Skip to content

Commit

Permalink
Update build pipeline to notarize macOS releases
Browse files Browse the repository at this point in the history
  • Loading branch information
conradev committed Mar 25, 2024
1 parent 47a6914 commit 94be8c8
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 81 deletions.
5 changes: 3 additions & 2 deletions .github/actions/archive/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,12 @@ runs:
xcodebuild clean archive \
-allowProvisioningUpdates \
-allowProvisioningDeviceRegistration \
-skipPackagePluginValidation \
-skipMacroValidation \
-onlyUsePackageVersionsFromResolvedFile \
-authenticationKeyID ${{ inputs.app-store-key-id }} \
-authenticationKeyIssuerID ${{ inputs.app-store-key-issuer-id }} \
-authenticationKeyPath "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8" \
-onlyUsePackageVersionsFromResolvedFile \
-skipPackagePluginValidation \
-scheme '${{ inputs.scheme }}' \
-destination '${{ inputs.destination }}' \
-archivePath '${{ inputs.archive-path }}' \
Expand Down
5 changes: 3 additions & 2 deletions .github/actions/build-for-testing/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,12 @@ runs:
xcodebuild build-for-testing \
-allowProvisioningUpdates \
-allowProvisioningDeviceRegistration \
-skipPackagePluginValidation \
-skipMacroValidation \
-onlyUsePackageVersionsFromResolvedFile \
-authenticationKeyID ${{ inputs.app-store-key-id }} \
-authenticationKeyIssuerID ${{ inputs.app-store-key-issuer-id }} \
-authenticationKeyPath "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8" \
-onlyUsePackageVersionsFromResolvedFile \
-skipPackagePluginValidation \
-scheme '${{ inputs.scheme }}' \
-destination '${{ inputs.destination }}' \
-resultBundlePath BuildResults.xcresult
Expand Down
25 changes: 6 additions & 19 deletions .github/actions/import-cert/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,29 +11,16 @@ runs:
steps:
- shell: bash
run: |
security list-keychains -d user -s login.keychain Developer.keychain
if [[ ! -f "$HOME/Library/Keychains/Developer.keychain-db" ]]; then
security create-keychain -p "${{ inputs.password }}" Developer.keychain
security set-keychain-settings -lut 21600 Developer.keychain
for CERT_INDEX in {2..8}; do
CERT_FILE=AppleWWDRCAG${CERT_INDEX}.cer
curl --proto '=https' --tlsv1.2 -sSOf "https://www.apple.com/certificateauthority/$CERT_FILE"
security import $CERT_FILE -k Developer.keychain -f openssl
rm $CERT_FILE
done
fi
security unlock-keychain -p "${{ inputs.password }}" Developer.keychain
echo -n "${{ inputs.certificate }}" | base64 -d > Developer.p12
security create-keychain -p password Developer.keychain
security set-keychain-settings -lut 21600 Developer.keychain
security unlock-keychain -p password Developer.keychain
security import Developer.p12 \
-k Developer.keychain \
-f pkcs12 \
-A \
-T /usr/bin/codesign \
-T /usr/bin/security \
-P "${{ inputs.password }}"
security set-key-partition-list -S apple-tool:,apple: -k "${{ inputs.password }}" Developer.keychain
-P ${{ inputs.password }}
security set-key-partition-list -S apple-tool:,apple: -k password Developer.keychain
security list-keychains -d user -s login.keychain Developer.keychain
34 changes: 16 additions & 18 deletions .github/actions/notarize/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,34 +28,32 @@ runs:
run: |
echo "${{ inputs.app-store-key }}" > AuthKey_${{ inputs.app-store-key-id }}.p8
echo '{"destination":"upload","method":"developer-id"}' \
echo '{"destination":"export","method":"developer-id"}' \
| plutil -convert xml1 -o ExportOptions.plist -
xcodebuild \
-exportArchive \
xcodebuild -exportArchive \
-allowProvisioningUpdates \
-allowProvisioningDeviceRegistration \
-skipPackagePluginValidation \
-skipMacroValidation \
-onlyUsePackageVersionsFromResolvedFile \
-authenticationKeyID ${{ inputs.app-store-key-id }} \
-authenticationKeyIssuerID ${{ inputs.app-store-key-issuer-id }} \
-authenticationKeyPath "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8" \
-archivePath '${{ inputs.archive-path }}' \
-exportPath Release \
-exportOptionsPlist ExportOptions.plist
until xcodebuild \
-exportNotarizedApp \
-allowProvisioningUpdates \
-allowProvisioningDeviceRegistration \
-authenticationKeyID ${{ inputs.app-store-key-id }} \
-authenticationKeyIssuerID ${{ inputs.app-store-key-issuer-id }} \
-authenticationKeyPath "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8" \
-archivePath '${{ inputs.archive-path }}' \
-exportPath Release
do
echo "Failed to export app, trying again in 10s..."
sleep 10
done
rm ExportOptions.plist
ditto -c -k --keepParent Release/${{ inputs.product-name }} Upload.zip
SUBMISSION_ID=$(xcrun notarytool submit --issuer ${{ inputs.app-store-key-issuer-id }} --key-id ${{ inputs.app-store-key-id }} --key "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8" Upload.zip | awk '/ id:/ { print $2; exit }')
xcrun notarytool wait $SUBMISSION_ID --issuer ${{ inputs.app-store-key-issuer-id }} --key-id ${{ inputs.app-store-key-id }} --key "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8"
xcrun stapler staple Release/${{ inputs.product-name }}
aa archive -a lzma -b 8m -d Release -subdir ${{ inputs.product-name }} -o ${{ inputs.product-name }}.aar
echo "notarized-app=Apple/${{ inputs.product-name }}.aar" >> $GITHUB_OUTPUT
rm -rf AuthKey_${{ inputs.app-store-key-id }}.p8 Release ExportOptions.plist
rm -rf Upload.zip Release AuthKey_${{ inputs.app-store-key-id }}.p8 ExportOptions.plist
echo "notarized-app=Apple/${{ inputs.product-name }}.aar" >> $GITHUB_OUTPUT
48 changes: 24 additions & 24 deletions .github/workflows/build-apple.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,18 @@ on:
- "*"
jobs:
build:
name: Build (${{ matrix.configuration['platform'] }})
name: Build (${{ matrix.platform }})
runs-on: macos-13
strategy:
fail-fast: false
matrix:
configuration:
include:
- scheme: App
destination: generic/platform=iOS
platform: iOS
sdk-name: iphoneos
- scheme: App
destination: platform=iOS Simulator,OS=17.0,name=iPhone 14 Pro
destination: platform=iOS Simulator,OS=17.2,name=iPhone 14 Pro
platform: iOS Simulator
sdk-name: iphonesimulator
xcode-unit-test: UnitTests
Expand All @@ -33,7 +33,7 @@ jobs:
xcode-ui-test: UITests-macOS
gradle-test: macosX64Test
env:
DEVELOPER_DIR: /Applications/Xcode_15.0.app/Contents/Developer
DEVELOPER_DIR: /Applications/Xcode_15.2.app/Contents/Developer
steps:
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -60,44 +60,44 @@ jobs:
password: ${{ secrets.DEVELOPER_CERT_PASSWORD }}
- name: Build External Libraries
shell: bash
run: External/build-darwin.sh ${{ matrix.configuration['sdk-name'] }}
run: External/build-darwin.sh ${{ matrix.sdk-name }}
- name: Build
id: build
uses: ./.github/actions/build-for-testing
with:
scheme: ${{ matrix.configuration['scheme'] }}
destination: ${{ matrix.configuration['destination'] }}
scheme: ${{ matrix.scheme }}
destination: ${{ matrix.destination }}
app-store-key: ${{ secrets.APPSTORE_KEY }}
app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }}
app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }}
- name: Xcode Unit Test
if: ${{ matrix.configuration['xcode-unit-test'] != '' }}
if: ${{ matrix.xcode-unit-test != '' }}
continue-on-error: true
uses: ./.github/actions/test-without-building
with:
scheme: ${{ matrix.configuration['scheme'] }}
destination: ${{ matrix.configuration['destination'] }}
test-plan: ${{ matrix.configuration['xcode-unit-test'] }}
artifact-prefix: unit-tests-${{ matrix.configuration['sdk-name'] }}
check-name: Xcode Unit Tests (${{ matrix.configuration['platform'] }})
scheme: ${{ matrix.scheme }}
destination: ${{ matrix.destination }}
test-plan: ${{ matrix.xcode-unit-test }}
artifact-prefix: unit-tests-${{ matrix.sdk-name }}
check-name: Xcode Unit Tests (${{ matrix.platform }})
- name: Build Kotlin Tests
if: ${{ matrix.configuration['gradle-test'] != '' }}
if: ${{ matrix.gradle-test != '' }}
shell: bash
run: ./gradlew :Shared:${{ matrix.configuration['gradle-test'] }}Klibrary
run: ./gradlew :Shared:${{ matrix.gradle-test }}Klibrary
- name: Kotlin Unit Test
if: ${{ matrix.configuration['gradle-test'] != '' }}
if: ${{ matrix.gradle-test != '' }}
continue-on-error: true
uses: ./.github/actions/gradle-test
with:
task: :Shared:${{ matrix.configuration['gradle-test'] }}
check-name: Kotlin Tests (${{ matrix.configuration['platform'] }})
task: :Shared:${{ matrix.gradle-test }}
check-name: Kotlin Tests (${{ matrix.platform }})
- name: Xcode UI Test
if: ${{ matrix.configuration['xcode-ui-test'] != '' }}
if: ${{ matrix.xcode-ui-test != '' }}
continue-on-error: true
uses: ./.github/actions/test-without-building
with:
scheme: ${{ matrix.configuration['scheme'] }}
destination: ${{ matrix.configuration['destination'] }}
test-plan: ${{ matrix.configuration['xcode-ui-test'] }}
artifact-prefix: ui-tests-${{ matrix.configuration['sdk-name'] }}
check-name: Xcode UI Tests (${{ matrix.configuration['platform'] }})
scheme: ${{ matrix.scheme }}
destination: ${{ matrix.destination }}
test-plan: ${{ matrix.xcode-ui-test }}
artifact-prefix: ui-tests-${{ matrix.sdk-name }}
check-name: Xcode UI Tests (${{ matrix.platform }})
30 changes: 14 additions & 16 deletions .github/workflows/release-apple.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,26 +5,22 @@ on:
- created
jobs:
build:
name: Build ${{ matrix.configuration['platform'] }} Release
name: Build ${{ matrix.platform }} Release
runs-on: macos-13
strategy:
fail-fast: false
matrix:
configuration:
include:
- scheme: App
build-destination: generic/platform=iOS
platform: iOS
method: ad-hoc
export-destination: export
artifact-file: Apple/Release/Wallet.ipa
- scheme: App (macOS)
build-destination: generic/platform=macOS
platform: macOS
method: developer-id
export-destination: upload
artifact-file: Apple/Wallet.app.aar
env:
DEVELOPER_DIR: /Applications/Xcode_15.0.app/Contents/Developer
DEVELOPER_DIR: /Applications/Xcode_15.2.app/Contents/Developer
steps:
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -47,32 +43,33 @@ jobs:
- name: Import Certificate
uses: ./.github/actions/import-cert
with:
certificate: ${{ secrets.DEVELOPER_ID_CERT }}
password: ${{ secrets.DEVELOPER_ID_CERT_PASSWORD }}
certificate: ${{ secrets.DEVELOPER_CERT }}
password: ${{ secrets.DEVELOPER_CERT_PASSWORD }}
- name: Build External Libraries
shell: bash
run: External/build-darwin.sh ${{ matrix.configuration['sdk-name'] }}
run: External/build-darwin.sh ${{ matrix.sdk-name }}
- name: Archive
uses: ./.github/actions/archive
with:
scheme: ${{ matrix.configuration['scheme'] }}
destination: ${{ matrix.configuration['build-destination'] }}
scheme: ${{ matrix.scheme }}
destination: ${{ matrix.build-destination }}
app-store-key: ${{ secrets.APPSTORE_KEY }}
app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }}
app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }}
archive-path: Wallet.xcarchive
- name: Export
if: ${{ matrix.platform == 'iOS' }}
uses: ./.github/actions/export
with:
method: ${{ matrix.configuration['method'] }}
destination: ${{ matrix.configuration['export-destination'] }}
method: ad-hoc
destination: export
app-store-key: ${{ secrets.APPSTORE_KEY }}
app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }}
app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }}
archive-path: Wallet.xcarchive
export-path: Release
- name: Notarize
if: ${{ matrix.configuration['platform'] == 'macOS' }}
if: ${{ matrix.platform == 'macOS' }}
uses: ./.github/actions/notarize
with:
app-store-key: ${{ secrets.APPSTORE_KEY }}
Expand All @@ -84,5 +81,6 @@ jobs:
uses: SierraSoftworks/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
release_tag: ${{ github.ref_name }}
overwrite: 'false'
files: ${{ matrix.configuration['artifact-file'] }}
files: ${{ matrix.artifact-file }}

0 comments on commit 94be8c8

Please sign in to comment.