From 7d15f9099edb19bbc17cb30a8d6ed74c2ca148cf Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 14 Jan 2024 15:12:14 +0100 Subject: [PATCH] Merge build steps, with CD --- .github/workflows/cd.yml | 128 ++++++++++++++++++++++++++++++++++++++- .gitignore | 7 ++- src/tag_validator.py | 9 ++- 3 files changed, 139 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index c66bc54..c44c641 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -6,8 +6,16 @@ on: branches: - main +# taken from: kiwix/apple .github/workflows/cd.yml +env: + KEYCHAIN: /Users/runner/build.keychain-db + KEYCHAIN_PASSWORD: mysecretpassword + KEYCHAIN_PROFILE: build-profile + SSH_KEY: /tmp/id_rsa + APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 + jobs: - publish: + generate: runs-on: macos-13 steps: @@ -32,7 +40,7 @@ jobs: with: repository: kiwix/apple path: apple - ref: main + ref: feature/build-optional-dependency-resolve - name: Install Python dependencies for custom project generation run: python -m pip install pyyaml @@ -65,4 +73,118 @@ jobs: # run xcodegen on our custom project xcodegen -s custom_project.yml - ls -la \ No newline at end of file + ls -la + + + + # taken from: kiwix/apple .github/workflows/cd.yml + build_and_deploy: + runs-on: macos-13 + needs: generate + strategy: + fail-fast: false + matrix: + destination: + - platform: macOS + - platform: iOS + xcode_extra: -sdk iphoneos + + steps: + + - name: Set up scheme, version, build_number from files + run: | + VERSION=$(cat .build_version) + echo "VERSION=$VERSION" >> $GITHUB_ENV + + BRAND=$(cat .brand_name) + echo "BRAND=$BRAND" >> $GITHUB_ENV + + - name: Set up variables for build + env: + PLATFORM: ${{ matrix.destination.platform }} + UPLOAD_TO: app-store + EXTRA_XCODEBUILD: ${{ matrix.destination.xcode_extra }} + APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} + APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} + shell: python + run: | + import os + + extra_xcode = os.getenv("EXTRA_XCODEBUILD", "") + if os.getenv("PLATFORM") == "iOS": + extra_xcode += f" -authenticationKeyPath {os.getenv('APPLE_STORE_AUTH_KEY_PATH')}" + extra_xcode += f" -authenticationKeyID {os.getenv('APPLE_STORE_AUTH_KEY_ID')}" + extra_xcode += f" -authenticationKeyIssuerID {os.getenv('APPLE_STORE_AUTH_KEY_ISSUER_ID')}" + + with open(os.getenv("GITHUB_ENV"), "a") as fh: + fh.write(f"EXPORT_METHOD={'app-store'}\n") + fh.write(f"EXTRA_XCODEBUILD={extra_xcode}\n") + + - name: Prepare use of Apple Distribution Certificate + shell: bash + env: + APPLE_DISTRIBUTION_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} + APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} + APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} + run: | + echo "SIGNING_CERTIFICATE=${APPLE_DISTRIBUTION_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" + echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" + echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV" + + - name: Add Apple Store Key + env: + APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} + shell: bash + run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH + + - name: Build xcarchive + uses: ./apple/.github/actions/xcbuild + with: + action: archive + xc-destination: generic/platform=${{ matrix.destination.platform }} + upload-to: "app-store" + # custom app specific + version: ${{ env.VERSION }} + XC_SCHEME: ${{ env.BRAND }} + DOWNLOAD_DEPENDENCIES: false + # eof custom app specific + APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + DEPLOYMENT_SIGNING_CERTIFICATE: ${{ env.SIGNING_CERTIFICATE }} + DEPLOYMENT_SIGNING_CERTIFICATE_P12_PASSWORD: ${{ env.SIGNING_CERTIFICATE_P12_PASSWORD }} + KEYCHAIN: ${{ env.KEYCHAIN }} + KEYCHAIN_PASSWORD: ${{ env.KEYCHAIN_PASSWORD }} + KEYCHAIN_PROFILE: ${{ env.KEYCHAIN_PROFILE }} + EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} + + - name: Add altool credentials to Keychain + shell: bash + env: + APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} + APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }} + APPLE_SIGNING_TEAM: ${{ secrets.APPLE_SIGNING_TEAM }} + run: | + security find-identity -v $KEYCHAIN + security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN + xcrun notarytool store-credentials \ + --apple-id "${APPLE_SIGNING_ALTOOL_USERNAME}" \ + --password "${APPLE_SIGNING_ALTOOL_PASSWORD}" \ + --team-id "${APPLE_SIGNING_TEAM}" \ + --validate \ + --keychain $KEYCHAIN \ + $KEYCHAIN_PROFILE + + - name: Prepare export for ${{ env.EXPORT_METHOD }} + run: | + plutil -create xml1 ./export.plist + plutil -insert destination -string upload ./export.plist + plutil -insert method -string $EXPORT_METHOD ./export.plist + + # - name: Upload Archive to Apple (App Store or Notarization) + # env: + # APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} + # APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} + # APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} + # run: xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID diff --git a/.gitignore b/.gitignore index 5224ca4..72b4409 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,9 @@ .vscode **/.DS_Store **/*.plist -custom_project_test.yml \ No newline at end of file +custom_project_test.yml + +# temp files for build +.brand_name +.build_number +.version_number \ No newline at end of file diff --git a/src/tag_validator.py b/src/tag_validator.py index 01c544a..bfddf7c 100644 --- a/src/tag_validator.py +++ b/src/tag_validator.py @@ -6,6 +6,7 @@ import sys from brand import Brand from version import Version from info_parser import InfoParser +from pathlib import Path def _is_valid(tag): @@ -37,7 +38,13 @@ def _is_valid(tag): parser = InfoParser(json_path=brand.info_file, build_number=version.build_number) if parser.version != version: _exit_with_error(f"Invalid date in tag: {tag}, does not match year.month of ZIM file in {brand.info_file}, it should be: {parser.version.semantic}") - + + # save the specific parts of the tag as temp files: + Path('.brand_name').write_text(f"{brand.name}") + Path('.build_number').write_text(f"{version.build_number}") + Path('.version_number').write_text(f"{version.semantic_downgraded}") + + # required as an output, we can pipe on: print(f"{brand.name} {version.build_number}") else: