ios: use disposable keychain as ci default
Some checks failed
TestFlight Release / testflight (push) Failing after 15s
Some checks failed
TestFlight Release / testflight (push) Failing after 15s
This commit is contained in:
@@ -85,6 +85,7 @@ jobs:
|
||||
|
||||
keychain_password="$(uuidgen)"
|
||||
keychain_path="${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db"
|
||||
previous_default_keychain="$(security default-keychain -d user | sed 's/[ "]//g' || true)"
|
||||
mkdir -p "${HOME}/Library/Keychains" "${HOME}/Library/MobileDevice/Provisioning Profiles" ios/build/secrets
|
||||
|
||||
printf '%s' "${APPSTORE_CERTIFICATES_FILE_BASE64}" | base64 --decode > ios/build/secrets/appstore-signing.p12
|
||||
@@ -95,6 +96,7 @@ jobs:
|
||||
security set-keychain-settings -lut 21600 "${keychain_path}"
|
||||
security unlock-keychain -p "${keychain_password}" "${keychain_path}"
|
||||
security list-keychains -d user -s "${keychain_path}" $(security list-keychains -d user | sed 's/[ "]//g')
|
||||
security default-keychain -d user -s "${keychain_path}"
|
||||
security import ios/build/secrets/AppleWWDRCAG3.cer \
|
||||
-k "${keychain_path}" \
|
||||
-T /usr/bin/codesign \
|
||||
@@ -111,6 +113,7 @@ jobs:
|
||||
{
|
||||
echo "SYBIL_SIGNING_KEYCHAIN_PATH=${keychain_path}"
|
||||
echo "SYBIL_SIGNING_KEYCHAIN_PASSWORD=${keychain_password}"
|
||||
echo "SYBIL_PREVIOUS_DEFAULT_KEYCHAIN=${previous_default_keychain}"
|
||||
} >> "${GITHUB_ENV}"
|
||||
|
||||
- name: Build and upload to TestFlight
|
||||
@@ -129,6 +132,7 @@ jobs:
|
||||
|
||||
security unlock-keychain -p "${SYBIL_SIGNING_KEYCHAIN_PASSWORD}" "${SYBIL_SIGNING_KEYCHAIN_PATH}"
|
||||
security list-keychains -d user -s "${SYBIL_SIGNING_KEYCHAIN_PATH}" $(security list-keychains -d user | sed 's/[ "]//g')
|
||||
security default-keychain -d user -s "${SYBIL_SIGNING_KEYCHAIN_PATH}"
|
||||
security find-identity -v -p codesigning "${SYBIL_SIGNING_KEYCHAIN_PATH}"
|
||||
|
||||
SYBIL_VERSION_TAG="${TAG_NAME}" bundle exec fastlane ios beta
|
||||
@@ -220,4 +224,7 @@ jobs:
|
||||
- name: Clean up temporary keychain
|
||||
if: always()
|
||||
run: |
|
||||
if [[ -n "${SYBIL_PREVIOUS_DEFAULT_KEYCHAIN:-}" ]]; then
|
||||
security default-keychain -d user -s "${SYBIL_PREVIOUS_DEFAULT_KEYCHAIN}" || true
|
||||
fi
|
||||
security delete-keychain "${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db" || true
|
||||
|
||||
@@ -14,10 +14,12 @@ git push origin release/v1.10.0
|
||||
```
|
||||
|
||||
The release job runs on the `xcode` runner label, imports the signing p12 into
|
||||
a temporary keychain, installs the App Store provisioning profile, builds and
|
||||
a temporary per-user keychain, makes that keychain the user default for the
|
||||
duration of the job, installs the App Store provisioning profile, builds and
|
||||
uploads the app with fastlane, then creates or updates the matching Gitea
|
||||
release with the generated IPA as an asset. The job deletes the temporary
|
||||
signing keychain in an `always()` cleanup step.
|
||||
release with the generated IPA as an asset. The job restores the previous user
|
||||
default keychain and deletes the temporary signing keychain in an `always()`
|
||||
cleanup step.
|
||||
|
||||
Required repository secrets:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user