From 2619fc42fd975779b703fbbac7ef1ffc294b601f Mon Sep 17 00:00:00 2001
From: Balazs Perlaki-Horvath <ba.perlaki@gmail.com>
Date: Sun, 4 Feb 2024 22:04:05 +0100
Subject: [PATCH] Change upload to flow

---
 .github/workflows/cd.yml | 123 ++++++++++++++++++++-------------------
 1 file changed, 64 insertions(+), 59 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 2e087ebc..a0deb220 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -19,82 +19,92 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        destination:
-          - platform: macOS
-            uploadto: dmg
-          - platform: macOS
-            uploadto: app-store
-          - platform: iOS
-            uploadto: ipa
-          - platform: iOS
-            uploadto: app-store
+        platform: [iOS, macOS]
+        uploadto: [app-store, ftp]
+        # destination:
+        #   - platform: macOS
+        #     uploadto: dmg
+        #   - platform: macOS
+        #     uploadto: app-store
+        #   - platform: iOS
+        #     uploadto: ipa
+        #   - platform: iOS
+        #     uploadto: app-store
     runs-on: macos-13
     env:
       APPLE_AUTH_PARAMS: "-authenticationKeyPath ${{ env.APPLE_STORE_AUTH_KEY_PATH }} -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}"
+      # conditionally updated later:
+      EXPORT_METHOD: "app-store"
       EXTRA_XCODEBUILD: ""
+      UPLOAD_TO: ""
+      VERSION: "" 
+      
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set iOS extra xcode params
-      if: matrix.destination.platform == 'iOS'
-      run: echo "EXTRA_XCODEBUILD=-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" 
+      if: matrix.platform == 'iOS'
+      env:
+        EXTRA_XCODEBUILD: "-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}"
+      run: echo
+
+    - name: Set macOS FTP export method
+      if: matrix.platform == 'macOS' && matrix.uploadto == 'ftp'
+      env:
+        EXPORT_METHOD: "developer-id"
+      run: echo
 
     - name: Decide whether building nightly or release
       env:
-        PLATFORM: ${{ matrix.destination.platform }}
-        UPLOAD_TO: ${{ matrix.destination.uploadto }}
+        UPLOAD_TO: ${{ matrix.uploadto }}
       shell: python
       run: |
         import datetime
         import os
+
+        upload_to = os.getenv("UPLOAD_TO")
+
         if os.getenv("GITHUB_EVENT_NAME", "") == "release":
-          is_release = True
           version = os.getenv("GITHUB_REF_NAME")
           upload_folder = f"release/{version}"
         else:
-          is_release = False
           version = str(datetime.date.today())
           upload_folder = f"nightly/{version}"
-
-        upload_to = os.getenv("UPLOAD_TO")
-        export_method = "developer-id" if upload_to == "dmg" else "app-store"
-        upload_to_apple = True
-        if not is_release and upload_to == "app-store":
-          upload_to_apple = False
+          if upload_to == "app-store":
+            upload_to = "" # do not upload in this case
 
         with open(os.getenv("GITHUB_ENV"), "a") as fh:
           fh.write(f"VERSION={version}\n")
-          fh.write(f"ISRELEASE={'yes' if is_release else ''}\n")
-          fh.write(f"EXPORT_METHOD={export_method}\n")
           fh.write(f"UPLOAD_FOLDER={upload_folder}\n")
-          fh.write(f"UPLOAD_TO_APPLE={'yes' if upload_to_apple else ''}\n")
+          fh.write(f"UPLOAD_TO={upload_to}\n")
 
-    - name: Prepare use of Developper ID Certificate
-      if: matrix.destination.uploadto == 'dmg'
+    - name: Use Developer ID Certificate
+      if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS'
       env:
         SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }}
         SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }}
         SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }}
-      run: echo ""
+      run: echo
 
-    - name: Prepare use of Apple Development Certificate
-      if: matrix.destination.uploadto == 'ipa'
+    - name: Use Apple Development Certificate
+      if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS'
       env:
         SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}
         SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}
         SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }}
-      run: echo ""
+      run: echo
 
-    - name: Prepare use of Apple Distribution Certificate
-      if: matrix.destination.uploadto == 'app-store'
+    - name: Use Apple Distribution Certificate
+      if: env.UPLOAD_TO == 'app-store'
       env:
         SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }}
         SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }}
         SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }}
-      run: echo ""
+      run: echo
 
-    - name: Add Apple Store Key
+    - name: Decode Apple Store Key
+      if: env.UPLOAD_TO != ''
       env:
         APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }}
         APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }}
@@ -102,10 +112,11 @@ jobs:
 
     - name: Build xcarchive
       uses: ./.github/actions/xcbuild
+      if: env.UPLOAD_TO != ''
       with:
         action: archive
-        xc-destination: generic/platform=${{ matrix.destination.platform }}
-        upload-to: ${{ matrix.destination.uploadto }}
+        xc-destination: generic/platform=${{ matrix.platform }}
+        upload-to: ${{ env.UPLOAD_TO }}
         version: ${{ env.VERSION }}
         APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}
         APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}
@@ -117,6 +128,7 @@ jobs:
         EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }}
 
     - name: Add altool credentials to Keychain
+      if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp'
       env:
         APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}
         APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}
@@ -132,54 +144,47 @@ jobs:
             --keychain $KEYCHAIN \
             $KEYCHAIN_PROFILE
 
-    - name: Prepare export for ${{ env.EXPORT_METHOD }}
-      if: matrix.destination.uploadto != 'ipa'
-      run: |
-        plutil -create xml1 ./export.plist
-        plutil -insert destination -string upload ./export.plist
-        plutil -insert method -string $EXPORT_METHOD ./export.plist
-
     - name: Prepare export for IPA
-      if: matrix.destination.uploadto == 'ipa'
+      if: matrix.platform == 'iOS' && env.UPLOAD_TO == 'ftp'
       run: |
         plutil -create xml1 ./export.plist
         plutil -insert method -string ad-hoc ./export.plist
         plutil -insert provisioningProfiles -dictionary ./export.plist
         plutil -replace provisioningProfiles -json '{ "self.Kiwix" : "iOS Team Provisioning Profile" }' ./export.plist
 
+    - name: Prepare export for ${{ env.EXPORT_METHOD }}
+      if: matrix.platform != 'iOS' || env.UPLOAD_TO == 'app-store'
+      run: |
+        plutil -create xml1 ./export.plist
+        plutil -insert destination -string upload ./export.plist
+        plutil -insert method -string $EXPORT_METHOD ./export.plist
+
     - name: Upload Archive to Apple (App Store or Notarization)
-      if: ${{ env.UPLOAD_TO_APPLE }}
+      if: env.UPLOAD_TO == 'app-store'
       run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates $APPLE_AUTH_PARAMS
 
-    - name: Export notarized App from archive
-      if: matrix.destination.uploadto == 'dmg'
-      run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS
-
-    - name: Create DMG
-      if: matrix.destination.uploadto == 'dmg'
+    - name: Export notarized App from archive, Create DMG, Notarize DMG
+      if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp'
       run: |
+        python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS
         pip install dmgbuild
         dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg
-
-    - name: Notarize DMG
-      if: matrix.destination.uploadto == 'dmg'
-      run: |
         xcrun notarytool submit --keychain $KEYCHAIN --keychain-profile $KEYCHAIN_PROFILE --wait $PWD/kiwix-$VERSION.dmg
         xcrun stapler staple $PWD/kiwix-$VERSION.dmg
 
     - name: Add SSH_KEY to filesystem
-      if: matrix.destination.uploadto == 'dmg' || matrix.destination.uploadto == 'ipa'
+      if: env.UPLOAD_TO == 'ftp'
       shell: bash
       run: |
         echo "${{ secrets.SSH_KEY }}" > $SSH_KEY
         chmod 600 $SSH_KEY
 
     - name: Upload DMG
-      if: matrix.destination.uploadto == 'dmg'
+      if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS'
       run: python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY}
 
     - name: Upload IPA
-      if: matrix.destination.uploadto == 'ipa'
+      if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS'
       run: |
         mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa
         python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY}