Use Swift 6 #400
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publishing | |
on: | |
push: | |
branches: | |
- develop | |
- hotfix/* | |
- release/* | |
tags: | |
- v*.*.* | |
jobs: | |
build: | |
name: Build | |
runs-on: macos-latest | |
environment: apple-app-store | |
strategy: | |
matrix: | |
platform: | |
- iOS | |
- macOS | |
distribution: | |
- app-store | |
- standalone | |
exclude: | |
- platform: iOS | |
distribution: standalone | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
submodules: true | |
- name: Cache packages | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/Library/Caches/org.swift.swiftpm | |
~/Library/Developer/Xcode/DerivedData/**/SourcePackages/checkouts | |
~/Library/Developer/Xcode/DerivedData/**/SourcePackages/repositories | |
key: ${{ runner.os }}-${{ matrix.platform }}-spm-${{ hashFiles('**/Package.resolved') }} | |
restore-keys: | | |
${{ runner.os }}-${{ matrix.platform }}-spm- | |
- name: Set up signing certificate | |
env: | |
CERTIFICATE_DISTRIBUTION_B64: ${{ vars.CERTIFICATE_DISTRIBUTION_B64 }} | |
CERTIFICATE_DISTRIBUTION_PRIVATE_KEY_B64: ${{ secrets.CERTIFICATE_DISTRIBUTION_PRIVATE_KEY_B64 }} | |
CERTIFICATE_MAC_INSTALLER_B64: ${{ vars.CERTIFICATE_MAC_INSTALLER_B64 }} | |
CERTIFICATE_MAC_INSTALLER_PRIVATE_KEY_B64: ${{ secrets.CERTIFICATE_MAC_INSTALLER_PRIVATE_KEY_B64 }} | |
CERTIFICATE_DEVELOPER_ID_APPLICATION_B64: ${{ vars.CERTIFICATE_DEVELOPER_ID_APPLICATION_B64 }} | |
CERTIFICATE_DEVELOPER_ID_APPLICATION_PRIVATE_KEY_B64: ${{ secrets.CERTIFICATE_DEVELOPER_ID_APPLICATION_PRIVATE_KEY_B64 }} | |
CERTIFICATE_DEVELOPER_ID_INSTALLER_B64: ${{ vars.CERTIFICATE_DEVELOPER_ID_INSTALLER_B64 }} | |
CERTIFICATE_DEVELOPER_ID_INSTALLER_PRIVATE_KEY_B64: ${{ secrets.CERTIFICATE_DEVELOPER_ID_INSTALLER_PRIVATE_KEY_B64 }} | |
run: | | |
security create-keychain -p password build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p password build.keychain | |
security set-keychain-settings build.keychain | |
for CERTIFICATE in \ | |
$CERTIFICATE_DISTRIBUTION_B64 \ | |
$CERTIFICATE_MAC_INSTALLER_B64 \ | |
$CERTIFICATE_DEVELOPER_ID_APPLICATION_B64 \ | |
$CERTIFICATE_DEVELOPER_ID_INSTALLER_B64; \ | |
do | |
echo $CERTIFICATE | base64 --decode > /tmp/certificate.cer | |
security import /tmp/certificate.cer -k build.keychain -P '' -T /usr/bin/codesign -T /usr/bin/productsign | |
done | |
for KEY in \ | |
$CERTIFICATE_DISTRIBUTION_PRIVATE_KEY_B64 \ | |
$CERTIFICATE_MAC_INSTALLER_PRIVATE_KEY_B64 \ | |
$CERTIFICATE_DEVELOPER_ID_APPLICATION_PRIVATE_KEY_B64 \ | |
$CERTIFICATE_DEVELOPER_ID_INSTALLER_PRIVATE_KEY_B64; \ | |
do | |
echo $KEY | base64 --decode > /tmp/key.p12 | |
security import /tmp/key.p12 -k build.keychain -P '' -T /usr/bin/codesign -T /usr/bin/productsign | |
done | |
security set-key-partition-list -S apple-tool:,apple: -s -k password build.keychain | |
- name: Set up App Store Connect authentication | |
env: | |
APP_STORE_CONNECT_PRIVATE_KEY_B64: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY_B64 }} | |
run: echo $APP_STORE_CONNECT_PRIVATE_KEY_B64 | base64 --decode > /tmp/connect-key.p8 | |
- name: Select Xcode version | |
run: sudo xcode-select -s /Applications/Xcode_$(cat .xcode-version).app/Contents/Developer | |
- name: Prepare files | |
if: ${{ matrix.distribution == 'app-store' }} | |
env: | |
DEVELOPMENT_TEAM: ${{ vars.TEAM_ID }} | |
CODE_SIGN_IDENTITY: Apple Distribution | |
PROVISIONING_PROFILE_SPECIFIER: ${{ matrix.platform == 'macOS' && vars.PROVISIONING_PROFILE_NAME_MACOS || vars.PROVISIONING_PROFILE_NAME }} | |
SENTRY_DSN: ${{ matrix.platform == 'iOS' && secrets.SENTRY_DSN_IOS || secrets.SENTRY_DSN_MACOS }} | |
SENTRY_ORG: ${{ vars.SENTRY_ORG }} | |
SENTRY_PROJECT: ${{ matrix.platform == 'iOS' && vars.SENTRY_PROJECT_IOS || vars.SENTRY_PROJECT_MACOS }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
run: make | |
- name: Prepare files | |
if: ${{ matrix.distribution == 'standalone' }} | |
env: | |
DEVELOPMENT_TEAM: ${{ vars.TEAM_ID }} | |
CODE_SIGN_IDENTITY: Developer ID Application | |
PROVISIONING_PROFILE_SPECIFIER: ${{ vars.PROVISIONING_PROFILE_NAME_MACOS_STANDALONE }} | |
run: make | |
- name: Trust OpenAPI plugin | |
run: bash .github/workflows/trust-openapi-plugin.sh | |
- name: Set up Sentry | |
if: ${{ matrix.distribution == 'app-store' }} | |
run: curl -sL https://sentry.io/get-cli/ | sh | |
- name: Build app | |
run: | | |
xcodebuild archive \ | |
-allowProvisioningUpdates \ | |
-authenticationKeyPath /tmp/connect-key.p8 \ | |
-authenticationKeyID ${{ vars.APP_STORE_CONNECT_KEY_ID }} \ | |
-authenticationKeyIssuerID ${{ vars.APP_STORE_CONNECT_ISSUER_ID }} \ | |
-scheme Fyreplace \ | |
-destination generic/platform=${{ matrix.platform }} \ | |
-archivePath archive.xcarchive | |
- name: Export to IPA | |
if: ${{ matrix.platform == 'iOS' }} | |
run: | | |
/usr/libexec/PlistBuddy -c "Add :method string" ExportOptions.plist | |
/usr/libexec/PlistBuddy -c "Set :method app-store-connect" ExportOptions.plist | |
/usr/libexec/PlistBuddy -c "Add :teamId string" ExportOptions.plist | |
/usr/libexec/PlistBuddy -c "Set :teamId ${{ vars.TEAM_ID }}" ExportOptions.plist | |
/usr/libexec/PlistBuddy -c "Add :provisioningProfiles dict" ExportOptions.plist | |
/usr/libexec/PlistBuddy -c "Add :provisioningProfiles:${{ vars.APP_ID }} string ${{ vars.PROVISIONING_PROFILE_NAME }}" ExportOptions.plist | |
xcodebuild export \ | |
-allowProvisioningUpdates \ | |
-authenticationKeyPath /tmp/connect-key.p8 \ | |
-authenticationKeyID ${{ vars.APP_STORE_CONNECT_KEY_ID }} \ | |
-authenticationKeyIssuerID ${{ vars.APP_STORE_CONNECT_ISSUER_ID }} \ | |
-archivePath archive.xcarchive \ | |
-exportArchive \ | |
-exportOptionsPlist ExportOptions.plist \ | |
-exportPath Export | |
- name: Export to PKG | |
if: ${{ matrix.platform == 'macOS' }} | |
env: | |
SIGNING_CERTIFICATE: ${{ matrix.distribution == 'app-store' && '3rd Party Mac Developer Installer' || 'Developer ID Installer' }} | |
run: | | |
mkdir Export | |
productbuild \ | |
--component archive.xcarchive/Products/Applications/Fyreplace.app \ | |
/Applications \ | |
Export/Fyreplace.unsigned.pkg | |
productsign \ | |
--sign "$SIGNING_CERTIFICATE" \ | |
Export/Fyreplace.unsigned.pkg \ | |
Export/Fyreplace.pkg | |
- name: Upload IPA | |
uses: actions/upload-artifact@v4 | |
if: ${{ matrix.platform == 'iOS' }} | |
with: | |
name: Fyreplace.ipa | |
path: Export/Fyreplace.ipa | |
if-no-files-found: error | |
- name: Upload PKG | |
uses: actions/upload-artifact@v4 | |
if: ${{ matrix.platform == 'macOS' }} | |
with: | |
name: ${{ matrix.distribution == 'standalone' && 'Fyreplace.standalone.pkg' || 'Fyreplace.pkg' }} | |
path: Export/Fyreplace.pkg | |
if-no-files-found: error | |
test: | |
name: Test | |
runs-on: macos-latest | |
environment: apple-app-store | |
strategy: | |
matrix: | |
platform: | |
- iOS | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
submodules: true | |
- name: Cache packages | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/Library/Caches/org.swift.swiftpm | |
~/Library/Developer/Xcode/DerivedData/**/SourcePackages/checkouts | |
~/Library/Developer/Xcode/DerivedData/**/SourcePackages/repositories | |
key: ${{ runner.os }}-${{ matrix.platform }}-spm-${{ hashFiles('**/Package.resolved') }} | |
restore-keys: | | |
${{ runner.os }}-${{ matrix.platform }}-spm- | |
- name: Select Xcode version | |
run: sudo xcode-select -s /Applications/Xcode_$(cat .xcode-version).app/Contents/Developer | |
- name: Prepare files | |
run: make | |
- name: Trust OpenAPI plugin | |
run: bash .github/workflows/trust-openapi-plugin.sh | |
- name: Run tests | |
run: | | |
xcodebuild test \ | |
CODE_SIGNING_ALLOWED=no \ | |
-scheme Fyreplace \ | |
-destination platform="${{ matrix.platform }},OS=$(cat .ios-test-version),name=$(cat .ios-test-model)" \ | |
-only-testing FyreplaceTests | |
publish: | |
name: Publish | |
needs: | |
- build | |
- test | |
runs-on: macos-latest | |
environment: apple-app-store | |
strategy: | |
matrix: | |
platform: | |
- ios | |
- osx | |
distribution: | |
- app-store | |
- standalone | |
exclude: | |
- platform: ios | |
distribution: standalone | |
steps: | |
- name: Download IPA | |
uses: actions/download-artifact@v4 | |
if: ${{ matrix.platform == 'ios' }} | |
with: | |
name: Fyreplace.ipa | |
path: /tmp | |
- name: Download PKG | |
uses: actions/download-artifact@v4 | |
if: ${{ matrix.platform == 'osx' }} | |
with: | |
name: ${{ matrix.distribution == 'standalone' && 'Fyreplace.standalone.pkg' || 'Fyreplace.pkg' }} | |
path: /tmp | |
- name: Set up App Store Connect authentication | |
env: | |
APP_STORE_CONNECT_PRIVATE_KEY_B64: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY_B64 }} | |
run: | | |
mkdir ~/private_keys | |
echo $APP_STORE_CONNECT_PRIVATE_KEY_B64 | base64 --decode > ~/private_keys/AuthKey_${{ vars.APP_STORE_CONNECT_KEY_ID }}.p8 | |
- name: Upload to App Store Connect | |
if: ${{ matrix.distribution == 'app-store' }} | |
run: | | |
for OPERATION in '--validate-app' '--upload-app' | |
do | |
xcrun altool \ | |
$OPERATION \ | |
--type ${{ matrix.platform }} \ | |
--file /tmp/Fyreplace.* \ | |
--apiKey ${{ vars.APP_STORE_CONNECT_KEY_ID }} \ | |
--apiIssuer ${{ vars.APP_STORE_CONNECT_ISSUER_ID }} | |
done | |
- name: Notorize PKG | |
if: ${{ matrix.distribution == 'standalone' }} | |
run: | | |
xcrun notarytool \ | |
submit \ | |
--wait \ | |
--key ~/private_keys/AuthKey_${{ vars.APP_STORE_CONNECT_KEY_ID }}.p8 \ | |
--key-id ${{ vars.APP_STORE_CONNECT_KEY_ID }} \ | |
--issuer ${{ vars.APP_STORE_CONNECT_ISSUER_ID }} \ | |
/tmp/Fyreplace.pkg | |
xcrun stapler staple /tmp/Fyreplace.pkg | |
- name: Upload PKG | |
uses: actions/upload-artifact@v4 | |
if: ${{ matrix.distribution == 'standalone' }} | |
with: | |
name: Fyreplace.standalone.pkg | |
path: /tmp/Fyreplace.pkg | |
overwrite: true | |
if-no-files-found: error |