Sonar changes #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build iOS app" | |
on: | |
push: | |
tags: | |
- "v*.*.*-*" | |
# # manual trigger but change to any supported event | |
# # see addl: https://www.andrewhoog.com/post/how-to-build-react-native-android-app-with-github-actions/#3-run-build-workflow | |
# workflow_dispatch: | |
# branches: [main] | |
jobs: | |
build_with_signing: | |
runs-on: macos-14 | |
steps: | |
- uses: maxim-lobanov/setup-xcode@v1 | |
with: | |
xcode-version: 15.4 | |
- name: checkout repository | |
uses: actions/checkout@v1 | |
with: | |
submodules: recursive | |
- name: Prepare Brew | |
run: brew install boost | |
- name: Prepare LibTorrent | |
run: ./Submodules/LibTorrent-Swift/make.sh | |
- name: Install the Apple certificate and provisioning profile | |
env: | |
FIREBASE_INFO_PLIST_BASE64: ${{ secrets.FIREBASE_INFO_PLIST_BASE64 }} | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
BUILD_CERTIFICATE_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
BUILD_PROVISION_PROFILE_PROD_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_PROD_BASE64 }} | |
BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_BASE64 }} | |
BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_PROD_BASE64: ${{ secrets.BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_PROD_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
FIREBASE_INFO_PLIST_PATH=iTorrent/Core/Assets/GoogleService-Info.plist | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
PP_PROD_PATH=$RUNNER_TEMP/build_pp_prod.mobileprovision | |
PW_PP_PATH=$RUNNER_TEMP/build_progresswidget_pp.mobileprovision | |
PW_PP_PROD_PATH=$RUNNER_TEMP/build_progresswidget_pp_prod.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import firebase plist to the project | |
echo -n "$FIREBASE_INFO_PLIST_BASE64" | base64 --decode -o $FIREBASE_INFO_PLIST_PATH | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_PROD_BASE64" | base64 --decode -o $PP_PROD_PATH | |
echo -n "$BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_BASE64" | base64 --decode -o $PW_PP_PATH | |
echo -n "$BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_PROD_BASE64" | base64 --decode -o $PW_PP_PROD_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$BUILD_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PROD_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PW_PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PW_PP_PROD_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Fix build number | |
run: | | |
VERSION=${GITHUB_REF_NAME//v/} | |
VERSIONPARTS=(${VERSION//-/ }) | |
echo "Set project build number to: ${VERSIONPARTS[1]}" | |
xcrun agvtool new-version -all ${VERSIONPARTS[1]} | |
- name: build archive | |
run: | | |
xcodebuild \ | |
-workspace iTorrent.xcworkspace \ | |
-scheme "iTorrent" \ | |
-archivePath $RUNNER_TEMP/itorrent.xcarchive \ | |
-sdk iphoneos \ | |
-configuration Release \ | |
-destination generic/platform=iOS \ | |
clean archive | |
- name: Upload archive | |
uses: actions/upload-artifact@v4 | |
with: | |
name: itorrent.xcarchive | |
path: | | |
${{ runner.temp }}/itorrent.xcarchive | |
retention-days: 3 | |
export_ipa: | |
needs: [build_with_signing] | |
runs-on: macos-14 | |
strategy: | |
matrix: | |
org: [adhoc, prod] | |
include: | |
- org: adhoc | |
export_options_plist_secret: EXPORT_OPTIONS_PLIST | |
- org: prod | |
export_options_plist_secret: EXPORT_PROD_OPTIONS_PLIST | |
steps: | |
- uses: maxim-lobanov/setup-xcode@v1 | |
with: | |
xcode-version: 15.4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Install the Apple certificate and provisioning profile | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
BUILD_CERTIFICATE_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_PASSWORD }} | |
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }} | |
BUILD_PROVISION_PROFILE_PROD_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_PROD_BASE64 }} | |
BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_BASE64 }} | |
BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_PROD_BASE64: ${{ secrets.BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_PROD_BASE64 }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
PP_PROD_PATH=$RUNNER_TEMP/build_pp_prod.mobileprovision | |
PW_PP_PATH=$RUNNER_TEMP/build_progresswidget_pp.mobileprovision | |
PW_PP_PROD_PATH=$RUNNER_TEMP/build_progresswidget_pp_prod.mobileprovision | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate and provisioning profile from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH | |
echo -n "$BUILD_PROVISION_PROFILE_PROD_BASE64" | base64 --decode -o $PP_PROD_PATH | |
echo -n "$BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_BASE64" | base64 --decode -o $PW_PP_PATH | |
echo -n "$BUILD_PROGRESS_WIDGET_PROVISION_PROFILE_PROD_BASE64" | base64 --decode -o $PW_PP_PROD_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$BUILD_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
# apply provisioning profile | |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PP_PROD_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PW_PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
cp $PW_PP_PROD_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
- name: Export ipa | |
env: | |
EXPORT_OPTIONS_PLIST: ${{ secrets[matrix.export_options_plist_secret] }} | |
run: | | |
EXPORT_OPTS_PATH=$RUNNER_TEMP/ExportOptions.plist | |
echo -n "$EXPORT_OPTIONS_PLIST" | base64 --decode -o $EXPORT_OPTS_PATH | |
xcodebuild -exportArchive -archivePath itorrent.xcarchive -exportOptionsPlist $EXPORT_OPTS_PATH -exportPath $RUNNER_TEMP/build | |
- name: Move dSYMs | |
run: mv itorrent.xcarchive/dSYMs $RUNNER_TEMP/dSYMs | |
- name: Upload application | |
uses: actions/upload-artifact@v4 | |
with: | |
name: app-Release-${{ matrix.org }} | |
path: | | |
${{ runner.temp }}/build/iTorrent.ipa | |
${{ runner.temp }}/build/manifest.plist | |
${{ runner.temp }}/dSYMs | |
retention-days: 3 | |
github_release: | |
needs: [export_ipa] | |
runs-on: macos-14 | |
steps: | |
- uses: maxim-lobanov/setup-xcode@v1 | |
with: | |
xcode-version: 15.4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: ZIP dSYMs | |
run: | | |
zip -vr dSYMs.zip app-Release-adhoc/dSYMs/ -x "*.DS_Store" | |
- name: Release to GitHub | |
uses: softprops/action-gh-release@v2 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
repository: XITRIX/iTorrent | |
token: ${{ secrets.DISTRIB_REPO_ACCESS_TOKEN }} | |
files: | | |
app-Release-adhoc/build/iTorrent.ipa | |
app-Release-adhoc/build/manifest.plist | |
dSYMs.zip | |
altstore_release: | |
needs: [github_release] | |
runs-on: macos-14 | |
steps: | |
- uses: maxim-lobanov/setup-xcode@v1 | |
with: | |
xcode-version: 15.4 | |
- name: Checkout repository | |
uses: actions/checkout@v1 | |
- name: Build altstore source generator | |
run: xcrun swiftc -parse-as-library ./GenerateAltStoreJson.swift | |
- name: Generate AltStore Source | |
run: ./GenerateAltStoreJson >> ./AltStoreSource.json | |
- name: Release AltStore Source | |
uses: softprops/action-gh-release@v2 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
repository: XITRIX/xitrix.github.io | |
token: ${{ secrets.DISTRIB_REPO_ACCESS_TOKEN }} | |
files: | | |
./AltStoreSource.json | |
appstore_release: | |
needs: [export_ipa] | |
runs-on: macos-14 | |
steps: | |
- uses: maxim-lobanov/setup-xcode@v1 | |
with: | |
xcode-version: 15.4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Copy P8 KEY from secrets | |
env: | |
PKCS8_KEY: ${{ secrets.APPSTORE_CONNECT_PKCS8_KEY }} | |
run: | | |
mkdir ./private_keys | |
echo -n "$PKCS8_KEY" >> ./private_keys/AuthKey_${{ secrets.APPSTORE_CONNECT_KEY_ID }}.p8 | |
- name: Upload app to TestFlight | |
run: | | |
# xcrun altool --upload-package app-Release-prod/build/iTorrent.ipa --apiKey ${{ secrets.APPSTORE_CONNECT_KEY_ID }} --apiIssuer ${{ secrets.APPSTORE_CONNECT_ISSUER_ID }} | |
xcrun altool --upload-app -f app-Release-prod/build/iTorrent.ipa --apiKey ${{ secrets.APPSTORE_CONNECT_KEY_ID }} --apiIssuer ${{ secrets.APPSTORE_CONNECT_ISSUER_ID }} -t ios |