CI: Try to do the keysigning stuff for IOS

2025-06-29 18:38:36 +08:00 · 2020-11-10 21:21:33 +01:00
parent 5571fdb65e
commit 743a8b40e7
9 changed files with 48 additions and 3 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -11,7 +11,13 @@ jobs:
    steps:
      - uses: actions/checkout@v1
      - name: Install gpg
-        run: brew install gnupg git-crypt
+        run: brew install gnupg git-crypt md5sha1sum
+      - name: Unlock Secrets
+        env:
+          GITCRYPT_KEY: ${{ secrets.GITCRYPT_KEY }}
+        run: ./scripts/decrypt_secrets.sh
+      - name: Setup provisioning profile
+        run: ./scripts/add_ios_keys.sh
      - uses: subosito/flutter-action@v1
        with:
          flutter-version: "1.22.1"
--- a/ios/fastlane/Fastfile
+++ b/ios/fastlane/Fastfile
@ -6,7 +6,13 @@ platform :ios do
    build_app(
      scheme: "Runner",
      workspace: "Runner.xcworkspace",
-      export_method: "app-store"
+      export_method: "app-store",
+      export_options: {
+        provisioningProfiles: {
+          "io.gitjournal.gitjournal" => "CI - io.gitjournal.gitjournal",
+          "io.gitjournal.gitjournal.ShareExtension" => "CI - io.gitjournal.gitjournal.ShareExtension"
+        }
+      }
    )
    #upload_to_app_store(skip_metadata: true, skip_screenshots: true)
    upload_to_testflight(apple_id:"1466519634", skip_waiting_for_build_processing:true)
--- a/ios/keys/CI.mobileprovision
+++ b/ios/keys/CI.mobileprovision
--- a/ios/keys/CI__iogitjournalgitjournal.mobileprovision
+++ b/ios/keys/CI__iogitjournalgitjournal.mobileprovision
--- a/ios/keys/CI__iogitjournalgitjournalShareExtension.mobileprovision
+++ b/ios/keys/CI__iogitjournalgitjournalShareExtension.mobileprovision
--- a/ios/keys/ios_distribution_certificate.p12
+++ b/ios/keys/ios_distribution_certificate.p12
--- a/scripts/add_ios_keys.sh
+++ b/scripts/add_ios_keys.sh
@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -eox pipefail
+
+mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+
+cd ios/keys/
+
+uuid=$(security cms -D -i CI__iogitjournalgitjournal.mobileprovision | grep -aA1 UUID | grep -o "[-a-zA-Z0-9]\{36\}")
+cp ./CI__iogitjournalgitjournal.mobileprovision "$HOME/Library/MobileDevice/Provisioning Profiles/${uuid}.mobileprovision"
+
+uuid=$(security cms -D -i CI__iogitjournalgitjournalShareExtension.mobileprovision | grep -aA1 UUID | grep -o "[-a-zA-Z0-9]\{36\}")
+cp ./CI__iogitjournalgitjournalShareExtension.mobileprovision "$HOME/Library/MobileDevice/Provisioning Profiles/${uuid}.mobileprovision"
+
+ls -l "$HOME/Library/MobileDevice/Provisioning Profiles/"
+
+security create-keychain -p "" build.keychain
+security import ios_distribution.cer -t agg -k ~/Library/Keychains/build.keychain -P "" -A
+
+security list-keychains -s ~/Library/Keychains/build.keychain
+security default-keychain -s ~/Library/Keychains/build.keychain
+security unlock-keychain -p "" ~/Library/Keychains/build.keychain
+
+#security set-key-partition-list -S apple-tool:,apple: -s -k "" ~/Library/Keychains/build.keychain
--- a/scripts/build_ios.sh
+++ b/scripts/build_ios.sh
@ -46,4 +46,4 @@ echo "Build Name: $BUILD_NAME"
 flutter build ios --release --no-codesign --build-number=$BUILD_NUM --build-name=$BUILD_NAME

 cd ios
-#fastlane release
+fastlane release
--- a/scripts/decrypt_secrets.sh
+++ b/scripts/decrypt_secrets.sh
@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -eu pipefail
+
+echo "$GITCRYPT_KEY" | base64 -d > ./secret
+sha1sum ./secret
+
+echo 'Unlocking ...'
+git-crypt unlock ./secret