Skip to content

iOS Prod Release

iOS Prod Release #80

name: iOS Prod Release
on:
workflow_dispatch:
inputs:
tramline-input:
description: "Tramline input"
required: false
jobs:
build:
runs-on: macos-latest
env:
TERM: dumb
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
steps:
- name: Configure Tramline
id: tramline
uses: tramlinehq/[email protected]
with:
input: ${{ github.event.inputs.tramline-input }}
- name: Setup JDK 20
uses: actions/setup-java@v4
with:
java-version: 20
distribution: zulu
cache: 'gradle'
- name: Install private API key P8
env:
PRIVATE_API_KEY_BASE64: ${{ secrets.APP_STORE_API_PRIVATE_KEY }}
API_KEY: ${{ secrets.APP_STORE_KEY_ID }}
run: |
mkdir -p ~/private_keys
echo -n "$PRIVATE_API_KEY_BASE64" | base64 --decode --output ~/private_keys/AuthKey_$API_KEY.p8
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Update Archive Version
run: |
/usr/libexec/Plistbuddy -c "Set CFBundleVersion ${{ steps.tramline.outputs.version_code }}" "iosApp/iosApp/Info.plist"
/usr/libexec/Plistbuddy -c "Set CFBundleShortVersionString ${{ steps.tramline.outputs.version_name }}" "iosApp/iosApp/Info.plist"
- name: Pod Install
run: |
./gradlew --no-daemon podInstall;
- name: Build Archive
run: |
xcodebuild -workspace ./iosApp/iosApp.xcworkspace \
-scheme iosApp \
-archivePath $RUNNER_TEMP/twine.xcarchive \
-sdk iphoneos \
-configuration Release \
-destination generic/platform=iOS \
DEVELOPMENT_TEAM=6XCS8KZXDA \
PROVISIONING_PROFILE=${{ secrets.PROVISION_PROFILE_ID }} \
clean archive
CODE_SIGN_IDENTITY="iPhone Distribution: Sasi Kanth (6XCS8KZXDA)"
- name: Export ipa
env:
EXPORT_OPTIONS_PLIST: ${{ secrets.EXPORT_OPTIONS_PLIST }}
run: |
EXPORT_OPTS_PATH=$RUNNER_TEMP/ExportOptions.plist
echo -n "$EXPORT_OPTIONS_PLIST" | base64 --decode -o $EXPORT_OPTS_PATH
xcodebuild -exportArchive -archivePath $RUNNER_TEMP/twine.xcarchive -exportOptionsPlist $EXPORT_OPTS_PATH -exportPath $RUNNER_TEMP/build
- name: Upload debug symbols to Sentry
run: |
curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION=2.21.2 bash;
sentry-cli debug-files upload --auth-token ${{ secrets.SENTRY_AUTH_TOKEN }} \
--include-sources \
--org ${{ secrets.SENTRY_ORG }} \
--project ${{ secrets.SENTRY_PROJECT }} \
$RUNNER_TEMP/twine.xcarchive/dSYMs
- name: Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
- name: Upload app to TestFlight
env:
API_KEY: ${{ secrets.APP_STORE_KEY_ID }}
API_ISSUER: ${{ secrets.APP_STORE_ISSUER_ID }}
APP_PATH: ${{ runner.temp }}/build/twine.ipa
run: |
xcrun altool --upload-app --type ios -f $APP_PATH --apiKey $API_KEY --apiIssuer $API_ISSUER
- name: Upload application
uses: actions/upload-artifact@v4
with:
name: app
path: ${{ runner.temp }}/build/twine.ipa