Use runner login keychain for CI signing
Some checks failed
TestFlight / testflight (push) Failing after 21s
Some checks failed
TestFlight / testflight (push) Failing after 21s
This commit is contained in:
@@ -1,4 +1,3 @@
|
||||
require "fileutils"
|
||||
require "shellwords"
|
||||
|
||||
default_platform(:ios)
|
||||
@@ -33,48 +32,28 @@ def release_version
|
||||
end
|
||||
|
||||
platform :ios do
|
||||
private_lane :cleanup_ci_signing_identity do
|
||||
next unless ENV["CI"]
|
||||
|
||||
sh("security delete-identity -Z #{SIGNING_IDENTITY_SHA1.shellescape} || true", log: false)
|
||||
end
|
||||
|
||||
private_lane :prepare_ci_keychain do
|
||||
next unless ENV["CI"]
|
||||
|
||||
keychain_path = File.expand_path("../build/ci/sybil-signing.keychain", __dir__)
|
||||
keychain_password = ENV["MATCH_KEYCHAIN_PASSWORD"].to_s
|
||||
keychain_password = "sybil-ci-keychain-password" unless present?(keychain_password)
|
||||
|
||||
FileUtils.mkdir_p(File.dirname(keychain_path))
|
||||
|
||||
create_keychain(
|
||||
path: keychain_path,
|
||||
password: keychain_password,
|
||||
default_keychain: false,
|
||||
unlock: true,
|
||||
timeout: 3600,
|
||||
lock_after_timeout: false,
|
||||
add_to_search_list: true
|
||||
)
|
||||
|
||||
resolved_keychain_path = ["#{keychain_path}-db", keychain_path].find { |path| File.exist?(path) } || keychain_path
|
||||
|
||||
sh("security list-keychains -d user -s #{resolved_keychain_path.shellescape}", log: false)
|
||||
|
||||
ENV["MATCH_KEYCHAIN_NAME"] = resolved_keychain_path
|
||||
ENV["MATCH_KEYCHAIN_PASSWORD"] = keychain_password
|
||||
cleanup_ci_signing_identity
|
||||
ENV.delete("MATCH_KEYCHAIN_NAME")
|
||||
ENV.delete("MATCH_KEYCHAIN_PASSWORD")
|
||||
end
|
||||
|
||||
private_lane :verify_ci_signing_identity do
|
||||
next unless ENV["CI"]
|
||||
|
||||
keychain_path = ENV.fetch("MATCH_KEYCHAIN_NAME")
|
||||
keychain_password = ENV.fetch("MATCH_KEYCHAIN_PASSWORD")
|
||||
|
||||
sh("security unlock-keychain -p #{keychain_password.shellescape} #{keychain_path.shellescape}", log: false)
|
||||
sh("security list-keychains -d user -s #{keychain_path.shellescape}", log: false)
|
||||
sh("security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{keychain_password.shellescape} #{keychain_path.shellescape}", log: false)
|
||||
|
||||
identities = sh("security find-identity -v -p codesigning #{keychain_path.shellescape}", log: false)
|
||||
identities = sh("security find-identity -v -p codesigning", log: false)
|
||||
UI.message(identities)
|
||||
|
||||
unless identities.include?(SIGNING_IDENTITY_NAME)
|
||||
UI.user_error!("The CI keychain does not contain the expected Apple Distribution signing identity")
|
||||
UI.user_error!("The runner login keychain does not contain the expected Apple Distribution signing identity")
|
||||
end
|
||||
end
|
||||
|
||||
@@ -143,9 +122,6 @@ platform :ios do
|
||||
xcodeproj: PROJECT_FILE
|
||||
)
|
||||
|
||||
sync_match_signing(readonly: true)
|
||||
verify_ci_signing_identity
|
||||
|
||||
build_options = {
|
||||
project: PROJECT_FILE,
|
||||
scheme: SCHEME,
|
||||
@@ -159,12 +135,17 @@ platform :ios do
|
||||
|
||||
if ENV["CI"]
|
||||
build_options[:xcargs] = [
|
||||
"CODE_SIGN_IDENTITY=#{SIGNING_IDENTITY_SHA1.shellescape}",
|
||||
"OTHER_CODE_SIGN_FLAGS=#{("--keychain #{ENV.fetch("MATCH_KEYCHAIN_NAME")}").shellescape}"
|
||||
"CODE_SIGN_IDENTITY=#{SIGNING_IDENTITY_SHA1.shellescape}"
|
||||
].join(" ")
|
||||
end
|
||||
|
||||
begin
|
||||
sync_match_signing(readonly: true)
|
||||
verify_ci_signing_identity
|
||||
build_app(build_options)
|
||||
ensure
|
||||
cleanup_ci_signing_identity
|
||||
end
|
||||
|
||||
upload_to_testflight(
|
||||
api_key: api_key,
|
||||
|
||||
Reference in New Issue
Block a user