.github/workflows/ios.yml #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build and release ios app to TestFlight" | |
| on: | |
| workflow_call: | |
| inputs: | |
| coordinator_port_http: | |
| required: true | |
| type: string | |
| esplora_endpoint: | |
| required: true | |
| type: string | |
| coordinator_p2p_endpoint: | |
| required: true | |
| type: string | |
| network: | |
| required: true | |
| type: string | |
| description: "The target network for the release, e.g. mainnet/regtest" | |
| tag: | |
| required: true | |
| description: "The branch, tag or SHA to checkout." | |
| type: string | |
| oracle_endpoint: | |
| required: true | |
| type: string | |
| oracle_pubkey: | |
| required: true | |
| description: "The public key of the oracle. Must match with the public key returned at http://${oracle_endpoint}/oracle/publickey" | |
| type: string | |
| workflow_dispatch: | |
| inputs: | |
| coordinator_port_http: | |
| required: true | |
| type: string | |
| esplora_endpoint: | |
| required: true | |
| type: string | |
| coordinator_p2p_endpoint: | |
| required: true | |
| type: string | |
| network: | |
| required: true | |
| type: string | |
| description: "The target network for the release, e.g. mainnet/regtest" | |
| tag: | |
| required: true | |
| description: "The branch, tag or SHA to checkout." | |
| type: string | |
| oracle_endpoint: | |
| required: true | |
| type: string | |
| oracle_pubkey: | |
| required: true | |
| description: "The public key of the oracle. Must match with the public key returned at http://${oracle_endpoint}/oracle/publickey" | |
| type: string | |
| jobs: | |
| build: | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| # fetch the complete history to correctly calculate build_number | |
| fetch-depth: 0 | |
| ref: ${{ inputs.tag }} | |
| - uses: maxim-lobanov/setup-xcode@v1 | |
| with: | |
| xcode-version: "14.2" | |
| - uses: subosito/flutter-action@v2 | |
| with: | |
| flutter-version: ${{ env.FLUTTER_VERSION }} | |
| channel: "stable" | |
| cache: true | |
| cache-key: flutter-${{ env.FLUTTER_VERSION }} | |
| cache-path: ${{ runner.tool_cache }}/flutter | |
| - uses: actions/cache@v3 | |
| id: cache-deps | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| ./rust/target | |
| key: ${{ runner.os }}-cargo-build-release-ios-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Install Apple certificate and provisioning profile | |
| env: | |
| BUILD_CERTIFICATE_BASE64: ${{ secrets.APPSTORE_CERT_BASE64 }} | |
| P12_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }} | |
| BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.MOBILEPROVISION_BASE64 }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| run: | | |
| # create variables | |
| CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
| PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| # import certificate and provisioning profile from secrets | |
| echo $BUILD_CERTIFICATE_BASE64 | base64 -d > $CERTIFICATE_PATH | |
| echo $BUILD_PROVISION_PROFILE_BASE64 | base64 -d > $PP_PATH | |
| # create temporary keychain | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| echo "Successfully created keychain" | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| echo "Successfully set keychain settings" | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| echo "Successfully unlocked keychain" | |
| # import certificate to keychain | |
| security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
| echo "Successfully imported certificate" | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| # apply provisioning profile | |
| mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles | |
| cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles | |
| - name: Install just | |
| if: steps.cache-deps.outputs.cache-hit != 'true' | |
| run: cargo install just | |
| - name: Install FFI bindings | |
| if: steps.cache-deps.outputs.cache-hit != 'true' | |
| run: just deps-gen | |
| - name: Install ios dependencies | |
| if: steps.cache-deps.outputs.cache-hit != 'true' | |
| run: cargo install cargo-lipo | |
| - name: Set rustup targets | |
| run: rustup target add aarch64-apple-ios x86_64-apple-ios | |
| - name: Generate FFI bindings | |
| run: just gen | |
| - name: Build iOS Rust lib in release mode | |
| run: just ios-release | |
| - name: Parse version from pubspec.yaml | |
| id: version | |
| uses: jbutcher5/[email protected] | |
| with: | |
| file: "mobile/pubspec.yaml" | |
| key-path: '["version"]' | |
| - name: Build iOS Archive | |
| id: build-ios | |
| run: | | |
| BUILD_NAME=${{ steps.version.outputs.data }} | |
| BUILD_NUMBER=$(git rev-list HEAD --count) | |
| cd mobile | |
| flutter build ipa --export-options-plist=ios/exportOptions.plist \ | |
| --dart-define="ESPLORA_ENDPOINT=$ESPLORA_ENDPOINT" \ | |
| --dart-define="COORDINATOR_P2P_ENDPOINT=$COORDINATOR_P2P_ENDPOINT" \ | |
| --dart-define="NETWORK=$NETWORK" \ | |
| --dart-define="COMMIT=$(git rev-parse HEAD)" \ | |
| --dart-define="BRANCH=$(git rev-parse --abbrev-ref HEAD)" \ | |
| --dart-define="COORDINATOR_PORT_HTTP=$COORDINATOR_PORT_HTTP" \ | |
| --dart-define="ORACLE_ENDPOINT=$ORACLE_ENDPOINT" \ | |
| --dart-define="ORACLE_PUBKEY=$ORACLE_PUBKEY" \ | |
| --build-name=$BUILD_NAME \ | |
| --build-number=$BUILD_NUMBER | |
| env: | |
| ESPLORA_ENDPOINT: ${{ inputs.esplora_endpoint }} | |
| COORDINATOR_P2P_ENDPOINT: ${{ inputs.coordinator_p2p_endpoint }} | |
| NETWORK: ${{ inputs.network }} | |
| COORDINATOR_PORT_HTTP: ${{ inputs.coordinator_port_http }} | |
| ORACLE_ENDPOINT: ${{ inputs.oracle_endpoint }} | |
| ORACLE_PUBKEY: ${{ inputs.oracle_pubkey }} | |
| - name: Release to TestFlight | |
| env: | |
| ALTOOL_API_KEY: ${{ secrets.ALTOOL_API_KEY }} | |
| ALTOOL_API_ISSUER: ${{ secrets.ALTOOL_API_ISSUER }} | |
| AUTH_KEY: ${{ secrets.AUTH_KEY }} | |
| run: | | |
| cd mobile | |
| mkdir -p private_keys | |
| echo $AUTH_KEY | base64 -d > private_keys/AuthKey_$ALTOOL_API_KEY.p8 | |
| xcrun altool --upload-app --type ios --file ./build/ios/ipa/10101.ipa --apiKey ${{ env.ALTOOL_API_KEY }} --apiIssuer ${{ env.ALTOOL_API_ISSUER }} | |
| # Important! Cleanup: remove the certificate and provisioning profile from the runner! | |
| - name: Clean up keychain and provisioning profile | |
| if: ${{ always() }} | |
| run: | | |
| security delete-keychain $RUNNER_TEMP/app-signing.keychain-db | |
| rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision |