Skip to content

.github/workflows/ios.yml #29

.github/workflows/ios.yml

.github/workflows/ios.yml #29

Workflow file for this run

name: "Build and release ios app to TestFlight"
on:
workflow_call:
inputs:
coordinator_port_http:
required: true
type: string
esplora_endpoint:
required: true
type: string
coordinator_p2p_endpoint:
required: true
type: string
network:
required: true
type: string
description: "The target network for the release, e.g. mainnet/regtest"
tag:
required: true
description: "The branch, tag or SHA to checkout."
type: string
oracle_endpoint:
required: true
type: string
oracle_pubkey:
required: true
description: "The public key of the oracle. Must match with the public key returned at http://${oracle_endpoint}/oracle/publickey"
type: string
workflow_dispatch:
inputs:
coordinator_port_http:
required: true
type: string
esplora_endpoint:
required: true
type: string
coordinator_p2p_endpoint:
required: true
type: string
network:
required: true
type: string
description: "The target network for the release, e.g. mainnet/regtest"
tag:
required: true
description: "The branch, tag or SHA to checkout."
type: string
oracle_endpoint:
required: true
type: string
oracle_pubkey:
required: true
description: "The public key of the oracle. Must match with the public key returned at http://${oracle_endpoint}/oracle/publickey"
type: string
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v3
with:
# fetch the complete history to correctly calculate build_number
fetch-depth: 0
ref: ${{ inputs.tag }}
- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: "14.2"
- uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: ${{ env.FLUTTER_VERSION }}
architecture: x64
- uses: actions/cache@v3
id: cache-deps
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
./rust/target
key: ${{ runner.os }}-cargo-build-release-ios-${{ hashFiles('**/Cargo.lock') }}
- name: Install Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPSTORE_CERT_BASE64 }}
P12_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.MOBILEPROVISION_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo $BUILD_CERTIFICATE_BASE64 | base64 -d > $CERTIFICATE_PATH
echo $BUILD_PROVISION_PROFILE_BASE64 | base64 -d > $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
echo "Successfully created keychain"
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
echo "Successfully set keychain settings"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
echo "Successfully unlocked keychain"
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
echo "Successfully imported certificate"
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Install just
if: steps.cache-deps.outputs.cache-hit != 'true'
run: cargo install just
- name: Install FFI bindings
if: steps.cache-deps.outputs.cache-hit != 'true'
run: just deps-gen
- name: Install ios dependencies
if: steps.cache-deps.outputs.cache-hit != 'true'
run: cargo install cargo-lipo
- name: Set rustup targets
run: rustup target add aarch64-apple-ios x86_64-apple-ios
- name: Generate FFI bindings
run: just gen
- name: Build iOS Rust lib in release mode
run: just ios-release
- name: Parse version from pubspec.yaml
id: version
uses: jbutcher5/[email protected]
with:
file: "mobile/pubspec.yaml"
key-path: '["version"]'
- name: Build iOS Archive
id: build-ios
run: |
BUILD_NAME=${{ steps.version.outputs.data }}
BUILD_NUMBER=$(git rev-list HEAD --count)
cd mobile
flutter build ipa --export-options-plist=ios/exportOptions.plist \
--dart-define="ESPLORA_ENDPOINT=$ESPLORA_ENDPOINT" \
--dart-define="COORDINATOR_P2P_ENDPOINT=$COORDINATOR_P2P_ENDPOINT" \
--dart-define="NETWORK=$NETWORK" \
--dart-define="COMMIT=$(git rev-parse HEAD)" \
--dart-define="BRANCH=$(git rev-parse --abbrev-ref HEAD)" \
--dart-define="COORDINATOR_PORT_HTTP=$COORDINATOR_PORT_HTTP" \
--dart-define="ORACLE_ENDPOINT=$ORACLE_ENDPOINT" \
--dart-define="ORACLE_PUBKEY=$ORACLE_PUBKEY" \
--build-name=$BUILD_NAME \
--build-number=$BUILD_NUMBER
env:
ESPLORA_ENDPOINT: ${{ inputs.esplora_endpoint }}
COORDINATOR_P2P_ENDPOINT: ${{ inputs.coordinator_p2p_endpoint }}
NETWORK: ${{ inputs.network }}
COORDINATOR_PORT_HTTP: ${{ inputs.coordinator_port_http }}
ORACLE_ENDPOINT: ${{ inputs.oracle_endpoint }}
ORACLE_PUBKEY: ${{ inputs.oracle_pubkey }}
- name: Release to TestFlight
env:
ALTOOL_API_KEY: ${{ secrets.ALTOOL_API_KEY }}
ALTOOL_API_ISSUER: ${{ secrets.ALTOOL_API_ISSUER }}
AUTH_KEY: ${{ secrets.AUTH_KEY }}
run: |
cd mobile
mkdir -p private_keys
echo $AUTH_KEY | base64 -d > private_keys/AuthKey_$ALTOOL_API_KEY.p8
xcrun altool --upload-app --type ios --file ./build/ios/ipa/10101.ipa --apiKey ${{ env.ALTOOL_API_KEY }} --apiIssuer ${{ env.ALTOOL_API_ISSUER }}
# Important! Cleanup: remove the certificate and provisioning profile from the runner!
- name: Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision