ios: configure api-key TestFlight signing
This commit is contained in:
@@ -71,35 +71,48 @@ jobs:
|
||||
|
||||
brew install "${missing_tools[@]}"
|
||||
|
||||
- name: Import code signing certificates
|
||||
uses: Apple-Actions/import-codesign-certs@v3
|
||||
with:
|
||||
p12-file-base64: ${{ secrets.APPSTORE_CERTIFICATES_FILE_BASE64 }}
|
||||
p12-password: ${{ secrets.APPSTORE_CERTIFICATES_PASSWORD }}
|
||||
keychain: ${{ env.SIGNING_KEYCHAIN }}
|
||||
|
||||
- name: Create fastlane environment
|
||||
working-directory: ios
|
||||
- name: Install signing secrets
|
||||
env:
|
||||
FASTLANE_USER: ${{ secrets.FASTLANE_USER }}
|
||||
FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD: ${{ secrets.FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD }}
|
||||
APPSTORE_CERTIFICATES_FILE_BASE64: ${{ secrets.APPSTORE_CERTIFICATES_FILE_BASE64 }}
|
||||
APPSTORE_CERTIFICATES_PASSWORD: ${{ secrets.APPSTORE_CERTIFICATES_PASSWORD }}
|
||||
APPSTORE_PROVISIONING_PROFILE_BASE64: ${{ secrets.APPSTORE_PROVISIONING_PROFILE_BASE64 }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
: "${FASTLANE_USER:?FASTLANE_USER secret is required}"
|
||||
: "${FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD:?FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD secret is required}"
|
||||
: "${APPSTORE_CERTIFICATES_FILE_BASE64:?APPSTORE_CERTIFICATES_FILE_BASE64 secret is required}"
|
||||
: "${APPSTORE_CERTIFICATES_PASSWORD:?APPSTORE_CERTIFICATES_PASSWORD secret is required}"
|
||||
: "${APPSTORE_PROVISIONING_PROFILE_BASE64:?APPSTORE_PROVISIONING_PROFILE_BASE64 secret is required}"
|
||||
|
||||
{
|
||||
printf 'FASTLANE_USER=%s\n' "${FASTLANE_USER}"
|
||||
printf 'FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD=%s\n' "${FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD}"
|
||||
printf 'FASTLANE_SKIP_UPDATE_CHECK=1\n'
|
||||
printf 'FASTLANE_HIDE_CHANGELOG=1\n'
|
||||
} > .env
|
||||
keychain_password="$(uuidgen)"
|
||||
keychain_path="${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db"
|
||||
mkdir -p "${HOME}/Library/Keychains" "${HOME}/Library/MobileDevice/Provisioning Profiles" ios/build/secrets
|
||||
|
||||
printf '%s' "${APPSTORE_CERTIFICATES_FILE_BASE64}" | base64 --decode > ios/build/secrets/appstore-signing.p12
|
||||
printf '%s' "${APPSTORE_PROVISIONING_PROFILE_BASE64}" | base64 --decode > "${HOME}/Library/MobileDevice/Provisioning Profiles/Sybil_AppStore_CI.mobileprovision"
|
||||
|
||||
security create-keychain -p "${keychain_password}" "${keychain_path}"
|
||||
security set-keychain-settings -lut 21600 "${keychain_path}"
|
||||
security unlock-keychain -p "${keychain_password}" "${keychain_path}"
|
||||
security list-keychains -d user -s "${keychain_path}" $(security list-keychains -d user | sed 's/[ "]//g')
|
||||
security import ios/build/secrets/appstore-signing.p12 \
|
||||
-k "${keychain_path}" \
|
||||
-P "${APPSTORE_CERTIFICATES_PASSWORD}" \
|
||||
-T /usr/bin/codesign \
|
||||
-T /usr/bin/security \
|
||||
-T /usr/bin/xcodebuild
|
||||
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${keychain_password}" "${keychain_path}"
|
||||
|
||||
- name: Build and upload to TestFlight
|
||||
working-directory: ios
|
||||
env:
|
||||
APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
|
||||
APP_STORE_CONNECT_API_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_ISSUER_ID }}
|
||||
APP_STORE_CONNECT_API_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_API_KEY_CONTENT }}
|
||||
APP_STORE_CONNECT_API_KEY_CONTENT_BASE64: "true"
|
||||
FASTLANE_DONT_STORE_PASSWORD: "1"
|
||||
FASTLANE_HIDE_CHANGELOG: "1"
|
||||
FASTLANE_SKIP_UPDATE_CHECK: "1"
|
||||
SYBIL_PROVISIONING_PROFILE_SPECIFIER: Sybil AppStore CI
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
@@ -192,4 +205,4 @@ jobs:
|
||||
- name: Clean up temporary keychain
|
||||
if: always()
|
||||
run: |
|
||||
security delete-keychain "${SIGNING_KEYCHAIN}.keychain"
|
||||
security delete-keychain "${HOME}/Library/Keychains/${SIGNING_KEYCHAIN}.keychain-db" || true
|
||||
|
||||
Reference in New Issue
Block a user