From 8f6fd7106c84331d67f7b4985e90c5dd0160441d Mon Sep 17 00:00:00 2001
From: Balazs Perlaki-Horvath <ba.perlaki@gmail.com>
Date: Sun, 14 Jan 2024 19:49:49 +0100
Subject: [PATCH] Directly add actions

---
 .github/actions/install-cert/action.yml |  31 ++++++
 .github/actions/xcbuild/action.yml      | 125 ++++++++++++++++++++++++
 .github/workflows/cd.yml                |   1 -
 3 files changed, 156 insertions(+), 1 deletion(-)
 create mode 100644 .github/actions/install-cert/action.yml
 create mode 100644 .github/actions/xcbuild/action.yml

diff --git a/.github/actions/install-cert/action.yml b/.github/actions/install-cert/action.yml
new file mode 100644
index 0000000..fea8855
--- /dev/null
+++ b/.github/actions/install-cert/action.yml
@@ -0,0 +1,31 @@
+name: Install Certificate in Keychain
+description: Install a single cert in existing keychain
+
+inputs:
+  KEYCHAIN:
+    required: true
+  KEYCHAIN_PASSWORD:
+    required: true
+  SIGNING_CERTIFICATE:
+    required: true
+  SIGNING_CERTIFICATE_P12_PASSWORD:
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Install certificate
+      shell: bash
+      env:
+        KEYCHAIN: ${{ inputs.KEYCHAIN }}
+        KEYCHAIN_PASSWORD: ${{ inputs.KEYCHAIN_PASSWORD }}
+        CERTIFICATE_PATH: /tmp/cert.p12
+        SIGNING_CERTIFICATE: ${{ inputs.SIGNING_CERTIFICATE }}
+        SIGNING_CERTIFICATE_P12_PASSWORD: ${{ inputs.SIGNING_CERTIFICATE_P12_PASSWORD }}
+      run: |
+        security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
+        echo "${SIGNING_CERTIFICATE}" | base64 --decode -o $CERTIFICATE_PATH
+        security import $CERTIFICATE_PATH -k $KEYCHAIN -P "${SIGNING_CERTIFICATE_P12_PASSWORD}" -A -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
+        rm $CERTIFICATE_PATH
+        security find-identity -v $KEYCHAIN
+        security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN
diff --git a/.github/actions/xcbuild/action.yml b/.github/actions/xcbuild/action.yml
new file mode 100644
index 0000000..1a2f143
--- /dev/null
+++ b/.github/actions/xcbuild/action.yml
@@ -0,0 +1,125 @@
+name: Build with Xcode
+description: Run xcodebuild for Kiwix
+
+inputs:
+  action:
+    required: true
+  version:
+    required: true
+  xc-destination:
+    required: true
+  upload-to:
+    required: true
+  APPLE_DEVELOPMENT_SIGNING_CERTIFICATE:
+    required: true
+  APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD:
+    required: true
+  DEPLOYMENT_SIGNING_CERTIFICATE:
+    required: false
+  DEPLOYMENT_SIGNING_CERTIFICATE_P12_PASSWORD:
+    required: false
+  KEYCHAIN:
+    required: false
+    default: /Users/runner/build.keychain-db
+  KEYCHAIN_PASSWORD:
+    required: false
+    default: mysecretpassword
+  KEYCHAIN_PROFILE:
+    required: false
+    default: build-profile
+  XC_WORKSPACE:
+    required: false
+    default: Kiwix.xcodeproj/project.xcworkspace/
+  XC_SCHEME:
+    required: false
+    default: Kiwix
+  XC_CONFIG:
+    required: false
+    default: Release
+  EXTRA_XCODEBUILD:
+    required: false
+    default: ""
+
+runs:
+  using: composite
+  steps:
+
+    # not necessary on github runner but serves as documentation for local setup
+    - name: Update Apple Intermediate Certificate
+      shell: bash
+      run: |
+        curl -L -o ~/Downloads/AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
+        sudo security import ~/Downloads/AppleWWDRCAG3.cer \
+          -k /Library/Keychains/System.keychain \
+          -T /usr/bin/codesign \
+          -T /usr/bin/security \
+          -T /usr/bin/productbuild || true
+
+    - name: Set Xcode version (15.0.1)
+      shell: bash
+      # https://github.com/actions/runner-images/blob/main/images/macos/macos-13-Readme.md#xcode
+      run: sudo xcode-select -s /Applications/Xcode_15.0.1.app
+
+    - name: Create Keychain
+      shell: bash
+      env:
+        KEYCHAIN: ${{ inputs.KEYCHAIN }}
+        KEYCHAIN_PASSWORD: ${{ inputs.KEYCHAIN_PASSWORD }}
+        KEYCHAIN_PROFILE: ${{ inputs.KEYCHAIN_PROFILE }}
+        CERTIFICATE_PATH: /tmp/cert.p12
+        APPLE_DEVELOPER_CERTIFICATE_PATH: /tmp/dev-cert.p12
+        SIGNING_CERTIFICATE: ${{ inputs.SIGNING_CERTIFICATE }}
+        SIGNING_CERTIFICATE_P12_PASSWORD: ${{ inputs.SIGNING_CERTIFICATE_P12_PASSWORD }}
+        APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE: ${{ inputs.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }}
+        APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD: ${{ inputs.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }}
+      run: |
+        security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
+        security default-keychain -s $KEYCHAIN
+        security set-keychain-settings $KEYCHAIN
+        security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
+
+    - name: Add Apple Development certificate to Keychain
+      uses: ./.github/actions/install-cert
+      with:
+        SIGNING_CERTIFICATE: ${{ inputs.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}
+        SIGNING_CERTIFICATE_P12_PASSWORD: ${{ inputs.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}
+        KEYCHAIN: ${{ inputs.KEYCHAIN }}
+        KEYCHAIN_PASSWORD: ${{ inputs.KEYCHAIN_PASSWORD }}
+
+    - name: Add Distribution certificate to Keychain
+      if: ${{ inputs.DEPLOYMENT_SIGNING_CERTIFICATE }}
+      uses: ./.github/actions/install-cert
+      with:
+        SIGNING_CERTIFICATE: ${{ inputs.DEPLOYMENT_SIGNING_CERTIFICATE }}
+        SIGNING_CERTIFICATE_P12_PASSWORD: ${{ inputs.DEPLOYMENT_SIGNING_CERTIFICATE_P12_PASSWORD }}
+        KEYCHAIN: ${{ inputs.KEYCHAIN }}
+        KEYCHAIN_PASSWORD: ${{ inputs.KEYCHAIN_PASSWORD }}
+
+    - name: Download dependencies
+      shell: bash
+      run: brew bundle
+
+    - name: Prepare Xcode
+      shell: bash
+      run: xcrun xcodebuild -checkFirstLaunchStatus || xcrun xcodebuild -runFirstLaunch
+
+    - name: Dump build settings
+      env:
+        XC_WORKSPACE: ${{ inputs.XC_WORKSPACE }}
+        XC_SCHEME: ${{ inputs.XC_SCHEME }}
+      shell: bash
+      run: xcrun xcodebuild -workspace $XC_WORKSPACE -scheme $XC_SCHEME -showBuildSettings
+
+    # build is launched up to twice as it's common the build fails, looking for CoreKiwix module
+    - name: Build with Xcode
+      env:
+        FRAMEWORK_SEARCH_PATHS: ${{ env.PWD }}
+        ACTION: ${{ inputs.action }}
+        VERSION: ${{ inputs.version }}
+        XC_WORKSPACE: ${{ inputs.XC_WORKSPACE }}
+        XC_SCHEME: ${{ inputs.XC_SCHEME }}
+        XC_CONFIG: ${{ inputs.XC_CONFIG }}
+        XC_DESTINATION: ${{ inputs.xc-destination }}
+        EXTRA_XCODEBUILD: ${{ inputs.EXTRA_XCODEBUILD }}
+      shell: bash
+      run: xcrun xcodebuild ${EXTRA_XCODEBUILD} -workspace $XC_WORKSPACE -scheme $XC_SCHEME -destination "$XC_DESTINATION" -configuration $XC_CONFIG -onlyUsePackageVersionsFromResolvedFile -allowProvisioningUpdates -verbose -archivePath $PWD/Kiwix-$VERSION.xcarchive ${ACTION}
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index ae2e7c3..4b8de8e 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -86,7 +86,6 @@ jobs:
 
       - name: Set up scheme, version, build_number from files
         run: |
-          mv apple/.github/actions/ .github/
           cd apple
           ls -la custom