From 9d55289a1f07cddab696f7d7f14c919394bc3d79 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sat, 27 Jan 2024 11:39:36 +0100 Subject: [PATCH 01/64] Initial fastlane integration --- .github/workflows/fastlane.yml | 67 +++++++++++ .gitignore | 4 +- Brewfile.lock.json | 39 ++++++ Gemfile | 3 + Gemfile.lock | 214 +++++++++++++++++++++++++++++++++ fastlane/Appfile | 7 ++ fastlane/Fastfile | 83 +++++++++++++ fastlane/Matchfile | 12 ++ fastlane/README.md | 45 +++++++ 9 files changed, 473 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/fastlane.yml create mode 100644 Gemfile create mode 100644 Gemfile.lock create mode 100644 fastlane/Appfile create mode 100644 fastlane/Fastfile create mode 100644 fastlane/Matchfile create mode 100644 fastlane/README.md diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml new file mode 100644 index 000000000..ced10eab8 --- /dev/null +++ b/.github/workflows/fastlane.yml @@ -0,0 +1,67 @@ +name: FASTLANE_CI + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +env: + APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: +jobs: + authorize: + # sets environment based on origin of PR: internal (non-existent) for own-repo or external (requires reviewer to run) for external repos + environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }} + runs-on: ubuntu-22.04 + steps: + - run: true + build: + needs: authorize + runs-on: macos-13 + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + # /!\ important: this checks out code from the HEAD of the PR instead of the main branch (for pull_request_target) + ref: ${{ github.event.pull_request.head.sha || github.ref }} + + - name: Checkout certs + uses: actions/checkout@v4 + with: + repository: kiwix/apple-certificates + ref: master + path: certificates + token: ${{ secrets.APPLE_CERTIFICATES_PAT }} + + - name: Select Xcode + run: sudo xcode-select --switch /Applications/Xcode_15.0.1.app + + - name: Download dependencies + run: + | + brew bundle + bundle update + + - name: Add Apple Store Key + env: + APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} + shell: bash + run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH + + - name: Build iOS Kiwix app with Fastlane + env: + APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} + APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} + APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + APP_SCHEME: "Kiwix" + MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} + MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} + MATCH_GIT_PRIVATE_KEY: ${{ secrets.APPLE_CERTIFICATES_PAT }} + run: + | + bundle exec fastlane ios build diff --git a/.gitignore b/.gitignore index 6e6174708..6d1f53724 100644 --- a/.gitignore +++ b/.gitignore @@ -72,4 +72,6 @@ xcuserdata Libraries # ignore xcode project files, they are now generated by XcodeGen -*.xcodeproj \ No newline at end of file +*.xcodeproj +# SPM package resolved: +**/Package.resolved diff --git a/Brewfile.lock.json b/Brewfile.lock.json index 8ede2d41a..246e1b469 100644 --- a/Brewfile.lock.json +++ b/Brewfile.lock.json @@ -127,6 +127,45 @@ } } } + }, + "fastlane": { + "version": "2.217.0", + "bottle": { + "rebuild": 1, + "root_url": "https://ghcr.io/v2/homebrew/core", + "files": { + "arm64_sonoma": { + "cellar": ":any", + "url": "https://ghcr.io/v2/homebrew/core/fastlane/blobs/sha256:91af5f1200f28c3373e0c42829179cefe1996f454c635f30ca2cbff451915f6a", + "sha256": "91af5f1200f28c3373e0c42829179cefe1996f454c635f30ca2cbff451915f6a" + }, + "arm64_ventura": { + "cellar": ":any", + "url": "https://ghcr.io/v2/homebrew/core/fastlane/blobs/sha256:7fa76937d5e469bcbcdd938547a290523a442650453bc45d1c6e5d96ee5d2687", + "sha256": "7fa76937d5e469bcbcdd938547a290523a442650453bc45d1c6e5d96ee5d2687" + }, + "arm64_monterey": { + "cellar": ":any", + "url": "https://ghcr.io/v2/homebrew/core/fastlane/blobs/sha256:b4c88dd9c23442eb89f9e793fced96a0d7aa37fcfbea4165c5fcc216d310d875", + "sha256": "b4c88dd9c23442eb89f9e793fced96a0d7aa37fcfbea4165c5fcc216d310d875" + }, + "ventura": { + "cellar": ":any", + "url": "https://ghcr.io/v2/homebrew/core/fastlane/blobs/sha256:3c60d7d5471d5b4bc25aa940c62b5b8fa082556cf6faea3ff018e9771d1977f5", + "sha256": "3c60d7d5471d5b4bc25aa940c62b5b8fa082556cf6faea3ff018e9771d1977f5" + }, + "monterey": { + "cellar": ":any", + "url": "https://ghcr.io/v2/homebrew/core/fastlane/blobs/sha256:7bd2b50d0320ae8c8ae226fc96803469411065629caa8e9aef99d14b4f01bfaa", + "sha256": "7bd2b50d0320ae8c8ae226fc96803469411065629caa8e9aef99d14b4f01bfaa" + }, + "x86_64_linux": { + "cellar": ":any_skip_relocation", + "url": "https://ghcr.io/v2/homebrew/core/fastlane/blobs/sha256:669a63bf74a8000322f6191d49d6349a144d45122718ce0062dbcd7af58cb115", + "sha256": "669a63bf74a8000322f6191d49d6349a144d45122718ce0062dbcd7af58cb115" + } + } + } } } }, diff --git a/Gemfile b/Gemfile new file mode 100644 index 000000000..7a118b49b --- /dev/null +++ b/Gemfile @@ -0,0 +1,3 @@ +source "https://rubygems.org" + +gem "fastlane" diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 000000000..b05be9f9e --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,214 @@ +GEM + remote: https://rubygems.org/ + specs: + CFPropertyList (3.0.6) + rexml + addressable (2.8.6) + public_suffix (>= 2.0.2, < 6.0) + artifactory (3.0.15) + atomos (0.1.3) + aws-eventstream (1.3.0) + aws-partitions (1.877.0) + aws-sdk-core (3.190.1) + aws-eventstream (~> 1, >= 1.3.0) + aws-partitions (~> 1, >= 1.651.0) + aws-sigv4 (~> 1.8) + jmespath (~> 1, >= 1.6.1) + aws-sdk-kms (1.75.0) + aws-sdk-core (~> 3, >= 3.188.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.142.0) + aws-sdk-core (~> 3, >= 3.189.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.8) + aws-sigv4 (1.8.0) + aws-eventstream (~> 1, >= 1.0.2) + babosa (1.0.4) + claide (1.1.0) + colored (1.2) + colored2 (3.1.2) + commander (4.6.0) + highline (~> 2.0.0) + declarative (0.0.20) + digest-crc (0.6.5) + rake (>= 12.0.0, < 14.0.0) + domain_name (0.6.20231109) + dotenv (2.8.1) + emoji_regex (3.2.3) + excon (0.109.0) + faraday (1.10.3) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.0) + faraday-patron (~> 1.0) + faraday-rack (~> 1.0) + faraday-retry (~> 1.0) + ruby2_keywords (>= 0.0.4) + faraday-cookie_jar (0.0.7) + faraday (>= 0.8.0) + http-cookie (~> 1.0.0) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) + faraday-excon (1.1.0) + faraday-httpclient (1.0.1) + faraday-multipart (1.0.4) + multipart-post (~> 2) + faraday-net_http (1.0.1) + faraday-net_http_persistent (1.2.0) + faraday-patron (1.0.0) + faraday-rack (1.0.0) + faraday-retry (1.0.3) + faraday_middleware (1.2.0) + faraday (~> 1.0) + fastimage (2.3.0) + fastlane (2.219.0) + CFPropertyList (>= 2.3, < 4.0.0) + addressable (>= 2.8, < 3.0.0) + artifactory (~> 3.0) + aws-sdk-s3 (~> 1.0) + babosa (>= 1.0.3, < 2.0.0) + bundler (>= 1.12.0, < 3.0.0) + colored + commander (~> 4.6) + dotenv (>= 2.1.1, < 3.0.0) + emoji_regex (>= 0.1, < 4.0) + excon (>= 0.71.0, < 1.0.0) + faraday (~> 1.0) + faraday-cookie_jar (~> 0.0.6) + faraday_middleware (~> 1.0) + fastimage (>= 2.1.0, < 3.0.0) + gh_inspector (>= 1.1.2, < 2.0.0) + google-apis-androidpublisher_v3 (~> 0.3) + google-apis-playcustomapp_v1 (~> 0.1) + google-cloud-env (>= 1.6.0, < 2.0.0) + google-cloud-storage (~> 1.31) + highline (~> 2.0) + http-cookie (~> 1.0.5) + json (< 3.0.0) + jwt (>= 2.1.0, < 3) + mini_magick (>= 4.9.4, < 5.0.0) + multipart-post (>= 2.0.0, < 3.0.0) + naturally (~> 2.2) + optparse (>= 0.1.1) + plist (>= 3.1.0, < 4.0.0) + rubyzip (>= 2.0.0, < 3.0.0) + security (= 0.1.3) + simctl (~> 1.6.3) + terminal-notifier (>= 2.0.0, < 3.0.0) + terminal-table (~> 3) + tty-screen (>= 0.6.3, < 1.0.0) + tty-spinner (>= 0.8.0, < 1.0.0) + word_wrap (~> 1.0.0) + xcodeproj (>= 1.13.0, < 2.0.0) + xcpretty (~> 0.3.0) + xcpretty-travis-formatter (>= 0.0.3) + gh_inspector (1.1.3) + google-apis-androidpublisher_v3 (0.54.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-core (0.11.2) + addressable (~> 2.5, >= 2.5.1) + googleauth (>= 0.16.2, < 2.a) + httpclient (>= 2.8.1, < 3.a) + mini_mime (~> 1.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.a) + rexml + webrick + google-apis-iamcredentials_v1 (0.17.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-playcustomapp_v1 (0.13.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-storage_v1 (0.29.0) + google-apis-core (>= 0.11.0, < 2.a) + google-cloud-core (1.6.1) + google-cloud-env (>= 1.0, < 3.a) + google-cloud-errors (~> 1.0) + google-cloud-env (1.6.0) + faraday (>= 0.17.3, < 3.0) + google-cloud-errors (1.3.1) + google-cloud-storage (1.45.0) + addressable (~> 2.8) + digest-crc (~> 0.4) + google-apis-iamcredentials_v1 (~> 0.1) + google-apis-storage_v1 (~> 0.29.0) + google-cloud-core (~> 1.6) + googleauth (>= 0.16.2, < 2.a) + mini_mime (~> 1.0) + googleauth (1.8.1) + faraday (>= 0.17.3, < 3.a) + jwt (>= 1.4, < 3.0) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (>= 0.16, < 2.a) + highline (2.0.3) + http-cookie (1.0.5) + domain_name (~> 0.5) + httpclient (2.8.3) + jmespath (1.6.2) + json (2.7.1) + jwt (2.7.1) + mini_magick (4.12.0) + mini_mime (1.1.5) + multi_json (1.15.0) + multipart-post (2.3.0) + nanaimo (0.3.0) + naturally (2.2.1) + optparse (0.4.0) + os (1.1.4) + plist (3.7.1) + public_suffix (5.0.4) + rake (13.1.0) + representable (3.2.0) + declarative (< 0.1.0) + trailblazer-option (>= 0.1.1, < 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rexml (3.2.6) + rouge (2.0.7) + ruby2_keywords (0.0.5) + rubyzip (2.3.2) + security (0.1.3) + signet (0.18.0) + addressable (~> 2.8) + faraday (>= 0.17.5, < 3.a) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) + simctl (1.6.10) + CFPropertyList + naturally + terminal-notifier (2.0.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + trailblazer-option (0.1.2) + tty-cursor (0.7.1) + tty-screen (0.8.2) + tty-spinner (0.9.3) + tty-cursor (~> 0.7) + uber (0.1.0) + unicode-display_width (2.5.0) + webrick (1.8.1) + word_wrap (1.0.0) + xcodeproj (1.23.0) + CFPropertyList (>= 2.3.3, < 4.0) + atomos (~> 0.1.3) + claide (>= 1.0.2, < 2.0) + colored2 (~> 3.1) + nanaimo (~> 0.3.0) + rexml (~> 3.2.4) + xcpretty (0.3.0) + rouge (~> 2.0.7) + xcpretty-travis-formatter (1.0.1) + xcpretty (~> 0.2, >= 0.0.7) + +PLATFORMS + arm64-darwin-22 + +DEPENDENCIES + fastlane + +BUNDLED WITH + 2.3.13 diff --git a/fastlane/Appfile b/fastlane/Appfile new file mode 100644 index 000000000..1b24605f4 --- /dev/null +++ b/fastlane/Appfile @@ -0,0 +1,7 @@ +#!/usr/bin/env ruby +# For more information about the Appfile, see: +# https://docs.fastlane.tools/advanced/#appfile + +team_name "Wikimedia CH" +team_id "L7HWM3SP3L" +app_identifier "self.Kiwix" # to be replaced with ENV["APP_BUNDLE_ID"] diff --git a/fastlane/Fastfile b/fastlane/Fastfile new file mode 100644 index 000000000..a1142389a --- /dev/null +++ b/fastlane/Fastfile @@ -0,0 +1,83 @@ +# This file contains the fastlane.tools configuration +# You can find the documentation at https://docs.fastlane.tools +# +# For a list of all available actions, check out +# +# https://docs.fastlane.tools/actions +# +# For a list of all available plugins, check out +# +# https://docs.fastlane.tools/plugins/available-plugins +# + +# Uncomment the line if you want fastlane to automatically update itself +# update_fastlane + +platform :ios do + desc "Build the iOS app" + lane :build do + # load_app_store_api_key + setup_ci + get_certificates + get_provisioning_profile + build_app(scheme: ENV["APP_SCHEME"], + destination: "generic/platform=iOS", + sdk: 'iphoneos') + end +end + +platform :mac do + desc "Build the macOS app" + lane :build do + # load_app_store_api_key + setup_ci + get_certificates + get_provisioning_profile + # fetch_certificates + build_app(scheme: ENV["APP_SCHEME"], + destination: "generic/platform=macOS") + end +end + +# platform :ios do +# desc "Build and upload the iOS app to testflight" +# lane :beta do +# load_app_store_api_key +# # fetch_certificates +# build_app(scheme: ENV["APP_SCHEME"]) +# # upload_to_testflight +# end +# end + +# platform :mac do +# desc "Build and upload the macOS app" +# lane :beta do +# load_app_store_api_key +# # fetch_certificates +# build_app(scheme: ENV["APP_SCHEME"]) +# # upload_to_testflight +# end +# end + +# private_lane :fetch_certificates do +# if is_ci +# match(type: "development", additional_cert_types: "mac_installer_distribution", readonly: true, git_url: "./certificates") +# else +# match(type: "development", additional_cert_types: "mac_installer_distribution", readonly: true) +# end +# end + +private_lane :load_app_store_api_key do + # the default env variables, * - required + # @see: https://sarunw.com/posts/using-app-store-connect-api-with-fastlane-match/ + # * key_id The key ID APP_STORE_CONNECT_API_KEY_KEY_ID + # * issuer_id The issuer ID APP_STORE_CONNECT_API_KEY_ISSUER_ID + # * key_content The content of the key p8 file APP_STORE_CONNECT_API_KEY_KEY + # key_filepath The path to the key p8 file APP_STORE_CONNECT_API_KEY_KEY_FILEPATH + # duration The token session duration APP_STORE_CONNECT_API_KEY_DURATION + # in_house Is App Store or Enterprise (in house) APP_STORE_CONNECT_API_KEY_IN_HOUSE + app_store_connect_api_key( + # is_key_content_base64: true, + in_house: false # detecting this via App Store Connect private key not currently supported + ) +end \ No newline at end of file diff --git a/fastlane/Matchfile b/fastlane/Matchfile new file mode 100644 index 000000000..d69282904 --- /dev/null +++ b/fastlane/Matchfile @@ -0,0 +1,12 @@ +storage_mode("git") +git_url("git@github.com:kiwix/apple-certificates.git") +git_branch("master") +type("development") # The default type, can be: appstore, adhoc, enterprise or development +verbose(true) +app_identifier(["self.Kiwix", "org.kiwix.custom.dwds"]) +# username("user@fastlane.tools") # Your Apple Developer Portal username + +# For all available options run `fastlane match --help` +# Remove the # in the beginning of the line to enable the other options + +# The docs are available on https://docs.fastlane.tools/actions/match diff --git a/fastlane/README.md b/fastlane/README.md new file mode 100644 index 000000000..7ac24dcf6 --- /dev/null +++ b/fastlane/README.md @@ -0,0 +1,45 @@ +fastlane documentation +---- + +# Installation + +Make sure you have the latest version of the Xcode command line tools installed: + +```sh +xcode-select --install +``` + +For _fastlane_ installation instructions, see [Installing _fastlane_](https://docs.fastlane.tools/#installing-fastlane) + +# Available Actions + +## iOS + +### ios build + +```sh +[bundle exec] fastlane ios build +``` + +Build the iOS app + +---- + + +## Mac + +### mac build + +```sh +[bundle exec] fastlane mac build +``` + +Build the macOS app + +---- + +This README.md is auto-generated and will be re-generated every time [_fastlane_](https://fastlane.tools) is run. + +More information about _fastlane_ can be found on [fastlane.tools](https://fastlane.tools). + +The documentation of _fastlane_ can be found on [docs.fastlane.tools](https://docs.fastlane.tools). From 8d13f0b44fa9fd6a31c57240a0a71b33a9ca4dd6 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sat, 27 Jan 2024 12:46:15 +0100 Subject: [PATCH 02/64] Locally working dev builds --- fastlane/Fastfile | 38 +++++++++++++++++++++++--------------- fastlane/Gymfile | 9 +++++++++ fastlane/Matchfile | 12 ++++++------ fastlane/README.md | 8 ++++---- 4 files changed, 42 insertions(+), 25 deletions(-) create mode 100644 fastlane/Gymfile diff --git a/fastlane/Fastfile b/fastlane/Fastfile index a1142389a..409bb42c5 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -13,29 +13,37 @@ # Uncomment the line if you want fastlane to automatically update itself # update_fastlane +# load_app_store_api_key +# setup_ci +# get_certificates +# get_provisioning_profile + platform :ios do - desc "Build the iOS app" - lane :build do - # load_app_store_api_key - setup_ci - get_certificates - get_provisioning_profile + desc "Build the iOS app for development " + lane :devbuild do + match(type: "development", readonly: true) build_app(scheme: ENV["APP_SCHEME"], destination: "generic/platform=iOS", - sdk: 'iphoneos') + sdk: 'iphoneos', + export_options: { + method: "development", + signingStyle: 'manual', + provisioningProfiles: { + "self.Kiwix": "match Development self.Kiwix", + } + }) end end platform :mac do - desc "Build the macOS app" - lane :build do - # load_app_store_api_key - setup_ci - get_certificates - get_provisioning_profile - # fetch_certificates + desc "Build the macOS app for development" + lane :devbuild do build_app(scheme: ENV["APP_SCHEME"], - destination: "generic/platform=macOS") + destination: "generic/platform=macOS", + export_options: { + method: "development", + signingStyle: 'manual' + }) end end diff --git a/fastlane/Gymfile b/fastlane/Gymfile new file mode 100644 index 000000000..269e95f13 --- /dev/null +++ b/fastlane/Gymfile @@ -0,0 +1,9 @@ +# For more information about this configuration visit +# https://docs.fastlane.tools/actions/gym/#gymfile + +# In general, you can use the options available +# fastlane gym --help + +scheme("Kiwix") +output_directory("./") +export_method("development") \ No newline at end of file diff --git a/fastlane/Matchfile b/fastlane/Matchfile index d69282904..ff0953b1e 100644 --- a/fastlane/Matchfile +++ b/fastlane/Matchfile @@ -1,9 +1,9 @@ -storage_mode("git") -git_url("git@github.com:kiwix/apple-certificates.git") -git_branch("master") -type("development") # The default type, can be: appstore, adhoc, enterprise or development -verbose(true) -app_identifier(["self.Kiwix", "org.kiwix.custom.dwds"]) +storage_mode "git" +git_url "git@github.com:kiwix/apple-certificates.git" +git_branch "master" +verbose true +readonly true +app_identifier ["self.Kiwix", "org.kiwix.custom.dwds"] # username("user@fastlane.tools") # Your Apple Developer Portal username # For all available options run `fastlane match --help` diff --git a/fastlane/README.md b/fastlane/README.md index 7ac24dcf6..238bf98a1 100644 --- a/fastlane/README.md +++ b/fastlane/README.md @@ -15,10 +15,10 @@ For _fastlane_ installation instructions, see [Installing _fastlane_](https://do ## iOS -### ios build +### ios devbuild ```sh -[bundle exec] fastlane ios build +[bundle exec] fastlane ios devbuild ``` Build the iOS app @@ -28,10 +28,10 @@ Build the iOS app ## Mac -### mac build +### mac devbuild ```sh -[bundle exec] fastlane mac build +[bundle exec] fastlane mac devbuild ``` Build the macOS app From ea2b4a1b5cec2bb2d178bd65984297572e6b2c39 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sat, 27 Jan 2024 20:54:27 +0100 Subject: [PATCH 03/64] Update fastlane --- .gitignore | 2 ++ fastlane/Appfile | 2 +- fastlane/Fastfile | 55 ++-------------------------------------------- fastlane/Gymfile | 2 +- fastlane/README.md | 4 ++-- 5 files changed, 8 insertions(+), 57 deletions(-) diff --git a/.gitignore b/.gitignore index 6d1f53724..70b1ea815 100644 --- a/.gitignore +++ b/.gitignore @@ -75,3 +75,5 @@ Libraries *.xcodeproj # SPM package resolved: **/Package.resolved +# fastlane builds: +builds \ No newline at end of file diff --git a/fastlane/Appfile b/fastlane/Appfile index 1b24605f4..f9ae28988 100644 --- a/fastlane/Appfile +++ b/fastlane/Appfile @@ -4,4 +4,4 @@ team_name "Wikimedia CH" team_id "L7HWM3SP3L" -app_identifier "self.Kiwix" # to be replaced with ENV["APP_BUNDLE_ID"] +app_identifier "self.Kiwix" diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 409bb42c5..45b8b21d9 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -10,19 +10,11 @@ # https://docs.fastlane.tools/plugins/available-plugins # -# Uncomment the line if you want fastlane to automatically update itself -# update_fastlane - -# load_app_store_api_key -# setup_ci -# get_certificates -# get_provisioning_profile - platform :ios do desc "Build the iOS app for development " lane :devbuild do match(type: "development", readonly: true) - build_app(scheme: ENV["APP_SCHEME"], + build_app(scheme: "Kiwix", destination: "generic/platform=iOS", sdk: 'iphoneos', export_options: { @@ -38,7 +30,7 @@ end platform :mac do desc "Build the macOS app for development" lane :devbuild do - build_app(scheme: ENV["APP_SCHEME"], + build_app(scheme: "Kiwix", destination: "generic/platform=macOS", export_options: { method: "development", @@ -46,46 +38,3 @@ platform :mac do }) end end - -# platform :ios do -# desc "Build and upload the iOS app to testflight" -# lane :beta do -# load_app_store_api_key -# # fetch_certificates -# build_app(scheme: ENV["APP_SCHEME"]) -# # upload_to_testflight -# end -# end - -# platform :mac do -# desc "Build and upload the macOS app" -# lane :beta do -# load_app_store_api_key -# # fetch_certificates -# build_app(scheme: ENV["APP_SCHEME"]) -# # upload_to_testflight -# end -# end - -# private_lane :fetch_certificates do -# if is_ci -# match(type: "development", additional_cert_types: "mac_installer_distribution", readonly: true, git_url: "./certificates") -# else -# match(type: "development", additional_cert_types: "mac_installer_distribution", readonly: true) -# end -# end - -private_lane :load_app_store_api_key do - # the default env variables, * - required - # @see: https://sarunw.com/posts/using-app-store-connect-api-with-fastlane-match/ - # * key_id The key ID APP_STORE_CONNECT_API_KEY_KEY_ID - # * issuer_id The issuer ID APP_STORE_CONNECT_API_KEY_ISSUER_ID - # * key_content The content of the key p8 file APP_STORE_CONNECT_API_KEY_KEY - # key_filepath The path to the key p8 file APP_STORE_CONNECT_API_KEY_KEY_FILEPATH - # duration The token session duration APP_STORE_CONNECT_API_KEY_DURATION - # in_house Is App Store or Enterprise (in house) APP_STORE_CONNECT_API_KEY_IN_HOUSE - app_store_connect_api_key( - # is_key_content_base64: true, - in_house: false # detecting this via App Store Connect private key not currently supported - ) -end \ No newline at end of file diff --git a/fastlane/Gymfile b/fastlane/Gymfile index 269e95f13..63942132d 100644 --- a/fastlane/Gymfile +++ b/fastlane/Gymfile @@ -5,5 +5,5 @@ # fastlane gym --help scheme("Kiwix") -output_directory("./") +output_directory("./builds") export_method("development") \ No newline at end of file diff --git a/fastlane/README.md b/fastlane/README.md index 238bf98a1..e7e629656 100644 --- a/fastlane/README.md +++ b/fastlane/README.md @@ -21,7 +21,7 @@ For _fastlane_ installation instructions, see [Installing _fastlane_](https://do [bundle exec] fastlane ios devbuild ``` -Build the iOS app +Build the iOS app for development ---- @@ -34,7 +34,7 @@ Build the iOS app [bundle exec] fastlane mac devbuild ``` -Build the macOS app +Build the macOS app for development ---- From 966a708e2035553ebca57fd931a6fcc362afc730 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sat, 27 Jan 2024 21:08:22 +0100 Subject: [PATCH 04/64] Update CI fastlane --- .github/workflows/fastlane.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index ced10eab8..8be8be3c5 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -1,15 +1,14 @@ name: FASTLANE_CI on: - push: - branches: [ "main" ] + # push: + # branches: [ "main" ] pull_request: - branches: [ "main" ] + # branches: [ "main" ] env: APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 - # Allows you to run this workflow manually from the Actions tab workflow_dispatch: jobs: authorize: @@ -58,10 +57,8 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APP_SCHEME: "Kiwix" MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} - MATCH_GIT_PRIVATE_KEY: ${{ secrets.APPLE_CERTIFICATES_PAT }} run: | - bundle exec fastlane ios build + bundle exec fastlane ios devbuild From e98a59a76d37519d5117549659e7028570e7c18c Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sat, 27 Jan 2024 21:19:36 +0100 Subject: [PATCH 05/64] Use chekout of cert repo --- fastlane/Fastfile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 45b8b21d9..903372591 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -13,7 +13,7 @@ platform :ios do desc "Build the iOS app for development " lane :devbuild do - match(type: "development", readonly: true) + match_ios_certificates build_app(scheme: "Kiwix", destination: "generic/platform=iOS", sdk: 'iphoneos', @@ -38,3 +38,11 @@ platform :mac do }) end end + +private_lane :match_ios_certificates do + if is_ci + match(type: "development", readonly: true, git_url: "./certificates") + else + match(type: "development", readonly: true) + end +end \ No newline at end of file From d34b1e8ee1137977cbb4107fdfffb0bb5731ab91 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sat, 27 Jan 2024 21:37:34 +0100 Subject: [PATCH 06/64] Get provisioning profile on CI --- fastlane/Fastfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 903372591..438ce9b02 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -13,6 +13,10 @@ platform :ios do desc "Build the iOS app for development " lane :devbuild do + setup_ci + if is_ci + get_provisioning_profile + end match_ios_certificates build_app(scheme: "Kiwix", destination: "generic/platform=iOS", From 5028337788071dcf1ac8d7c1bb21631edfd8c9c6 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sat, 27 Jan 2024 22:36:35 +0100 Subject: [PATCH 07/64] Remove steps --- .github/workflows/fastlane.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 8be8be3c5..430559ed6 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -6,8 +6,8 @@ on: pull_request: # branches: [ "main" ] -env: - APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 +# env: +# APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 workflow_dispatch: jobs: @@ -45,18 +45,18 @@ jobs: brew bundle bundle update - - name: Add Apple Store Key - env: - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} - shell: bash - run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH + # - name: Add Apple Store Key + # env: + # APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + # APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} + # shell: bash + # run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH - name: Build iOS Kiwix app with Fastlane env: - APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} - APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + # APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} + # APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} + # APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} run: From 3f2a99e562f2185762e562a97a560913cf4477b8 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sat, 27 Jan 2024 22:40:14 +0100 Subject: [PATCH 08/64] Remove provisioning step --- fastlane/Fastfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 438ce9b02..bad1395e8 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -14,9 +14,6 @@ platform :ios do desc "Build the iOS app for development " lane :devbuild do setup_ci - if is_ci - get_provisioning_profile - end match_ios_certificates build_app(scheme: "Kiwix", destination: "generic/platform=iOS", From f0e0c7578b37cedaac1fdd81f72a328032925e7f Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 07:38:06 +0100 Subject: [PATCH 09/64] Remove CI setup --- fastlane/Fastfile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index bad1395e8..094cb7d59 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -13,7 +13,7 @@ platform :ios do desc "Build the iOS app for development " lane :devbuild do - setup_ci + ci_settings match_ios_certificates build_app(scheme: "Kiwix", destination: "generic/platform=iOS", @@ -40,6 +40,13 @@ platform :mac do end end +private_lane :ci_settings do + if is_ci + # setup_ci + xcode_select "./Application/Xcode_15.0.1.app" + end +end + private_lane :match_ios_certificates do if is_ci match(type: "development", readonly: true, git_url: "./certificates") From b8da691e2267761aa74fec92092f7c686fca86c1 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 07:42:17 +0100 Subject: [PATCH 10/64] Fix xcode select --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 094cb7d59..98d16e01c 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -43,7 +43,7 @@ end private_lane :ci_settings do if is_ci # setup_ci - xcode_select "./Application/Xcode_15.0.1.app" + xcode_select "/Application/Xcode_15.0.1.app" end end From 77fa8841746c1a4719b1dd82f11c6e9945620330 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 07:45:36 +0100 Subject: [PATCH 11/64] Fix path --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 98d16e01c..7fc6fe672 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -43,7 +43,7 @@ end private_lane :ci_settings do if is_ci # setup_ci - xcode_select "/Application/Xcode_15.0.1.app" + xcode_select "/Applications/Xcode_15.0.1.app" end end From 5c118e90b5839d0cb2dd014db918dfcebd6fce5b Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 11:17:39 +0100 Subject: [PATCH 12/64] Update profile selection --- fastlane/Fastfile | 14 +++++++++++--- fastlane/README.md | 8 ++++++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 7fc6fe672..a591ca70c 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -14,7 +14,8 @@ platform :ios do desc "Build the iOS app for development " lane :devbuild do ci_settings - match_ios_certificates + match_ios_dev_certificates + update_project_provisioning(profile: ENV['sigh_self.Kiwix_development_profile-path']) build_app(scheme: "Kiwix", destination: "generic/platform=iOS", sdk: 'iphoneos', @@ -25,7 +26,6 @@ platform :ios do "self.Kiwix": "match Development self.Kiwix", } }) - end end platform :mac do @@ -47,10 +47,18 @@ private_lane :ci_settings do end end -private_lane :match_ios_certificates do +private_lane :match_ios_dev_certificates do if is_ci match(type: "development", readonly: true, git_url: "./certificates") else match(type: "development", readonly: true) end +end + +private_lane :match_ios_appstore_certificates do + if is_ci + match(type: "appstore", readonly: true, git_url: "./certificates") + else + match(type: "appstore", readonly: true) + end end \ No newline at end of file diff --git a/fastlane/README.md b/fastlane/README.md index e7e629656..899a51ae7 100644 --- a/fastlane/README.md +++ b/fastlane/README.md @@ -23,6 +23,14 @@ For _fastlane_ installation instructions, see [Installing _fastlane_](https://do Build the iOS app for development +### ios build + +```sh +[bundle exec] fastlane ios build +``` + +Build the iOS app for development + ---- From 9b0eb1961d4208521c8dee13da52f5bd73937cf4 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 11:20:00 +0100 Subject: [PATCH 13/64] Update profile selection --- fastlane/Fastfile | 1 + 1 file changed, 1 insertion(+) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index a591ca70c..956edfe6f 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -26,6 +26,7 @@ platform :ios do "self.Kiwix": "match Development self.Kiwix", } }) + end end platform :mac do From cafe51f59f3027aea5ff55ad028364ad8a31c246 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 11:45:31 +0100 Subject: [PATCH 14/64] Revert --- fastlane/Fastfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 956edfe6f..7d01df7b7 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -15,7 +15,6 @@ platform :ios do lane :devbuild do ci_settings match_ios_dev_certificates - update_project_provisioning(profile: ENV['sigh_self.Kiwix_development_profile-path']) build_app(scheme: "Kiwix", destination: "generic/platform=iOS", sdk: 'iphoneos', @@ -43,7 +42,7 @@ end private_lane :ci_settings do if is_ci - # setup_ci + setup_ci xcode_select "/Applications/Xcode_15.0.1.app" end end From 27faf93546769df8564041db6bc4ac82a8fe3a68 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 12:37:43 +0100 Subject: [PATCH 15/64] Move xcode select to fastlane --- .github/workflows/fastlane.yml | 3 --- fastlane/README.md | 8 -------- 2 files changed, 11 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 430559ed6..10f133d44 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -36,9 +36,6 @@ jobs: path: certificates token: ${{ secrets.APPLE_CERTIFICATES_PAT }} - - name: Select Xcode - run: sudo xcode-select --switch /Applications/Xcode_15.0.1.app - - name: Download dependencies run: | diff --git a/fastlane/README.md b/fastlane/README.md index 899a51ae7..e7e629656 100644 --- a/fastlane/README.md +++ b/fastlane/README.md @@ -23,14 +23,6 @@ For _fastlane_ installation instructions, see [Installing _fastlane_](https://do Build the iOS app for development -### ios build - -```sh -[bundle exec] fastlane ios build -``` - -Build the iOS app for development - ---- From 6406395c6b062c0ce095c64937ee6954bad8bb04 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 17:42:34 +0100 Subject: [PATCH 16/64] Add teamid --- fastlane/Gymfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fastlane/Gymfile b/fastlane/Gymfile index 63942132d..b1b46293c 100644 --- a/fastlane/Gymfile +++ b/fastlane/Gymfile @@ -6,4 +6,5 @@ scheme("Kiwix") output_directory("./builds") -export_method("development") \ No newline at end of file +export_method("development") +export_team_id("L7HWM3SP3L") \ No newline at end of file From 6f8717fc46395b17cf0249067bf8bd13f710ab0c Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 17:49:33 +0100 Subject: [PATCH 17/64] Remove setup ci --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 7d01df7b7..8175477eb 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -42,7 +42,7 @@ end private_lane :ci_settings do if is_ci - setup_ci + # setup_ci xcode_select "/Applications/Xcode_15.0.1.app" end end From f1e043f7a49180d2f57561ac18dabeb457d694b0 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 18:41:51 +0100 Subject: [PATCH 18/64] Use imported cert --- .github/workflows/fastlane.yml | 16 ++++++++++++++-- fastlane/Fastfile | 22 ++++++++-------------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 10f133d44..8c001b8a9 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -6,8 +6,10 @@ on: pull_request: # branches: [ "main" ] -# env: -# APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 +env: + APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 + KEYCHAIN: /Users/runner/build.keychain-db + KEYCHAIN_PASSWORD: mysecretpassword workflow_dispatch: jobs: @@ -35,6 +37,14 @@ jobs: ref: master path: certificates token: ${{ secrets.APPLE_CERTIFICATES_PAT }} + + - name: Add Apple Development certificate to Keychain + uses: ./.github/actions/install-cert + with: + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - name: Download dependencies run: @@ -56,6 +66,8 @@ jobs: # APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} run: | bundle exec fastlane ios devbuild diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 8175477eb..60c3baec8 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -14,36 +14,30 @@ platform :ios do desc "Build the iOS app for development " lane :devbuild do ci_settings - match_ios_dev_certificates build_app(scheme: "Kiwix", destination: "generic/platform=iOS", sdk: 'iphoneos', export_options: { - method: "development", - signingStyle: 'manual', - provisioningProfiles: { - "self.Kiwix": "match Development self.Kiwix", - } + method: "development" }) - end + end end platform :mac do desc "Build the macOS app for development" lane :devbuild do build_app(scheme: "Kiwix", - destination: "generic/platform=macOS", - export_options: { - method: "development", - signingStyle: 'manual' - }) + destination: "generic/platform=macOS") end end private_lane :ci_settings do if is_ci - # setup_ci - xcode_select "/Applications/Xcode_15.0.1.app" + xcode_select("/Applications/Xcode_15.0.1.app") + unlock_keychain( + path: ENV['KEYCHAIN'], + password: ENV['KEYCHAIN_PASSWORD'], + set_default: true) end end From 816594d6bdafc05aa4371b7b92fd83705378c9c8 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 18:47:23 +0100 Subject: [PATCH 19/64] Create keychain --- .github/workflows/fastlane.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 8c001b8a9..91bc7c461 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -37,6 +37,17 @@ jobs: ref: master path: certificates token: ${{ secrets.APPLE_CERTIFICATES_PAT }} + + - name: Create Keychain + shell: bash + env: + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + security default-keychain -s $KEYCHAIN + security set-keychain-settings $KEYCHAIN + security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - name: Add Apple Development certificate to Keychain uses: ./.github/actions/install-cert From 5b0489d99452cfbfe7048ce2f0546b1a14e31ab4 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 18:57:40 +0100 Subject: [PATCH 20/64] Add allowProvisioningUpdates --- fastlane/Fastfile | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 60c3baec8..3e96474d6 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -11,33 +11,45 @@ # platform :ios do - desc "Build the iOS app for development " + desc "Build the iOS app for development" lane :devbuild do ci_settings + match_ios_dev_certificates build_app(scheme: "Kiwix", destination: "generic/platform=iOS", sdk: 'iphoneos', + export_method: "development", + export_xcargs: "-allowProvisioningUpdates", export_options: { - method: "development" + method: "development", + signingStyle: 'manual', + provisioningProfiles: { + "self.Kiwix": "match Development self.Kiwix", + } }) - end + end end platform :mac do desc "Build the macOS app for development" lane :devbuild do build_app(scheme: "Kiwix", - destination: "generic/platform=macOS") + destination: "generic/platform=macOS", + export_options: { + method: "development", + signingStyle: 'manual' + }) end end private_lane :ci_settings do if is_ci - xcode_select("/Applications/Xcode_15.0.1.app") unlock_keychain( path: ENV['KEYCHAIN'], password: ENV['KEYCHAIN_PASSWORD'], - set_default: true) + set_default: true + ) + xcode_select "/Applications/Xcode_15.0.1.app" end end From 28ef0040a36a2f5ba1b05f7b23ca9f3e803776be Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 19:51:52 +0100 Subject: [PATCH 21/64] Separate build with no sign --- .github/workflows/fastlane.yml | 46 +++++++++++------------ fastlane/Fastfile | 67 +++++++++++++++++++--------------- fastlane/README.md | 10 ++++- 3 files changed, 70 insertions(+), 53 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 91bc7c461..dd0146539 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -6,10 +6,10 @@ on: pull_request: # branches: [ "main" ] -env: - APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 - KEYCHAIN: /Users/runner/build.keychain-db - KEYCHAIN_PASSWORD: mysecretpassword +# env: +# APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 +# KEYCHAIN: /Users/runner/build.keychain-db +# KEYCHAIN_PASSWORD: mysecretpassword workflow_dispatch: jobs: @@ -38,24 +38,24 @@ jobs: path: certificates token: ${{ secrets.APPLE_CERTIFICATES_PAT }} - - name: Create Keychain - shell: bash - env: - KEYCHAIN: ${{ env.KEYCHAIN }} - KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - run: | - security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - security default-keychain -s $KEYCHAIN - security set-keychain-settings $KEYCHAIN - security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + # - name: Create Keychain + # shell: bash + # env: + # KEYCHAIN: ${{ env.KEYCHAIN }} + # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + # run: | + # security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + # security default-keychain -s $KEYCHAIN + # security set-keychain-settings $KEYCHAIN + # security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - - name: Add Apple Development certificate to Keychain - uses: ./.github/actions/install-cert - with: - SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - KEYCHAIN: ${{ env.KEYCHAIN }} - KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + # - name: Add Apple Development certificate to Keychain + # uses: ./.github/actions/install-cert + # with: + # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + # KEYCHAIN: ${{ env.KEYCHAIN }} + # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - name: Download dependencies run: @@ -77,8 +77,8 @@ jobs: # APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} - KEYCHAIN: ${{ env.KEYCHAIN }} - KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + # KEYCHAIN: ${{ env.KEYCHAIN }} + # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} run: | bundle exec fastlane ios devbuild diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 3e96474d6..d83a1873a 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -11,57 +11,66 @@ # platform :ios do - desc "Build the iOS app for development" + desc "Build iOS app without codesigning" lane :devbuild do ci_settings - match_ios_dev_certificates build_app(scheme: "Kiwix", destination: "generic/platform=iOS", sdk: 'iphoneos', - export_method: "development", - export_xcargs: "-allowProvisioningUpdates", - export_options: { - method: "development", - signingStyle: 'manual', - provisioningProfiles: { - "self.Kiwix": "match Development self.Kiwix", - } - }) + skip_codesigning: true) end + + desc "Build iOS app for AppStore" + lane :build do + ci_settings + match_appstore_certificates + build_app( + destination: "generic/platform=iOS", + sdk: 'iphoneos', + export_options: { + method: "app-store", + provisioningProfiles: { + "self.Kiwix": "match AppStore self.Kiwix", + }, + signingStyle: 'manual', + } + ) + end end + platform :mac do - desc "Build the macOS app for development" + desc "Build macOS app without codesigning" lane :devbuild do + build_app(scheme: "Kiwix", + destination: "generic/platform=macOS", + skip_codesigning: true) + end + + desc "Build macOS app for AppStore" + lane :build do + ci_settings + match_appstore_certificates build_app(scheme: "Kiwix", destination: "generic/platform=macOS", export_options: { - method: "development", - signingStyle: 'manual' - }) + method: "app-store", + provisioningProfiles: { + "self.Kiwix": "match AppStore self.Kiwix", + }, + signingStyle: 'manual', + }) end end private_lane :ci_settings do if is_ci - unlock_keychain( - path: ENV['KEYCHAIN'], - password: ENV['KEYCHAIN_PASSWORD'], - set_default: true - ) + setup_ci xcode_select "/Applications/Xcode_15.0.1.app" end end -private_lane :match_ios_dev_certificates do - if is_ci - match(type: "development", readonly: true, git_url: "./certificates") - else - match(type: "development", readonly: true) - end -end - -private_lane :match_ios_appstore_certificates do +private_lane :match_appstore_certificates do if is_ci match(type: "appstore", readonly: true, git_url: "./certificates") else diff --git a/fastlane/README.md b/fastlane/README.md index e7e629656..9d904f62e 100644 --- a/fastlane/README.md +++ b/fastlane/README.md @@ -21,7 +21,15 @@ For _fastlane_ installation instructions, see [Installing _fastlane_](https://do [bundle exec] fastlane ios devbuild ``` -Build the iOS app for development +Build the iOS app without codesigning + +### ios build + +```sh +[bundle exec] fastlane ios build +``` + +Build the iOS app for AppStore ---- From 0fdd6c8f858a18250b4c577e7e8b5105774d6d66 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 20:03:33 +0100 Subject: [PATCH 22/64] Try AppStore build --- .github/workflows/fastlane.yml | 2 +- fastlane/Gymfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index dd0146539..00d6766d0 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -81,4 +81,4 @@ jobs: # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} run: | - bundle exec fastlane ios devbuild + bundle exec fastlane ios build diff --git a/fastlane/Gymfile b/fastlane/Gymfile index b1b46293c..47d85e251 100644 --- a/fastlane/Gymfile +++ b/fastlane/Gymfile @@ -6,5 +6,5 @@ scheme("Kiwix") output_directory("./builds") -export_method("development") +export_method("app-store") export_team_id("L7HWM3SP3L") \ No newline at end of file From 68682f26df8b2e781912ec4e25185aa86ec826d6 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 20:21:18 +0100 Subject: [PATCH 23/64] Try to manually unlock keychain --- fastlane/Fastfile | 6 ++++++ fastlane/Matchfile | 1 + 2 files changed, 7 insertions(+) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index d83a1873a..26960c3d3 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -24,6 +24,12 @@ platform :ios do lane :build do ci_settings match_appstore_certificates + if is_ci + unlock_keychain( + path: "/Users/runner/Library/Keychains/fastlane_tmp_keychain-db", + password: "my_temp_secret" + ) + end build_app( destination: "generic/platform=iOS", sdk: 'iphoneos', diff --git a/fastlane/Matchfile b/fastlane/Matchfile index ff0953b1e..2bfccec20 100644 --- a/fastlane/Matchfile +++ b/fastlane/Matchfile @@ -3,6 +3,7 @@ git_url "git@github.com:kiwix/apple-certificates.git" git_branch "master" verbose true readonly true +keychain_password "my_temp_secret" app_identifier ["self.Kiwix", "org.kiwix.custom.dwds"] # username("user@fastlane.tools") # Your Apple Developer Portal username From 1039343765a04421d47fb0bdd0322216c709e005 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 20:59:26 +0100 Subject: [PATCH 24/64] Try app store creds --- .github/workflows/fastlane.yml | 24 +++++++++++------------- fastlane/Fastfile | 13 +++++++++---- fastlane/Gymfile | 3 ++- fastlane/README.md | 14 +++++++++++--- 4 files changed, 33 insertions(+), 21 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 00d6766d0..941ff9cfa 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -6,8 +6,8 @@ on: pull_request: # branches: [ "main" ] -# env: -# APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 +env: + APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 # KEYCHAIN: /Users/runner/build.keychain-db # KEYCHAIN_PASSWORD: mysecretpassword @@ -63,22 +63,20 @@ jobs: brew bundle bundle update - # - name: Add Apple Store Key - # env: - # APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - # APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} - # shell: bash - # run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH + - name: Add Apple Store Key + env: + APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} + shell: bash + run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH - name: Build iOS Kiwix app with Fastlane env: - # APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - # APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} - # APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} + APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} + APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} - # KEYCHAIN: ${{ env.KEYCHAIN }} - # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} run: | bundle exec fastlane ios build diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 26960c3d3..3be82391b 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -33,11 +33,16 @@ platform :ios do build_app( destination: "generic/platform=iOS", sdk: 'iphoneos', + configuration: 'release', export_options: { method: "app-store", provisioningProfiles: { "self.Kiwix": "match AppStore self.Kiwix", }, + allowProvisioningUpdates: true, + authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], + authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], + authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], signingStyle: 'manual', } ) @@ -77,9 +82,9 @@ private_lane :ci_settings do end private_lane :match_appstore_certificates do - if is_ci + # if is_ci match(type: "appstore", readonly: true, git_url: "./certificates") - else - match(type: "appstore", readonly: true) - end + # else + # match(type: "appstore", readonly: true) + # end end \ No newline at end of file diff --git a/fastlane/Gymfile b/fastlane/Gymfile index 47d85e251..af29d5fbd 100644 --- a/fastlane/Gymfile +++ b/fastlane/Gymfile @@ -7,4 +7,5 @@ scheme("Kiwix") output_directory("./builds") export_method("app-store") -export_team_id("L7HWM3SP3L") \ No newline at end of file +export_team_id("L7HWM3SP3L") +codesigning_identity("match AppStore self.Kiwix") \ No newline at end of file diff --git a/fastlane/README.md b/fastlane/README.md index 9d904f62e..9391e986e 100644 --- a/fastlane/README.md +++ b/fastlane/README.md @@ -21,7 +21,7 @@ For _fastlane_ installation instructions, see [Installing _fastlane_](https://do [bundle exec] fastlane ios devbuild ``` -Build the iOS app without codesigning +Build iOS app without codesigning ### ios build @@ -29,7 +29,7 @@ Build the iOS app without codesigning [bundle exec] fastlane ios build ``` -Build the iOS app for AppStore +Build iOS app for AppStore ---- @@ -42,7 +42,15 @@ Build the iOS app for AppStore [bundle exec] fastlane mac devbuild ``` -Build the macOS app for development +Build macOS app without codesigning + +### mac build + +```sh +[bundle exec] fastlane mac build +``` + +Build macOS app for AppStore ---- From 17ea427ce2c43e27990af679f05893b15841d99d Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 21:05:08 +0100 Subject: [PATCH 25/64] Try auto-sign --- fastlane/Fastfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 3be82391b..693133cce 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -33,7 +33,7 @@ platform :ios do build_app( destination: "generic/platform=iOS", sdk: 'iphoneos', - configuration: 'release', + configuration: 'Release', export_options: { method: "app-store", provisioningProfiles: { @@ -43,7 +43,6 @@ platform :ios do authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], - signingStyle: 'manual', } ) end From dd73b7b40d2380dd1d4f8a565c0754b8885f7776 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 21:11:13 +0100 Subject: [PATCH 26/64] Enforce manual signing --- fastlane/Fastfile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 693133cce..bad5f80aa 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -30,6 +30,10 @@ platform :ios do password: "my_temp_secret" ) end + update_code_signing_settings( + use_automatic_signing: false, + path: "Kiwix.xcodeproj" + ) build_app( destination: "generic/platform=iOS", sdk: 'iphoneos', @@ -43,6 +47,7 @@ platform :ios do authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], + signingStyle: 'manual', } ) end @@ -81,9 +86,9 @@ private_lane :ci_settings do end private_lane :match_appstore_certificates do - # if is_ci + if is_ci match(type: "appstore", readonly: true, git_url: "./certificates") - # else - # match(type: "appstore", readonly: true) - # end + else + match(type: "appstore", readonly: true) + end end \ No newline at end of file From d13579c05b6b5a9512b27edee0d01ad39fe97df0 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 21:17:12 +0100 Subject: [PATCH 27/64] Define profile --- fastlane/Fastfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index bad5f80aa..003cb8256 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -32,7 +32,8 @@ platform :ios do end update_code_signing_settings( use_automatic_signing: false, - path: "Kiwix.xcodeproj" + path: "Kiwix.xcodeproj", + profile_name: "match AppStore self.Kiwix" ) build_app( destination: "generic/platform=iOS", From 57ef778fe796be8c51a8fda03f6a01ffb2abeeb6 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 22:46:15 +0100 Subject: [PATCH 28/64] Use auto codesign --- fastlane/Fastfile | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 003cb8256..4eb5f3968 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -19,9 +19,26 @@ platform :ios do sdk: 'iphoneos', skip_codesigning: true) end - + desc "Build iOS app for AppStore" - lane :build do + lane :build_manual do + ci_settings + build_app( + destination: "generic/platform=iOS", + sdk: 'iphoneos', + configuration: 'Release', + export_options: { + method: "app-store", + allowProvisioningUpdates: true, + authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], + authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], + authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], + } + ) + end + + desc "Build iOS app for AppStore, manual signing" + lane :build_manual do ci_settings match_appstore_certificates if is_ci From acd01b967ae043043c5d9097a4059969917a1768 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 22:53:01 +0100 Subject: [PATCH 29/64] Change lane name --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 4eb5f3968..804b2c5f4 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -21,7 +21,7 @@ platform :ios do end desc "Build iOS app for AppStore" - lane :build_manual do + lane :build do ci_settings build_app( destination: "generic/platform=iOS", From 90fdf41c31f1904390e4b0785334c27f597aec7d Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 23:01:42 +0100 Subject: [PATCH 30/64] Remove match cert specification --- fastlane/Gymfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fastlane/Gymfile b/fastlane/Gymfile index af29d5fbd..47d85e251 100644 --- a/fastlane/Gymfile +++ b/fastlane/Gymfile @@ -7,5 +7,4 @@ scheme("Kiwix") output_directory("./builds") export_method("app-store") -export_team_id("L7HWM3SP3L") -codesigning_identity("match AppStore self.Kiwix") \ No newline at end of file +export_team_id("L7HWM3SP3L") \ No newline at end of file From 360172c1a833b64392a906da95bee653a24f027d Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 23:12:07 +0100 Subject: [PATCH 31/64] Move allowProvisioningUpdates --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 804b2c5f4..0ccdb38b6 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -27,9 +27,9 @@ platform :ios do destination: "generic/platform=iOS", sdk: 'iphoneos', configuration: 'Release', + allowProvisioningUpdates: true, export_options: { method: "app-store", - allowProvisioningUpdates: true, authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], From 9e69e15b80007779f78e783154d47169c47bb8d5 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 23:21:37 +0100 Subject: [PATCH 32/64] Use xcargs --- fastlane/Fastfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 0ccdb38b6..cdc8416cb 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -27,7 +27,9 @@ platform :ios do destination: "generic/platform=iOS", sdk: 'iphoneos', configuration: 'Release', - allowProvisioningUpdates: true, + xcargs: { + allowProvisioningUpdates: true, + }, export_options: { method: "app-store", authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], From 1b9f23f58a93f4333b9a17dc9135470d144068bb Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 28 Jan 2024 23:29:27 +0100 Subject: [PATCH 33/64] Switch to gym --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index cdc8416cb..dbc8473fc 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -23,7 +23,7 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do ci_settings - build_app( + gym( destination: "generic/platform=iOS", sdk: 'iphoneos', configuration: 'Release', From eadfed85bcfd484bdca8c21d6586979a4ff5b2f1 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Mon, 29 Jan 2024 22:45:06 +0100 Subject: [PATCH 34/64] Try manual signing with allowProvisioningUpdates --- .github/workflows/fastlane.yml | 2 +- fastlane/Fastfile | 6 ++---- fastlane/README.md | 8 ++++++++ 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 941ff9cfa..b776a4271 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -79,4 +79,4 @@ jobs: MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} run: | - bundle exec fastlane ios build + bundle exec fastlane ios build_manual diff --git a/fastlane/Fastfile b/fastlane/Fastfile index dbc8473fc..e07188cfa 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -27,9 +27,7 @@ platform :ios do destination: "generic/platform=iOS", sdk: 'iphoneos', configuration: 'Release', - xcargs: { - allowProvisioningUpdates: true, - }, + xcargs: "-allowProvisioningUpdates", export_options: { method: "app-store", authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], @@ -58,12 +56,12 @@ platform :ios do destination: "generic/platform=iOS", sdk: 'iphoneos', configuration: 'Release', + xcargs: "-allowProvisioningUpdates", export_options: { method: "app-store", provisioningProfiles: { "self.Kiwix": "match AppStore self.Kiwix", }, - allowProvisioningUpdates: true, authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], diff --git a/fastlane/README.md b/fastlane/README.md index 9391e986e..8689920ed 100644 --- a/fastlane/README.md +++ b/fastlane/README.md @@ -31,6 +31,14 @@ Build iOS app without codesigning Build iOS app for AppStore +### ios build_manual + +```sh +[bundle exec] fastlane ios build_manual +``` + +Build iOS app for AppStore, manual signing + ---- From aef6102a2febf617bf629861c38b30d400235caf Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Mon, 29 Jan 2024 23:03:40 +0100 Subject: [PATCH 35/64] Match get both dev and appstore certs --- fastlane/Fastfile | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index e07188cfa..1b80facec 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -40,7 +40,7 @@ platform :ios do desc "Build iOS app for AppStore, manual signing" lane :build_manual do ci_settings - match_appstore_certificates + match_certificates if is_ci unlock_keychain( path: "/Users/runner/Library/Keychains/fastlane_tmp_keychain-db", @@ -83,7 +83,7 @@ platform :mac do desc "Build macOS app for AppStore" lane :build do ci_settings - match_appstore_certificates + match_certificates build_app(scheme: "Kiwix", destination: "generic/platform=macOS", export_options: { @@ -103,10 +103,12 @@ private_lane :ci_settings do end end -private_lane :match_appstore_certificates do - if is_ci - match(type: "appstore", readonly: true, git_url: "./certificates") - else - match(type: "appstore", readonly: true) +private_lane :match_certificates do + ["appstore", "development"].each do |type| + if is_ci + match(type: type, readonly: true, git_url: "./certificates") + else + match(type: type, readonly: true) + end end end \ No newline at end of file From f88a051c58b68f350c82672796bb05762fdb9aa2 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Mon, 29 Jan 2024 23:08:55 +0100 Subject: [PATCH 36/64] Use gym --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 1b80facec..ca17349b8 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -52,7 +52,7 @@ platform :ios do path: "Kiwix.xcodeproj", profile_name: "match AppStore self.Kiwix" ) - build_app( + gym( destination: "generic/platform=iOS", sdk: 'iphoneos', configuration: 'Release', From 6b23ef165997db03dee0b065805b9c95858dd5d3 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 30 Jan 2024 21:25:51 +0100 Subject: [PATCH 37/64] Skip xcode detection for profile, use only app-store profile --- fastlane/Fastfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index ca17349b8..20613c068 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -59,6 +59,7 @@ platform :ios do xcargs: "-allowProvisioningUpdates", export_options: { method: "app-store", + skip_profile_detection: true, provisioningProfiles: { "self.Kiwix": "match AppStore self.Kiwix", }, @@ -104,11 +105,10 @@ private_lane :ci_settings do end private_lane :match_certificates do - ["appstore", "development"].each do |type| - if is_ci - match(type: type, readonly: true, git_url: "./certificates") - else - match(type: type, readonly: true) - end + type = "appstore" + if is_ci + match(type: type, readonly: true, git_url: "./certificates") + else + match(type: type, readonly: true) end end \ No newline at end of file From 8e2902bea373969da38e594d53d2950ce72e2ba8 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 30 Jan 2024 22:00:10 +0100 Subject: [PATCH 38/64] Update codesigning of the project --- fastlane/Fastfile | 12 ++++++++++++ fastlane/README.md | 8 ++++++++ 2 files changed, 20 insertions(+) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 20613c068..b6d2a9a6a 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -37,6 +37,18 @@ platform :ios do ) end + lane :switch_manual do + ci_settings + match_certificates + update_code_signing_settings( + use_automatic_signing: false, + path: "Kiwix.xcodeproj", + profile_name: "match AppStore self.Kiwix", + code_sign_identity: "Apple Distribution", + build_configurations: "Release" + ) + end + desc "Build iOS app for AppStore, manual signing" lane :build_manual do ci_settings diff --git a/fastlane/README.md b/fastlane/README.md index 8689920ed..39562f3a1 100644 --- a/fastlane/README.md +++ b/fastlane/README.md @@ -31,6 +31,14 @@ Build iOS app without codesigning Build iOS app for AppStore +### ios switch_manual + +```sh +[bundle exec] fastlane ios switch_manual +``` + + + ### ios build_manual ```sh From 9688efb1f1cc57883ea29b8904158a638e107c75 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 30 Jan 2024 22:12:52 +0100 Subject: [PATCH 39/64] Add both certs --- fastlane/Fastfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index b6d2a9a6a..51f3bee33 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -117,10 +117,11 @@ private_lane :ci_settings do end private_lane :match_certificates do - type = "appstore" - if is_ci - match(type: type, readonly: true, git_url: "./certificates") - else - match(type: type, readonly: true) + ["development", "appstore"].each do |type| + if is_ci + match(type: type, readonly: true, git_url: "./certificates") + else + match(type: type, readonly: true) + end end end \ No newline at end of file From 05924b4b2f6bac8b2101353d2da48fa6aad116f0 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 30 Jan 2024 22:18:34 +0100 Subject: [PATCH 40/64] Force code sign identity --- fastlane/Fastfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 51f3bee33..7b120234e 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -62,7 +62,9 @@ platform :ios do update_code_signing_settings( use_automatic_signing: false, path: "Kiwix.xcodeproj", - profile_name: "match AppStore self.Kiwix" + profile_name: "match AppStore self.Kiwix", + code_sign_identity: "Apple Distribution", + build_configurations: "Release" ) gym( destination: "generic/platform=iOS", @@ -117,7 +119,7 @@ private_lane :ci_settings do end private_lane :match_certificates do - ["development", "appstore"].each do |type| + ["appstore"].each do |type| if is_ci match(type: type, readonly: true, git_url: "./certificates") else From 1e071b99fcc136fc8ea04ac1f1f22591acc650fe Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 30 Jan 2024 22:48:48 +0100 Subject: [PATCH 41/64] Try with profile detection off --- fastlane/Fastfile | 1 + 1 file changed, 1 insertion(+) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 7b120234e..9f1d2a6d1 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -71,6 +71,7 @@ platform :ios do sdk: 'iphoneos', configuration: 'Release', xcargs: "-allowProvisioningUpdates", + skip_profile_detection: true, export_options: { method: "app-store", skip_profile_detection: true, From a9b0554f268d7df496645e463cf7c382f2e2f1dd Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 30 Jan 2024 23:37:41 +0100 Subject: [PATCH 42/64] Use existing deployment cert --- .github/workflows/fastlane.yml | 60 ++++++++++++++++++---------------- fastlane/Fastfile | 5 +++ 2 files changed, 36 insertions(+), 29 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index b776a4271..96ce718be 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -8,8 +8,8 @@ on: env: APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 -# KEYCHAIN: /Users/runner/build.keychain-db -# KEYCHAIN_PASSWORD: mysecretpassword + KEYCHAIN: /Users/runner/build.keychain-db + KEYCHAIN_PASSWORD: mysecretpassword workflow_dispatch: jobs: @@ -30,32 +30,34 @@ jobs: # /!\ important: this checks out code from the HEAD of the PR instead of the main branch (for pull_request_target) ref: ${{ github.event.pull_request.head.sha || github.ref }} - - name: Checkout certs - uses: actions/checkout@v4 - with: - repository: kiwix/apple-certificates - ref: master - path: certificates - token: ${{ secrets.APPLE_CERTIFICATES_PAT }} + # - name: Checkout certs + # uses: actions/checkout@v4 + # with: + # repository: kiwix/apple-certificates + # ref: master + # path: certificates + # token: ${{ secrets.APPLE_CERTIFICATES_PAT }} - # - name: Create Keychain - # shell: bash - # env: - # KEYCHAIN: ${{ env.KEYCHAIN }} - # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - # run: | - # security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - # security default-keychain -s $KEYCHAIN - # security set-keychain-settings $KEYCHAIN - # security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + - name: Create Keychain + shell: bash + env: + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + security default-keychain -s $KEYCHAIN + security set-keychain-settings $KEYCHAIN + security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - # - name: Add Apple Development certificate to Keychain - # uses: ./.github/actions/install-cert - # with: - # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - # KEYCHAIN: ${{ env.KEYCHAIN }} - # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + - name: Add Apple Distribution certificate to Keychain + uses: ./.github/actions/install-cert + with: + # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - name: Download dependencies run: @@ -75,8 +77,8 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} - MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} + # MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} + # MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} run: | - bundle exec fastlane ios build_manual + bundle exec fastlane ios build diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 9f1d2a6d1..649dbabe6 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -23,6 +23,11 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do ci_settings + update_code_signing_settings( + path: "Kiwix.xcodeproj", + code_sign_identity: "Apple Distribution", + build_configurations: "Release" + ) gym( destination: "generic/platform=iOS", sdk: 'iphoneos', From 895e0c03b99e2762a0ed66b0fae137b09fe61778 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 30 Jan 2024 23:41:19 +0100 Subject: [PATCH 43/64] Use auto-sign --- fastlane/Fastfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 649dbabe6..2d414bf34 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -26,7 +26,8 @@ platform :ios do update_code_signing_settings( path: "Kiwix.xcodeproj", code_sign_identity: "Apple Distribution", - build_configurations: "Release" + build_configurations: "Release", + use_automatic_signing: true ) gym( destination: "generic/platform=iOS", From 9cf6f6427870afedc8d4404fcb32a949208e4cde Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 31 Jan 2024 09:53:17 +0100 Subject: [PATCH 44/64] Use Apple Development for code signing --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 2d414bf34..89cbd94e6 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -25,7 +25,7 @@ platform :ios do ci_settings update_code_signing_settings( path: "Kiwix.xcodeproj", - code_sign_identity: "Apple Distribution", + code_sign_identity: "Apple Development", build_configurations: "Release", use_automatic_signing: true ) From 5b131fc6f5d2bf70d48f563451342fc9e390436a Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 31 Jan 2024 10:01:48 +0100 Subject: [PATCH 45/64] Include dev profile as well --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 89cbd94e6..c695a12f9 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -126,7 +126,7 @@ private_lane :ci_settings do end private_lane :match_certificates do - ["appstore"].each do |type| + ["development", "appstore"].each do |type| if is_ci match(type: type, readonly: true, git_url: "./certificates") else From f16a427f9f69ef1da2956a0c2d5c361e87e98927 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 31 Jan 2024 10:20:43 +0100 Subject: [PATCH 46/64] With less config --- fastlane/Fastfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index c695a12f9..5733bf417 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -23,12 +23,12 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do ci_settings - update_code_signing_settings( - path: "Kiwix.xcodeproj", - code_sign_identity: "Apple Development", - build_configurations: "Release", - use_automatic_signing: true - ) + # update_code_signing_settings( + # path: "Kiwix.xcodeproj", + # code_sign_identity: "Apple Development", + # build_configurations: "Release", + # use_automatic_signing: true + # ) gym( destination: "generic/platform=iOS", sdk: 'iphoneos', From 9e055cd93dae8ad516ce15ab4b96c22a594a847d Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 31 Jan 2024 22:47:33 +0100 Subject: [PATCH 47/64] Update bash --- .github/workflows/fastlane.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 96ce718be..cce6d74bf 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -79,6 +79,7 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} # MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} # MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} + shell: bash run: | bundle exec fastlane ios build From 8da558d386449c553d000cad5c1cfd9515db4553 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 09:39:50 +0100 Subject: [PATCH 48/64] Unlock keychain in fastlane --- .github/workflows/fastlane.yml | 2 ++ fastlane/Fastfile | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index cce6d74bf..22f6de570 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -79,6 +79,8 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} # MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} # MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} shell: bash run: | diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 5733bf417..7e2accfd6 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -23,6 +23,12 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do ci_settings + if is_ci + unlock_keychain( + path: ENV['KEYCHAIN'], + password: ENV['KEYCHAIN_PASSWORD'] + ) + end # update_code_signing_settings( # path: "Kiwix.xcodeproj", # code_sign_identity: "Apple Development", From 38f489c71727daf9af2d36d212cfd5371fd571f9 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 09:55:10 +0100 Subject: [PATCH 49/64] use the external keychain --- fastlane/Fastfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 7e2accfd6..7061a1141 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -22,8 +22,9 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do - ci_settings + # ci_settings if is_ci + xcode_select "/Applications/Xcode_15.0.1.app" unlock_keychain( path: ENV['KEYCHAIN'], password: ENV['KEYCHAIN_PASSWORD'] From c61c890874895373e6f544bb5a43026d7ad5ef80 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 12:19:50 +0100 Subject: [PATCH 50/64] Reverse the order --- .github/workflows/fastlane.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 22f6de570..6063e13e2 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -59,18 +59,18 @@ jobs: KEYCHAIN: ${{ env.KEYCHAIN }} KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - - name: Download dependencies - run: - | - brew bundle - bundle update - - name: Add Apple Store Key env: APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} shell: bash run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH + + - name: Download dependencies + run: + | + brew bundle + bundle update - name: Build iOS Kiwix app with Fastlane env: From 846a1bfda3977b4bedbc4a4f5cd74d2215b986de Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 21:35:07 +0100 Subject: [PATCH 51/64] Install both dev and distr certs --- .github/workflows/fastlane.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 6063e13e2..e7fdd4cfa 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -48,12 +48,18 @@ jobs: security default-keychain -s $KEYCHAIN security set-keychain-settings $KEYCHAIN security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + + - name: Add Apple Development certificate to Keychain + uses: ./.github/actions/install-cert + with: + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - name: Add Apple Distribution certificate to Keychain uses: ./.github/actions/install-cert with: - # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} KEYCHAIN: ${{ env.KEYCHAIN }} @@ -77,8 +83,6 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - # MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} - # MATCH_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} KEYCHAIN: ${{ env.KEYCHAIN }} KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} shell: bash From 3a955f7fc8ff5690d340b24b7cc5e808e791b41f Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 22:10:24 +0100 Subject: [PATCH 52/64] Inline xcodebuild arguments --- .github/workflows/fastlane.yml | 4 ++-- fastlane/Fastfile | 19 ++++++------------- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index e7fdd4cfa..30014008a 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -83,8 +83,8 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - KEYCHAIN: ${{ env.KEYCHAIN }} - KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + MATCH_KEYCHAIN_NAME: ${{ env.KEYCHAIN }} + MATCH_KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} shell: bash run: | diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 7061a1141..ed057c12a 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -22,14 +22,7 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do - # ci_settings - if is_ci - xcode_select "/Applications/Xcode_15.0.1.app" - unlock_keychain( - path: ENV['KEYCHAIN'], - password: ENV['KEYCHAIN_PASSWORD'] - ) - end + ci_settings # update_code_signing_settings( # path: "Kiwix.xcodeproj", # code_sign_identity: "Apple Development", @@ -40,12 +33,12 @@ platform :ios do destination: "generic/platform=iOS", sdk: 'iphoneos', configuration: 'Release', - xcargs: "-allowProvisioningUpdates", + xcargs: "-allowProvisioningUpdates -authenticationKeyPath #{ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH']} -authenticationKeyID #{ENV['APP_STORE_CONNECT_API_KEY_KEY_ID']} -authenticationKeyIssuerID #{ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID']}", export_options: { - method: "app-store", - authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], - authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], - authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], + method: "app-store" + # authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], + # authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], + # authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], } ) end From aca24a93f22a265f7bdbf5b1be783a15e01b78d3 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 22:57:08 +0100 Subject: [PATCH 53/64] Clean up --- .github/workflows/fastlane.yml | 8 -------- fastlane/Fastfile | 9 --------- 2 files changed, 17 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 30014008a..736b39602 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -30,14 +30,6 @@ jobs: # /!\ important: this checks out code from the HEAD of the PR instead of the main branch (for pull_request_target) ref: ${{ github.event.pull_request.head.sha || github.ref }} - # - name: Checkout certs - # uses: actions/checkout@v4 - # with: - # repository: kiwix/apple-certificates - # ref: master - # path: certificates - # token: ${{ secrets.APPLE_CERTIFICATES_PAT }} - - name: Create Keychain shell: bash env: diff --git a/fastlane/Fastfile b/fastlane/Fastfile index ed057c12a..0e2a5fb4e 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -23,12 +23,6 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do ci_settings - # update_code_signing_settings( - # path: "Kiwix.xcodeproj", - # code_sign_identity: "Apple Development", - # build_configurations: "Release", - # use_automatic_signing: true - # ) gym( destination: "generic/platform=iOS", sdk: 'iphoneos', @@ -36,9 +30,6 @@ platform :ios do xcargs: "-allowProvisioningUpdates -authenticationKeyPath #{ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH']} -authenticationKeyID #{ENV['APP_STORE_CONNECT_API_KEY_KEY_ID']} -authenticationKeyIssuerID #{ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID']}", export_options: { method: "app-store" - # authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], - # authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], - # authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], } ) end From b88925e928f5e1a3af8402ae91765cc5dad712a7 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 22:58:07 +0100 Subject: [PATCH 54/64] Try without certs --- .github/workflows/fastlane.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 736b39602..4a0b59540 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -41,21 +41,21 @@ jobs: security set-keychain-settings $KEYCHAIN security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - - name: Add Apple Development certificate to Keychain - uses: ./.github/actions/install-cert - with: - SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - KEYCHAIN: ${{ env.KEYCHAIN }} - KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + # - name: Add Apple Development certificate to Keychain + # uses: ./.github/actions/install-cert + # with: + # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + # KEYCHAIN: ${{ env.KEYCHAIN }} + # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - - name: Add Apple Distribution certificate to Keychain - uses: ./.github/actions/install-cert - with: - SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} - SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} - KEYCHAIN: ${{ env.KEYCHAIN }} - KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + # - name: Add Apple Distribution certificate to Keychain + # uses: ./.github/actions/install-cert + # with: + # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} + # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} + # KEYCHAIN: ${{ env.KEYCHAIN }} + # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - name: Add Apple Store Key env: From fd8bf59861b5605b2501748ab597b442c47d77c1 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 23:06:45 +0100 Subject: [PATCH 55/64] Add only the dev cert --- .github/workflows/fastlane.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 4a0b59540..f721872a1 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -41,13 +41,13 @@ jobs: security set-keychain-settings $KEYCHAIN security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - # - name: Add Apple Development certificate to Keychain - # uses: ./.github/actions/install-cert - # with: - # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - # KEYCHAIN: ${{ env.KEYCHAIN }} - # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + - name: Add Apple Development certificate to Keychain + uses: ./.github/actions/install-cert + with: + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} # - name: Add Apple Distribution certificate to Keychain # uses: ./.github/actions/install-cert From bd66a826ceec33d7f74f58e4c94784538fe90a64 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 23:23:30 +0100 Subject: [PATCH 56/64] Use match dev cert --- .github/workflows/fastlane.yml | 46 ++++++++++++++++++++-------------- fastlane/Fastfile | 3 ++- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index f721872a1..17b2db03a 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -30,24 +30,32 @@ jobs: # /!\ important: this checks out code from the HEAD of the PR instead of the main branch (for pull_request_target) ref: ${{ github.event.pull_request.head.sha || github.ref }} - - name: Create Keychain - shell: bash - env: - KEYCHAIN: ${{ env.KEYCHAIN }} - KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - run: | - security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - security default-keychain -s $KEYCHAIN - security set-keychain-settings $KEYCHAIN - security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - - - name: Add Apple Development certificate to Keychain - uses: ./.github/actions/install-cert + - name: Checkout certs + uses: actions/checkout@v4 with: - SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - KEYCHAIN: ${{ env.KEYCHAIN }} - KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + repository: kiwix/apple-certificates + ref: master + path: certificates + token: ${{ secrets.APPLE_CERTIFICATES_PAT }} + + # - name: Create Keychain + # shell: bash + # env: + # KEYCHAIN: ${{ env.KEYCHAIN }} + # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + # run: | + # security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + # security default-keychain -s $KEYCHAIN + # security set-keychain-settings $KEYCHAIN + # security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + + # - name: Add Apple Development certificate to Keychain + # uses: ./.github/actions/install-cert + # with: + # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + # KEYCHAIN: ${{ env.KEYCHAIN }} + # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} # - name: Add Apple Distribution certificate to Keychain # uses: ./.github/actions/install-cert @@ -75,8 +83,8 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - MATCH_KEYCHAIN_NAME: ${{ env.KEYCHAIN }} - MATCH_KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + # MATCH_KEYCHAIN_NAME: ${{ env.KEYCHAIN }} + # MATCH_KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} shell: bash run: | diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 0e2a5fb4e..2513b209b 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -23,6 +23,7 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do ci_settings + match_certificates gym( destination: "generic/platform=iOS", sdk: 'iphoneos', @@ -117,7 +118,7 @@ private_lane :ci_settings do end private_lane :match_certificates do - ["development", "appstore"].each do |type| + ["development"].each do |type| if is_ci match(type: type, readonly: true, git_url: "./certificates") else From 174d17b5264fe36611c71c59ca2fb84e0823abdc Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 23:34:35 +0100 Subject: [PATCH 57/64] Set match password --- .github/workflows/fastlane.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 17b2db03a..97e39db6f 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -83,8 +83,7 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - # MATCH_KEYCHAIN_NAME: ${{ env.KEYCHAIN }} - # MATCH_KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} shell: bash run: | From 7d3e1895df506b0b33ae1ba52d80acf88218aadc Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 1 Feb 2024 23:52:04 +0100 Subject: [PATCH 58/64] Fix password --- .github/workflows/fastlane.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 97e39db6f..5d1b8e02a 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -83,7 +83,7 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} shell: bash run: | From 2347762b2ec8b7632fc7e3af032a1cbde9ca1eff Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Fri, 2 Feb 2024 00:03:56 +0100 Subject: [PATCH 59/64] Try with both match certs --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 2513b209b..cafbf9e56 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -118,7 +118,7 @@ private_lane :ci_settings do end private_lane :match_certificates do - ["development"].each do |type| + ["development", "appstore"].each do |type| if is_ci match(type: type, readonly: true, git_url: "./certificates") else From a659b231132cfec3ea2e8dd642db8bb2e85c2315 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Fri, 2 Feb 2024 00:37:52 +0100 Subject: [PATCH 60/64] Revert "Try with both match certs" This reverts commit 2347762b2ec8b7632fc7e3af032a1cbde9ca1eff. --- fastlane/Fastfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastlane/Fastfile b/fastlane/Fastfile index cafbf9e56..2513b209b 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -118,7 +118,7 @@ private_lane :ci_settings do end private_lane :match_certificates do - ["development", "appstore"].each do |type| + ["development"].each do |type| if is_ci match(type: type, readonly: true, git_url: "./certificates") else From fe99fd8aa956964d71b2a9e538ce4cb97970b51c Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Fri, 2 Feb 2024 00:37:58 +0100 Subject: [PATCH 61/64] Revert "Fix password" This reverts commit 7d3e1895df506b0b33ae1ba52d80acf88218aadc. --- .github/workflows/fastlane.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 5d1b8e02a..97e39db6f 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -83,7 +83,7 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - MATCH_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_MATCH_PASSWORD }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} shell: bash run: | From 813b9ec961ec3d64cb89b2dc4289735211c6a7b5 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Fri, 2 Feb 2024 00:38:09 +0100 Subject: [PATCH 62/64] Revert "Set match password" This reverts commit 174d17b5264fe36611c71c59ca2fb84e0823abdc. --- .github/workflows/fastlane.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 97e39db6f..17b2db03a 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -83,7 +83,8 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + # MATCH_KEYCHAIN_NAME: ${{ env.KEYCHAIN }} + # MATCH_KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} shell: bash run: | From daec6565b69899fcb2c8c1ed7c0059155c682efe Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Fri, 2 Feb 2024 00:43:12 +0100 Subject: [PATCH 63/64] Revert "Use match dev cert" This reverts commit bd66a826ceec33d7f74f58e4c94784538fe90a64. --- .github/workflows/fastlane.yml | 46 ++++++++++++++-------------------- fastlane/Fastfile | 3 +-- 2 files changed, 20 insertions(+), 29 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index 17b2db03a..f721872a1 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -30,32 +30,24 @@ jobs: # /!\ important: this checks out code from the HEAD of the PR instead of the main branch (for pull_request_target) ref: ${{ github.event.pull_request.head.sha || github.ref }} - - name: Checkout certs - uses: actions/checkout@v4 - with: - repository: kiwix/apple-certificates - ref: master - path: certificates - token: ${{ secrets.APPLE_CERTIFICATES_PAT }} - - # - name: Create Keychain - # shell: bash - # env: - # KEYCHAIN: ${{ env.KEYCHAIN }} - # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - # run: | - # security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - # security default-keychain -s $KEYCHAIN - # security set-keychain-settings $KEYCHAIN - # security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + - name: Create Keychain + shell: bash + env: + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + security default-keychain -s $KEYCHAIN + security set-keychain-settings $KEYCHAIN + security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN - # - name: Add Apple Development certificate to Keychain - # uses: ./.github/actions/install-cert - # with: - # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - # KEYCHAIN: ${{ env.KEYCHAIN }} - # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + - name: Add Apple Development certificate to Keychain + uses: ./.github/actions/install-cert + with: + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} # - name: Add Apple Distribution certificate to Keychain # uses: ./.github/actions/install-cert @@ -83,8 +75,8 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - # MATCH_KEYCHAIN_NAME: ${{ env.KEYCHAIN }} - # MATCH_KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + MATCH_KEYCHAIN_NAME: ${{ env.KEYCHAIN }} + MATCH_KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} shell: bash run: | diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 2513b209b..0e2a5fb4e 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -23,7 +23,6 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do ci_settings - match_certificates gym( destination: "generic/platform=iOS", sdk: 'iphoneos', @@ -118,7 +117,7 @@ private_lane :ci_settings do end private_lane :match_certificates do - ["development"].each do |type| + ["development", "appstore"].each do |type| if is_ci match(type: type, readonly: true, git_url: "./certificates") else From 2d40f754f663c597f79be41c9d3792f2168f543d Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Fri, 2 Feb 2024 22:33:22 +0100 Subject: [PATCH 64/64] Try with get_certificates --- .github/workflows/fastlane.yml | 11 +---------- fastlane/Fastfile | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/fastlane.yml b/.github/workflows/fastlane.yml index f721872a1..a18f97a6a 100644 --- a/.github/workflows/fastlane.yml +++ b/.github/workflows/fastlane.yml @@ -48,14 +48,6 @@ jobs: SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} KEYCHAIN: ${{ env.KEYCHAIN }} KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - - # - name: Add Apple Distribution certificate to Keychain - # uses: ./.github/actions/install-cert - # with: - # SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} - # SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} - # KEYCHAIN: ${{ env.KEYCHAIN }} - # KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} - name: Add Apple Store Key env: @@ -75,8 +67,7 @@ jobs: APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} APP_STORE_CONNECT_API_KEY_KEY_FILEPATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - MATCH_KEYCHAIN_NAME: ${{ env.KEYCHAIN }} - MATCH_KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} shell: bash run: | diff --git a/fastlane/Fastfile b/fastlane/Fastfile index 0e2a5fb4e..edf138ece 100644 --- a/fastlane/Fastfile +++ b/fastlane/Fastfile @@ -23,6 +23,18 @@ platform :ios do desc "Build iOS app for AppStore" lane :build do ci_settings + get_certificates( + development: true, + api_key: app_store_connect_api_key( + key_id: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], + issuer_id: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], + key_filepath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], + duration: 1200, # optional (maximum 1200) + in_house: false # optional but may be required if using match/sigh + ), + keychain_password: ENV['KEYCHAIN_PASSWORD'], + platform: 'ios' + ) gym( destination: "generic/platform=iOS", sdk: 'iphoneos', @@ -67,7 +79,7 @@ platform :ios do destination: "generic/platform=iOS", sdk: 'iphoneos', configuration: 'Release', - xcargs: "-allowProvisioningUpdates", + xcargs: "-allowProvisioningUpdates -authenticationKeyPath #{ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH']} -authenticationKeyID #{ENV['APP_STORE_CONNECT_API_KEY_KEY_ID']} -authenticationKeyIssuerID #{ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID']}", skip_profile_detection: true, export_options: { method: "app-store", @@ -75,9 +87,6 @@ platform :ios do provisioningProfiles: { "self.Kiwix": "match AppStore self.Kiwix", }, - authenticationKeyPath: ENV['APP_STORE_CONNECT_API_KEY_KEY_FILEPATH'], - authenticationKeyID: ENV['APP_STORE_CONNECT_API_KEY_KEY_ID'], - authenticationKeyIssuerID: ENV['APP_STORE_CONNECT_API_KEY_ISSUER_ID'], signingStyle: 'manual', } )