diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 94688a7d..30e9ce80 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,13 @@ jobs: steps: - uses: actions/checkout@v1 - name: Install gpg - run: brew install gnupg git-crypt + run: brew install gnupg git-crypt md5sha1sum + - name: Unlock Secrets + env: + GITCRYPT_KEY: ${{ secrets.GITCRYPT_KEY }} + run: ./scripts/decrypt_secrets.sh + - name: Setup provisioning profile + run: ./scripts/add_ios_keys.sh - uses: subosito/flutter-action@v1 with: flutter-version: "1.22.1" diff --git a/ios/fastlane/Fastfile b/ios/fastlane/Fastfile index 54563307..4a79c8bf 100644 --- a/ios/fastlane/Fastfile +++ b/ios/fastlane/Fastfile @@ -6,7 +6,13 @@ platform :ios do build_app( scheme: "Runner", workspace: "Runner.xcworkspace", - export_method: "app-store" + export_method: "app-store", + export_options: { + provisioningProfiles: { + "io.gitjournal.gitjournal" => "CI - io.gitjournal.gitjournal", + "io.gitjournal.gitjournal.ShareExtension" => "CI - io.gitjournal.gitjournal.ShareExtension" + } + } ) #upload_to_app_store(skip_metadata: true, skip_screenshots: true) upload_to_testflight(apple_id:"1466519634", skip_waiting_for_build_processing:true) diff --git a/ios/keys/CI.mobileprovision b/ios/keys/CI.mobileprovision deleted file mode 100644 index c1e48e47..00000000 Binary files a/ios/keys/CI.mobileprovision and /dev/null differ diff --git a/ios/keys/CI__iogitjournalgitjournal.mobileprovision b/ios/keys/CI__iogitjournalgitjournal.mobileprovision new file mode 100644 index 00000000..0ed31450 Binary files /dev/null and b/ios/keys/CI__iogitjournalgitjournal.mobileprovision differ diff --git a/ios/keys/CI__iogitjournalgitjournalShareExtension.mobileprovision b/ios/keys/CI__iogitjournalgitjournalShareExtension.mobileprovision new file mode 100644 index 00000000..c86258b6 Binary files /dev/null and b/ios/keys/CI__iogitjournalgitjournalShareExtension.mobileprovision differ diff --git a/ios/keys/ios_distribution_certificate.p12 b/ios/keys/ios_distribution_certificate.p12 new file mode 100644 index 00000000..3b98db9d Binary files /dev/null and b/ios/keys/ios_distribution_certificate.p12 differ diff --git a/scripts/add_ios_keys.sh b/scripts/add_ios_keys.sh new file mode 100755 index 00000000..02cda078 --- /dev/null +++ b/scripts/add_ios_keys.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -eox pipefail + +mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + +cd ios/keys/ + +uuid=$(security cms -D -i CI__iogitjournalgitjournal.mobileprovision | grep -aA1 UUID | grep -o "[-a-zA-Z0-9]\{36\}") +cp ./CI__iogitjournalgitjournal.mobileprovision "$HOME/Library/MobileDevice/Provisioning Profiles/${uuid}.mobileprovision" + +uuid=$(security cms -D -i CI__iogitjournalgitjournalShareExtension.mobileprovision | grep -aA1 UUID | grep -o "[-a-zA-Z0-9]\{36\}") +cp ./CI__iogitjournalgitjournalShareExtension.mobileprovision "$HOME/Library/MobileDevice/Provisioning Profiles/${uuid}.mobileprovision" + +ls -l "$HOME/Library/MobileDevice/Provisioning Profiles/" + +security create-keychain -p "" build.keychain +security import ios_distribution.cer -t agg -k ~/Library/Keychains/build.keychain -P "" -A + +security list-keychains -s ~/Library/Keychains/build.keychain +security default-keychain -s ~/Library/Keychains/build.keychain +security unlock-keychain -p "" ~/Library/Keychains/build.keychain + +#security set-key-partition-list -S apple-tool:,apple: -s -k "" ~/Library/Keychains/build.keychain diff --git a/scripts/build_ios.sh b/scripts/build_ios.sh index d23b19f1..e712c366 100755 --- a/scripts/build_ios.sh +++ b/scripts/build_ios.sh @@ -46,4 +46,4 @@ echo "Build Name: $BUILD_NAME" flutter build ios --release --no-codesign --build-number=$BUILD_NUM --build-name=$BUILD_NAME cd ios -#fastlane release +fastlane release diff --git a/scripts/decrypt_secrets.sh b/scripts/decrypt_secrets.sh new file mode 100755 index 00000000..da5c8508 --- /dev/null +++ b/scripts/decrypt_secrets.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -eu pipefail + +echo "$GITCRYPT_KEY" | base64 -d > ./secret +sha1sum ./secret + +echo 'Unlocking ...' +git-crypt unlock ./secret