kiwix/kiwix-apple
1
0
Fork 0
mirror of https://github.com/kiwix/kiwix-apple.git synced 2025-09-28 22:43:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

Change upload to flow

Browse Source
This commit is contained in:
Balazs Perlaki-Horvath 2024-02-04 22:04:05 +01:00 committed by BPH
parent 4ec16d3f0f
commit 2619fc42fd
1 changed files with 64 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
.github/workflows/cd.yml vendored
View File

@ -19,82 +19,92 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
destination: platform: [iOS, macOS]
- platform: macOS uploadto: [app-store, ftp]
uploadto: dmg # destination:
- platform: macOS # - platform: macOS
uploadto: app-store # uploadto: dmg
- platform: iOS # - platform: macOS
uploadto: ipa # uploadto: app-store
- platform: iOS # - platform: iOS
uploadto: app-store # uploadto: ipa
# - platform: iOS
# uploadto: app-store
runs-on: macos-13 runs-on: macos-13
env: env:
APPLE_AUTH_PARAMS: "-authenticationKeyPath ${{ env.APPLE_STORE_AUTH_KEY_PATH }} -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" APPLE_AUTH_PARAMS: "-authenticationKeyPath ${{ env.APPLE_STORE_AUTH_KEY_PATH }} -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}"
# conditionally updated later:
EXPORT_METHOD: "app-store"
EXTRA_XCODEBUILD: "" EXTRA_XCODEBUILD: ""
UPLOAD_TO: ""
VERSION: ""
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: Set iOS extra xcode params - name: Set iOS extra xcode params
if: matrix.destination.platform == 'iOS' if: matrix.platform == 'iOS'
run: echo "EXTRA_XCODEBUILD=-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" env:
EXTRA_XCODEBUILD: "-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}"
run: echo
- name: Set macOS FTP export method
if: matrix.platform == 'macOS' && matrix.uploadto == 'ftp'
env:
EXPORT_METHOD: "developer-id"
run: echo
- name: Decide whether building nightly or release - name: Decide whether building nightly or release
env: env:
PLATFORM: ${{ matrix.destination.platform }} UPLOAD_TO: ${{ matrix.uploadto }}
UPLOAD_TO: ${{ matrix.destination.uploadto }}
shell: python shell: python
run: | run: |
import datetime import datetime
import os import os
upload_to = os.getenv("UPLOAD_TO")
if os.getenv("GITHUB_EVENT_NAME", "") == "release": if os.getenv("GITHUB_EVENT_NAME", "") == "release":
is_release = True
version = os.getenv("GITHUB_REF_NAME") version = os.getenv("GITHUB_REF_NAME")
upload_folder = f"release/{version}" upload_folder = f"release/{version}"
else: else:
is_release = False
version = str(datetime.date.today()) version = str(datetime.date.today())
upload_folder = f"nightly/{version}" upload_folder = f"nightly/{version}"
if upload_to == "app-store":
upload_to = os.getenv("UPLOAD_TO") upload_to = "" # do not upload in this case
export_method = "developer-id" if upload_to == "dmg" else "app-store"
upload_to_apple = True
if not is_release and upload_to == "app-store":
upload_to_apple = False
with open(os.getenv("GITHUB_ENV"), "a") as fh: with open(os.getenv("GITHUB_ENV"), "a") as fh:
fh.write(f"VERSION={version}\n") fh.write(f"VERSION={version}\n")
fh.write(f"ISRELEASE={'yes' if is_release else ''}\n")
fh.write(f"EXPORT_METHOD={export_method}\n")
fh.write(f"UPLOAD_FOLDER={upload_folder}\n") fh.write(f"UPLOAD_FOLDER={upload_folder}\n")
fh.write(f"UPLOAD_TO_APPLE={'yes' if upload_to_apple else ''}\n") fh.write(f"UPLOAD_TO={upload_to}\n")
- name: Prepare use of Developper ID Certificate - name: Use Developer ID Certificate
if: matrix.destination.uploadto == 'dmg' if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS'
env: env:
SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }} SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }}
SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }} SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }}
SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }} SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }}
run: echo "" run: echo
- name: Prepare use of Apple Development Certificate - name: Use Apple Development Certificate
if: matrix.destination.uploadto == 'ipa' if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS'
env: env:
SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}
SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}
SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }}
run: echo "" run: echo
- name: Prepare use of Apple Distribution Certificate - name: Use Apple Distribution Certificate
if: matrix.destination.uploadto == 'app-store' if: env.UPLOAD_TO == 'app-store'
env: env:
SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }}
SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }}
SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }}
run: echo "" run: echo
- name: Add Apple Store Key - name: Decode Apple Store Key
if: env.UPLOAD_TO != ''
env: env:
APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }}
APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }}
@ -102,10 +112,11 @@ jobs:
- name: Build xcarchive - name: Build xcarchive
uses: ./.github/actions/xcbuild uses: ./.github/actions/xcbuild
if: env.UPLOAD_TO != ''
with: with:
action: archive action: archive
xc-destination: generic/platform=${{ matrix.destination.platform }} xc-destination: generic/platform=${{ matrix.platform }}
upload-to: ${{ matrix.destination.uploadto }} upload-to: ${{ env.UPLOAD_TO }}
version: ${{ env.VERSION }} version: ${{ env.VERSION }}
APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}
APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}
@ -117,6 +128,7 @@ jobs:
EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }}
- name: Add altool credentials to Keychain - name: Add altool credentials to Keychain
if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp'
env: env:
APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}
APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }} APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}
@ -132,54 +144,47 @@ jobs:
--keychain $KEYCHAIN \ --keychain $KEYCHAIN \
$KEYCHAIN_PROFILE $KEYCHAIN_PROFILE
- name: Prepare export for ${{ env.EXPORT_METHOD }}
if: matrix.destination.uploadto != 'ipa'
run: |
plutil -create xml1 ./export.plist
plutil -insert destination -string upload ./export.plist
plutil -insert method -string $EXPORT_METHOD ./export.plist
- name: Prepare export for IPA - name: Prepare export for IPA
if: matrix.destination.uploadto == 'ipa' if: matrix.platform == 'iOS' && env.UPLOAD_TO == 'ftp'
run: | run: |
plutil -create xml1 ./export.plist plutil -create xml1 ./export.plist
plutil -insert method -string ad-hoc ./export.plist plutil -insert method -string ad-hoc ./export.plist
plutil -insert provisioningProfiles -dictionary ./export.plist plutil -insert provisioningProfiles -dictionary ./export.plist
plutil -replace provisioningProfiles -json '{ "self.Kiwix" : "iOS Team Provisioning Profile" }' ./export.plist plutil -replace provisioningProfiles -json '{ "self.Kiwix" : "iOS Team Provisioning Profile" }' ./export.plist
- name: Prepare export for ${{ env.EXPORT_METHOD }}
if: matrix.platform != 'iOS' || env.UPLOAD_TO == 'app-store'
run: |
plutil -create xml1 ./export.plist
plutil -insert destination -string upload ./export.plist
plutil -insert method -string $EXPORT_METHOD ./export.plist
- name: Upload Archive to Apple (App Store or Notarization) - name: Upload Archive to Apple (App Store or Notarization)
if: ${{ env.UPLOAD_TO_APPLE }} if: env.UPLOAD_TO == 'app-store'
run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates $APPLE_AUTH_PARAMS run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates $APPLE_AUTH_PARAMS
- name: Export notarized App from archive - name: Export notarized App from archive, Create DMG, Notarize DMG
if: matrix.destination.uploadto == 'dmg' if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp'
run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS
- name: Create DMG
if: matrix.destination.uploadto == 'dmg'
run: | run: |
python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS
pip install dmgbuild pip install dmgbuild
dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg
- name: Notarize DMG
if: matrix.destination.uploadto == 'dmg'
run: |
xcrun notarytool submit --keychain $KEYCHAIN --keychain-profile $KEYCHAIN_PROFILE --wait $PWD/kiwix-$VERSION.dmg xcrun notarytool submit --keychain $KEYCHAIN --keychain-profile $KEYCHAIN_PROFILE --wait $PWD/kiwix-$VERSION.dmg
xcrun stapler staple $PWD/kiwix-$VERSION.dmg xcrun stapler staple $PWD/kiwix-$VERSION.dmg
- name: Add SSH_KEY to filesystem - name: Add SSH_KEY to filesystem
if: matrix.destination.uploadto == 'dmg' || matrix.destination.uploadto == 'ipa' if: env.UPLOAD_TO == 'ftp'
shell: bash shell: bash
run: | run: |
echo "${{ secrets.SSH_KEY }}" > $SSH_KEY echo "${{ secrets.SSH_KEY }}" > $SSH_KEY
chmod 600 $SSH_KEY chmod 600 $SSH_KEY
- name: Upload DMG - name: Upload DMG
if: matrix.destination.uploadto == 'dmg' if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS'
run: python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} run: python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY}
- name: Upload IPA - name: Upload IPA
if: matrix.destination.uploadto == 'ipa' if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS'
run: | run: |
mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa
python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY}