |
plutil -insert destination -string upload ./export.plist | |
plutil -insert method -string $EXPORT_METHOD ./export.plist | |
- name: Prepare export for IPA | |
if: ${{ matrix.destination.uploadto == 'ipa' }} | |
run: | | |
plutil -create xml1 ./export.plist | |
plutil -insert method -string ad-hoc ./export.plist | |
plutil -insert provisioningProfiles -dictionary ./export.plist | |
plutil -replace provisioningProfiles -json '{ "self.Kiwix" : "iOS Team Provisioning Profile" }' ./export.plist | |
- name: Upload Archive to Apple (App Store or Notarization) | |
env: | |
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} | |
APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} | |
APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} | |
run: xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID | |
- name: Export notarized App from archive | |
if: ${{ matrix.destination.uploadto == 'dmg' }} | |
env: | |
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} | |
APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} | |
APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} | |
run: | | |
set +e | |
attempts=0 | |
retcode=-1 | |
until [[ $retcode -eq 0 ]] | |
do | |
((attempts++)) | |
xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID | |
retcode=$? | |
if [[ $retcode -eq 0 ]] | |
then | |
echo "Export suceedeed" | |
break | |
fi | |
if [[ ! $retcode -eq 65 ]] | |
then | |
echo "Non-65 exit-code, propagating: {$retcode}" | |
return $retcode | |
fi | |
if [[ $attempts -ge 20 ]] | |
then | |
echo "Too many attempts (${attempts}), exiting ${retcode}" | |
return $retcode | |
fi | |
echo "Not notarized ; retrying in a minute" | |
sleep 60 | |
done | |
- name: Create DMG | |
if: ${{ matrix.destination.uploadto == 'dmg' }} | |
run: | | |
pip install dmgbuild | |
dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/Kiwix-$VERSION.dmg | |
- name: Notarize DMG | |
if: ${{ matrix.destination.uploadto == 'dmg' }} | |
run: | | |
xcrun notarytool submit --keychain $KEYCHAIN --keychain-profile $KEYCHAIN_PROFILE --wait $PWD/Kiwix-$VERSION.dmg | |
xcrun stapler staple $PWD/Kiwix-$VERSION.dmg | |
- name: Add SSH_KEY to filesystem | |
shell: bash | |
env: | |
PRIVATE_KEY: ${{ secrets.SSH_KEY }} | |
run: | | |
echo "${PRIVATE_KEY}" > $SSH_KEY | |
chmod 600 $SSH_KEY | |
- name: Upload DMG | |
if: ${{ matrix.destination.uploadto == 'dmg' }} | |
run: python .github/upload_file.py --src ${PWD}/Kiwix-${VERSION}.dmg --dest [email protected]:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} | |
- name: Upload IPA | |
if: ${{ matrix.destination.uploadto == 'ipa' }} | |
run: | | |
mv ${PWD}/export/Kiwix.ipa ${PWD}/export/Kiwix-${VERSION}.ipa | |
python .github/upload_file.py --src ${PWD}/export/Kiwix-${VERSION}.ipa --dest [email protected]:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} |