diff --git a/.github/workflows/ios_ci.yml b/.github/workflows/ios_ci.yml index 70ac441d0..b69655d18 100644 --- a/.github/workflows/ios_ci.yml +++ b/.github/workflows/ios_ci.yml @@ -1,74 +1,69 @@ name: iOS Build CI on: push: branches: - master - 'debugci/*' paths-ignore: - 'landing/**' - 'web/**' - 'docs/**' - 'keyserver/**' - 'desktop/**' env: DEVELOPER_DIR: /Applications/Xcode_15.0.app/Contents/Developer jobs: build: name: Build and archive iOS app runs-on: macos-13 steps: - name: Checkout uses: actions/checkout@v3 - name: Install Developer certificate env: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | # create variables CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db # import certificate from secrets echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security create-keychain -p "123456" $KEYCHAIN_PATH security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security unlock-keychain -p "123456" $KEYCHAIN_PATH # import certificate to keychain security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH - name: brew install protobuf run: brew install protobuf - name: yarn ci-cleaninstall run: yarn ci-cleaninstall - name: Save auth_key to file working-directory: ./native/ios env: AUTH_KEY: ${{secrets.AUTH_KEY}} run: echo "$AUTH_KEY" > AUTH_KEY.p8 - name: Archive working-directory: ./native/ios env: AUTH_KEY_ID: ${{secrets.AUTH_KEY_ID}} AUTH_KEY_ISSUER_ID: ${{secrets.AUTH_KEY_ISSUER_ID}} run: xcodebuild archive -workspace Comm.xcworkspace -scheme Comm -configuration Release -archivePath archives/Comm.xcarchive -destination generic/platform=iOS -allowProvisioningUpdates -authenticationKeyIssuerID "$AUTH_KEY_ISSUER_ID" -authenticationKeyID "$AUTH_KEY_ID" -authenticationKeyPath $PWD/AUTH_KEY.p8 - - name: Clean up keychain - if: ${{ always() }} - run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db - - name: Set up tmate session if: failure() && startsWith(github.ref, 'refs/heads/debugci/') uses: mxschmitt/action-tmate@v3 diff --git a/.github/workflows/ios_release.yml b/.github/workflows/ios_release.yml index 96291aeba..5e2554917 100644 --- a/.github/workflows/ios_release.yml +++ b/.github/workflows/ios_release.yml @@ -1,83 +1,78 @@ name: iOS Build/Archive/Upload to AppStore Connect on: push: tags: - mobile-** env: DEVELOPER_DIR: /Applications/Xcode_15.0.app/Contents/Developer jobs: build: name: Build, archive, and upload iOS app runs-on: macos-13 steps: - name: Checkout uses: actions/checkout@v3 - name: Install Developer certificate env: BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} P12_PASSWORD: ${{ secrets.P12_PASSWORD }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | # create variables CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db # import certificate from secrets echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security create-keychain -p "123456" $KEYCHAIN_PATH security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security unlock-keychain -p "123456" $KEYCHAIN_PATH # import certificate to keychain security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH - name: brew install protobuf run: brew install protobuf - name: yarn ci-cleaninstall run: yarn ci-cleaninstall - name: Save ALCHEMY_API_KEY to file working-directory: ./native env: ALCHEMY_API_KEY: ${{secrets.ALCHEMY_API_KEY}} run: mkdir -p facts && echo '{"key":"'"$ALCHEMY_API_KEY"'"}' > facts/alchemy.json - name: Save auth_key to file working-directory: ./native/ios env: AUTH_KEY: ${{secrets.AUTH_KEY}} run: echo "$AUTH_KEY" > AUTH_KEY.p8 - name: Archive working-directory: ./native/ios env: AUTH_KEY_ID: ${{secrets.AUTH_KEY_ID}} AUTH_KEY_ISSUER_ID: ${{secrets.AUTH_KEY_ISSUER_ID}} run: xcodebuild archive -workspace Comm.xcworkspace -scheme Comm -configuration Release -archivePath archives/Comm.xcarchive -destination generic/platform=iOS -allowProvisioningUpdates -authenticationKeyIssuerID "$AUTH_KEY_ISSUER_ID" -authenticationKeyID "$AUTH_KEY_ID" -authenticationKeyPath $PWD/AUTH_KEY.p8 - name: Export IPA working-directory: ./native/ios env: AUTH_KEY_ID: ${{secrets.AUTH_KEY_ID}} AUTH_KEY_ISSUER_ID: ${{secrets.AUTH_KEY_ISSUER_ID}} run: xcodebuild -exportArchive -archivePath archives/Comm.xcarchive -exportOptionsPlist exportOptions.plist -exportPath output -allowProvisioningUpdates -authenticationKeyIssuerID "$AUTH_KEY_ISSUER_ID" -authenticationKeyID "$AUTH_KEY_ID" -authenticationKeyPath $PWD/AUTH_KEY.p8 - name: Upload IPA to TestFlight working-directory: ./native/ios env: APPLE_USER_NAME: ${{secrets.APPLE_USER_NAME}} APPLE_APP_SPECIFIC_PASSWORD: ${{secrets.APPLE_APP_SPECIFIC_PASSWORD}} run: xcrun altool --upload-app --type ios --file output/Comm.ipa --username "$APPLE_USER_NAME" --password "$APPLE_APP_SPECIFIC_PASSWORD" - - - name: Clean up keychain - if: ${{ always() }} - run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db diff --git a/.github/workflows/macos_ci.yml b/.github/workflows/macos_ci.yml index 4d4dff4c1..7687f4566 100644 --- a/.github/workflows/macos_ci.yml +++ b/.github/workflows/macos_ci.yml @@ -1,74 +1,69 @@ name: macOS Build CI on: workflow_call: push: branches: [master] paths-ignore: - 'landing/**' - 'docs/**' - 'keyserver/**' - 'native/**' - 'shared/**' jobs: build: name: Build macOS app runs-on: macos-13 steps: - name: Checkout uses: actions/checkout@v3 - name: Install Developer certificate env: MACOS_BUILD_CERTIFICATE_BASE64: ${{ secrets.MACOS_BUILD_CERTIFICATE_BASE64 }} MACOS_BUILD_P12_PASSWORD: ${{ secrets.MACOS_BUILD_P12_PASSWORD }} MACOS_PROVISIONPROFILE_BASE64: ${{ secrets.MACOS_PROVISIONPROFILE_BASE64 }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} run: | # create variables CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db PROVISIONPROFILE_PATH=$GITHUB_WORKSPACE/desktop/macOS_App_Provisioning_Profile.provisionprofile # import certificate from secrets echo -n "$MACOS_BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security create-keychain -p "123456" $KEYCHAIN_PATH security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security unlock-keychain -p "123456" $KEYCHAIN_PATH # import certificate to keychain security import $CERTIFICATE_PATH -P "$MACOS_BUILD_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH security list-keychain -d user -s $KEYCHAIN_PATH # import provisioning profile from secrets echo -n "$MACOS_PROVISIONPROFILE_BASE64" | base64 --decode -o $PROVISIONPROFILE_PATH - name: sudo ./install_protobuf.sh working-directory: ./scripts run: sudo ./install_protobuf.sh - name: yarn ci-cleaninstall run: yarn ci-cleaninstall - name: Build App env: APPLE_USER_NAME: ${{secrets.APPLE_USER_NAME}} APPLE_APP_SPECIFIC_PASSWORD: ${{secrets.APPLE_APP_SPECIFIC_PASSWORD}} TEAM_ID: ${{secrets.TEAM_ID}} working-directory: './desktop' run: yarn make --arch universal - - name: Clean up keychain - if: ${{ always() }} - run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db - - name: Upload Artifact uses: actions/upload-artifact@v3 with: name: macos-artifacts path: ./desktop/out/make/**/* if-no-files-found: error retention-days: 1