-
Notifications
You must be signed in to change notification settings - Fork 12
157 lines (144 loc) · 8.61 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: RIA DigiDoc iOS
on: [push, pull_request]
env:
BUILD_NUMBER: ${{ github.run_number }}
jobs:
macos:
name: Build on macOS
if: contains(github.repository, 'open-eid/MOPP-iOS') && contains(github.ref, 'master')
runs-on: macos-latest
strategy:
matrix:
xcode:
- 14.3
platform:
- iOS
env:
DEFAULT_CENTRAL_CONFIGURATION_URL: "https://id.eesti.ee"
DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL: 4
DEFAULT_CENTRAL_CONFIGURATION_TSL_URL: "https://ec.europa.eu/tools/lotl/eu-lotl.xml"
TEMP_KEYCHAIN_PATH: "$RUNNER_TEMP/ios-github-actions.keychain-db"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Download Libdigidocpp iOS artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: build.yml
branch: master
name: ios
path: libdigidocpp-ios
repo: open-eid/libdigidocpp
- name: Download Libdigidocpp iOS Simulator artifact
uses: dawidd6/action-download-artifact@v2
with:
workflow: build.yml
branch: master
name: iossimulator
path: libdigidocpp-ios-simulator
repo: open-eid/libdigidocpp
- name: Extract libdigidocpp artifacts
run: |
unzip -o libdigidocpp-ios/libdigidocpp.ios.zip -d libdigidocpp.ios
unzip -o libdigidocpp-ios-simulator/libdigidocpp.iossimulator.zip -d libdigidocpp.iphonesimulator
- name: Update libdigidocpp in project
run: |
export LIBDIGIDOCPP_PATH=${{ github.workspace }}/MoppLib/MoppLib/libdigidocpp
export LIBDIGIDOCPP_TESTENV_PATH=${{ github.workspace }}/MoppLib/MoppLib/libdigidocpp_testenv
rm -rf $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos && mkdir $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos && cp -r ${{ github.workspace }}/libdigidocpp.ios/libdigidocpp.iphoneos/ $LIBDIGIDOCPP_PATH/libdigidocpp.iphoneos/
rm -rf $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator && mkdir $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator && cp -r ${{ github.workspace }}/libdigidocpp.iphonesimulator/libdigidocpp.iphonesimulator/* $LIBDIGIDOCPP_PATH/libdigidocpp.iphonesimulator/
rm -rf $LIBDIGIDOCPP_TESTENV_PATH/libdigidocpp.iphoneos && mkdir $LIBDIGIDOCPP_TESTENV_PATH/libdigidocpp.iphoneos && cp -r ${{ github.workspace }}/libdigidocpp.ios/libdigidocpp.iphoneos/* $LIBDIGIDOCPP_TESTENV_PATH/libdigidocpp.iphoneos/
rm -rf $LIBDIGIDOCPP_TESTENV_PATH/libdigidocpp.iphonesimulator && mkdir $LIBDIGIDOCPP_TESTENV_PATH/libdigidocpp.iphonesimulator && cp -r ${{ github.workspace }}/libdigidocpp.iphonesimulator/libdigidocpp.iphonesimulator/* $LIBDIGIDOCPP_TESTENV_PATH/libdigidocpp.iphonesimulator/
- name: Install the Apple certificate and provisioning profiles
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
# Create variables
CERTIFICATE_P12_PATH=$RUNNER_TEMP/Certificate_iOS_Github_Actions.p12
MOBILEPROVISIONING_PATH=$RUNNER_TEMP/MobileProvisioning_iOS_Github_Actions.mobileprovision
MOBILEPROVISIONING_SHARE_EXTENSION_PATH=$RUNNER_TEMP/MobileProvisioningShareExtension_iOS_Github_Actions.mobileprovision
# Import certificate and provisioning profile from Github secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_P12_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $MOBILEPROVISIONING_PATH
echo -n "$BUILD_PROVISION_PROFILE_SHARE_EXTENSION_BASE64" | base64 --decode --output $MOBILEPROVISIONING_SHARE_EXTENSION_PATH
# Create temporary keychain
security create-keychain -p "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $TEMP_KEYCHAIN_PATH
security unlock-keychain -p "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH
security set-keychain-settings -lut 900
# Import certificate to temporary keychain
security import $CERTIFICATE_P12_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $TEMP_KEYCHAIN_PATH
security list-keychain -d user -s $TEMP_KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -s -k "$TEMP_KEYCHAIN_PASSWORD" $TEMP_KEYCHAIN_PATH
# Apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $MOBILEPROVISIONING_PATH ~/Library/MobileDevice/Provisioning\ Profiles
cp $MOBILEPROVISIONING_SHARE_EXTENSION_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Setup environment
env:
GOOGLE_SERVICES_PLIST: ${{ secrets.GOOGLE_SERVICES_PLIST }}
run: |
export LANG=en_US.UTF-8
cd ${{ github.workspace }}/CryptoLib/CryptoLib/cdocFramework/cdoc.framework/
lipo -info cdoc | grep -q 'x86_64' && lipo -remove x86_64 cdoc -o cdoc
cd ${{ github.workspace }}/MoppApp
echo -n "$GOOGLE_SERVICES_PLIST" | base64 --decode --output "GoogleService-Info.plist"
echo "APP_VERSION=$('/usr/bin/xcodebuild' -showBuildSettings | grep MARKETING_VERSION | tr -d 'MARKETING_VERSION =')" >> $GITHUB_ENV
- name: Setup CocoaPods
uses: maxim-lobanov/setup-cocoapods@v1
with:
podfile-path: ${{ github.workspace }}/MoppApp/Podfile.lock
- name: Install dependencies
run: |
cd ${{ github.workspace }}/MoppApp
pod install
- name: Build and Archive
env:
APP_PROVISIONING_PROFILE_UUID: ${{ secrets.APP_PROVISIONING_PROFILE_UUID }}
SHARE_EXTENSION_PROVISIONING_PROFILE_UUID: ${{ secrets.SHARE_EXTENSION_PROVISIONING_PROFILE_UUID }}
run: |
cd ${{ github.workspace }}/MoppApp
xcodebuild archive -workspace MoppApp.xcworkspace -scheme MoppApp -configuration Release -archivePath "${{ github.workspace }}/MoppApp/build/DigiDoc.xcarchive" -allowProvisioningUpdates APP_PROVISIONING_PROFILE="$APP_PROVISIONING_PROFILE_UUID" SHARE_EXTENSION_PROVISIONING_PROFILE="$SHARE_EXTENSION_PROVISIONING_PROFILE_UUID" CODE_SIGN_IDENTITY="Apple Distribution"
- name: Export
env:
EXPORT_OPTIONS_PLIST: ${{ secrets.EXPORT_OPTIONS_PLIST }}
run: |
cd ${{ github.workspace }}/MoppApp
echo -n "$EXPORT_OPTIONS_PLIST" | base64 --decode --output "ExportOptions.plist"
xcodebuild -exportArchive -archivePath "${{ github.workspace }}/MoppApp/build/DigiDoc.xcarchive" -exportPath "${{ github.workspace }}/MoppApp/build/" -configuration Release -exportOptionsPlist ExportOptions.plist DEFAULT_CENTRAL_CONFIGURATION_URL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_URL }} DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_UPDATE_INTERVAL }} DEFAULT_CENTRAL_CONFIGURATION_TSL_URL=${{ env.DEFAULT_CENTRAL_CONFIGURATION_TSL_URL }} "OTHER_SWIFT_FLAGS=-DCOCOAPODS" | xcpretty
# Change .ipa name
mv ${{ github.workspace }}/MoppApp/build/MoppApp.ipa ${{ github.workspace }}/MoppApp/build/RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}.ipa
- name: Upload artifact
uses: actions/upload-artifact@v2
if: success()
with:
name: "RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}"
path: "${{ github.workspace }}/MoppApp/build/RIA_DigiDoc_${{ env.APP_VERSION }}.${{ env.BUILD_NUMBER }}.ipa"
- name: Clean up
if: ${{ always() }}
run: |
TEMP_KEYCHAIN_PATH="$RUNNER_TEMP/ios-github-actions.keychain-db"
MOBILEPROVISIONING_PATH=$RUNNER_TEMP/MobileProvisioning_iOS_Github_Actions.mobileprovision
MOBILEPROVISIONING_SHARE_EXTENSION_PATH=$RUNNER_TEMP/MobileProvisioningShareExtension_iOS_Github_Actions.mobileprovision
# Keychain
if [[ -f $TEMP_KEYCHAIN_PATH ]]
then
security delete-keychain $TEMP_KEYCHAIN_PATH
fi
# Main provisioning profile
if [[ -f $MOBILEPROVISIONING_PATH ]]
then
rm $MOBILEPROVISIONING_PATH
fi
# Share Extension provisioning profile
if [[ -f $MOBILEPROVISIONING_SHARE_EXTENSION_PATH ]]
then
rm $MOBILEPROVISIONING_SHARE_EXTENSION_PATH
fi