mirror of
https://github.com/kuaifan/dootask.git
synced 2026-05-25 18:04:05 +00:00
247 lines
8.5 KiB
YAML
247 lines
8.5 KiB
YAML
name: "iOS Publish"
|
|
|
|
# Required GitHub Secrets:
|
|
#
|
|
# IOS_CERTIFICATE_BASE64 - Apple distribution certificate (.p12) encoded in base64
|
|
# IOS_CERTIFICATE_PASSWORD - Password for the .p12 certificate
|
|
# IOS_PROVISION_PROFILE_BASE64 - App Store provisioning profile (.mobileprovision) encoded in base64
|
|
# IOS_SHARE_EXTENSION_PROVISION_PROFILE_BASE64 - Share extension App Store provisioning profile (.mobileprovision) encoded in base64
|
|
# ASC_API_KEY_P8_BASE64 - App Store Connect API key (.p8) encoded in base64
|
|
# ASC_API_KEY_ID - App Store Connect API Key ID
|
|
# ASC_ISSUER_ID - App Store Connect Issuer ID
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ios-publish-${{ github.ref }}
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
prepare-assets:
|
|
name: Prepare iOS Assets
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
outputs:
|
|
version: ${{ steps.get-version.outputs.version }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Get version from package.json
|
|
id: get-version
|
|
run: |
|
|
VERSION=$(node -p "require('./package.json').version")
|
|
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
|
echo "Version: $VERSION"
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
|
|
- name: Install dependencies
|
|
run: npm install
|
|
|
|
- name: Install electron dependencies
|
|
run: |
|
|
pushd electron
|
|
npm install
|
|
popd
|
|
|
|
- name: Init mobile submodule
|
|
run: |
|
|
git submodule init
|
|
git submodule update --remote "resources/mobile"
|
|
|
|
- name: Build app assets
|
|
run: ./cmd appbuild publish
|
|
|
|
- name: Upload iOS platform artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ios-platform
|
|
path: resources/mobile/platforms/ios/
|
|
retention-days: 1
|
|
|
|
build-ios:
|
|
name: Build & Submit iOS
|
|
needs: prepare-assets
|
|
runs-on: macos-26
|
|
timeout-minutes: 60
|
|
environment: build
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Init mobile submodule
|
|
run: |
|
|
git submodule init
|
|
git submodule update --remote "resources/mobile"
|
|
|
|
- name: Download prepared assets
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: ios-platform
|
|
path: resources/mobile/platforms/ios/
|
|
|
|
- name: Select Xcode
|
|
uses: maxim-lobanov/setup-xcode@v1
|
|
with:
|
|
xcode-version: latest-stable
|
|
|
|
- name: Install CocoaPods
|
|
run: |
|
|
if [ -f "resources/mobile/platforms/ios/eeuiApp/Podfile" ]; then
|
|
cd resources/mobile/platforms/ios/eeuiApp
|
|
pod install
|
|
fi
|
|
|
|
- name: Import signing certificate
|
|
env:
|
|
IOS_CERTIFICATE_BASE64: ${{ secrets.IOS_CERTIFICATE_BASE64 }}
|
|
IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
|
|
run: |
|
|
# Create temporary keychain
|
|
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
|
KEYCHAIN_PASSWORD=$(openssl rand -hex 20)
|
|
|
|
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
|
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
|
|
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
|
|
|
# Import certificate
|
|
CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12
|
|
echo "$IOS_CERTIFICATE_BASE64" | base64 --decode > "$CERTIFICATE_PATH"
|
|
security import "$CERTIFICATE_PATH" \
|
|
-P "$IOS_CERTIFICATE_PASSWORD" \
|
|
-A \
|
|
-t cert \
|
|
-f pkcs12 \
|
|
-k "$KEYCHAIN_PATH"
|
|
|
|
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
|
|
security list-keychain -d user -s "$KEYCHAIN_PATH"
|
|
|
|
- name: Import provisioning profile
|
|
env:
|
|
IOS_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISION_PROFILE_BASE64 }}
|
|
IOS_SHARE_EXTENSION_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_SHARE_EXTENSION_PROVISION_PROFILE_BASE64 }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
APP_PROFILE_PATH=$RUNNER_TEMP/app.mobileprovision
|
|
SHARE_PROFILE_PATH=$RUNNER_TEMP/share-extension.mobileprovision
|
|
APP_PROFILE_PLIST=$RUNNER_TEMP/app-profile.plist
|
|
SHARE_PROFILE_PLIST=$RUNNER_TEMP/share-extension-profile.plist
|
|
|
|
echo "$IOS_PROVISION_PROFILE_BASE64" | base64 --decode > "$APP_PROFILE_PATH"
|
|
echo "$IOS_SHARE_EXTENSION_PROVISION_PROFILE_BASE64" | base64 --decode > "$SHARE_PROFILE_PATH"
|
|
|
|
security cms -D -i "$APP_PROFILE_PATH" > "$APP_PROFILE_PLIST"
|
|
security cms -D -i "$SHARE_PROFILE_PATH" > "$SHARE_PROFILE_PLIST"
|
|
|
|
APP_PROFILE_NAME=$(/usr/libexec/PlistBuddy -c "Print :Name" "$APP_PROFILE_PLIST")
|
|
SHARE_PROFILE_NAME=$(/usr/libexec/PlistBuddy -c "Print :Name" "$SHARE_PROFILE_PLIST")
|
|
IOS_TEAM_ID=$(/usr/libexec/PlistBuddy -c "Print :TeamIdentifier:0" "$APP_PROFILE_PLIST")
|
|
|
|
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
|
|
cp "$APP_PROFILE_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/
|
|
cp "$SHARE_PROFILE_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/
|
|
|
|
echo "APP_PROFILE_NAME=$APP_PROFILE_NAME" >> $GITHUB_ENV
|
|
echo "SHARE_PROFILE_NAME=$SHARE_PROFILE_NAME" >> $GITHUB_ENV
|
|
echo "IOS_TEAM_ID=$IOS_TEAM_ID" >> $GITHUB_ENV
|
|
|
|
- name: Build archive
|
|
run: |
|
|
cd resources/mobile/platforms/ios/eeuiApp
|
|
xcodebuild archive \
|
|
-workspace eeuiApp.xcworkspace \
|
|
-scheme eeuiApp \
|
|
-configuration Release \
|
|
-archivePath $RUNNER_TEMP/eeuiApp.xcarchive \
|
|
-allowProvisioningUpdates \
|
|
DEVELOPMENT_TEAM=$IOS_TEAM_ID \
|
|
CODE_SIGN_STYLE=Manual \
|
|
| xcpretty
|
|
|
|
- name: Export IPA
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
cd resources/mobile/platforms/ios/eeuiApp
|
|
|
|
# Generate ExportOptions.plist
|
|
cat > $RUNNER_TEMP/ExportOptions.plist << PLIST
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>method</key>
|
|
<string>app-store</string>
|
|
<key>signingStyle</key>
|
|
<string>manual</string>
|
|
<key>teamID</key>
|
|
<string>${IOS_TEAM_ID}</string>
|
|
<key>provisioningProfiles</key>
|
|
<dict>
|
|
<key>com.dootask.task</key>
|
|
<string>${APP_PROFILE_NAME}</string>
|
|
<key>com.dootask.task.shareExtension</key>
|
|
<string>${SHARE_PROFILE_NAME}</string>
|
|
</dict>
|
|
<key>uploadBitcode</key>
|
|
<false/>
|
|
<key>uploadSymbols</key>
|
|
<true/>
|
|
</dict>
|
|
</plist>
|
|
PLIST
|
|
|
|
xcodebuild -exportArchive \
|
|
-archivePath $RUNNER_TEMP/eeuiApp.xcarchive \
|
|
-exportOptionsPlist $RUNNER_TEMP/ExportOptions.plist \
|
|
-exportPath $RUNNER_TEMP/ipa-output \
|
|
-allowProvisioningUpdates \
|
|
| xcpretty
|
|
|
|
- name: Submit to App Store Connect
|
|
env:
|
|
ASC_API_KEY_ID: ${{ secrets.ASC_API_KEY_ID }}
|
|
ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }}
|
|
ASC_API_KEY_P8_BASE64: ${{ secrets.ASC_API_KEY_P8_BASE64 }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
# Prepare API key
|
|
mkdir -p ~/private_keys
|
|
echo "$ASC_API_KEY_P8_BASE64" | base64 --decode > ~/private_keys/AuthKey_${ASC_API_KEY_ID}.p8
|
|
|
|
# Find and upload IPA
|
|
IPA_PATH=$(find $RUNNER_TEMP/ipa-output -name "*.ipa" | head -1)
|
|
if [ -z "$IPA_PATH" ]; then
|
|
echo "No IPA file found in $RUNNER_TEMP/ipa-output"
|
|
exit 1
|
|
fi
|
|
echo "Uploading: $IPA_PATH"
|
|
|
|
xcrun altool --upload-app \
|
|
-f "$IPA_PATH" \
|
|
--type ios \
|
|
--apiKey "$ASC_API_KEY_ID" \
|
|
--apiIssuer "$ASC_ISSUER_ID"
|
|
|
|
- name: Clean up
|
|
if: always()
|
|
run: |
|
|
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db 2>/dev/null || true
|
|
rm -f $RUNNER_TEMP/certificate.p12
|
|
rm -f $RUNNER_TEMP/app.mobileprovision
|
|
rm -f $RUNNER_TEMP/share-extension.mobileprovision
|
|
rm -f $RUNNER_TEMP/app-profile.plist
|
|
rm -f $RUNNER_TEMP/share-extension-profile.plist
|
|
rm -rf ~/private_keys
|