From 4ec16d3f0fd3efc6ac2452980303885706e8b68d Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 4 Feb 2024 13:20:22 +0100 Subject: [PATCH] Simplify CD steps --- .github/workflows/cd.yml | 97 ++++++++++++++-------------------------- 1 file changed, 34 insertions(+), 63 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 993a7f1f..2e087ebc 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -26,22 +26,24 @@ jobs: uploadto: app-store - platform: iOS uploadto: ipa - xcode_extra: -sdk iphoneos - platform: iOS uploadto: app-store - xcode_extra: -sdk iphoneos runs-on: macos-13 + env: + APPLE_AUTH_PARAMS: "-authenticationKeyPath ${{ env.APPLE_STORE_AUTH_KEY_PATH }} -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" + EXTRA_XCODEBUILD: "" steps: - name: Checkout code uses: actions/checkout@v3 + + - name: Set iOS extra xcode params + if: matrix.destination.platform == 'iOS' + run: echo "EXTRA_XCODEBUILD=-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" + - name: Decide whether building nightly or release env: PLATFORM: ${{ matrix.destination.platform }} UPLOAD_TO: ${{ matrix.destination.uploadto }} - EXTRA_XCODEBUILD: ${{ matrix.destination.xcode_extra }} - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} shell: python run: | import datetime @@ -61,61 +63,41 @@ jobs: if not is_release and upload_to == "app-store": upload_to_apple = False - extra_xcode = os.getenv("EXTRA_XCODEBUILD", "") - if os.getenv("PLATFORM") == "iOS": - extra_xcode += f" -authenticationKeyPath {os.getenv('APPLE_STORE_AUTH_KEY_PATH')}" - extra_xcode += f" -authenticationKeyID {os.getenv('APPLE_STORE_AUTH_KEY_ID')}" - extra_xcode += f" -authenticationKeyIssuerID {os.getenv('APPLE_STORE_AUTH_KEY_ISSUER_ID')}" - with open(os.getenv("GITHUB_ENV"), "a") as fh: fh.write(f"VERSION={version}\n") fh.write(f"ISRELEASE={'yes' if is_release else ''}\n") fh.write(f"EXPORT_METHOD={export_method}\n") fh.write(f"UPLOAD_FOLDER={upload_folder}\n") - fh.write(f"EXTRA_XCODEBUILD={extra_xcode}\n") fh.write(f"UPLOAD_TO_APPLE={'yes' if upload_to_apple else ''}\n") - name: Prepare use of Developper ID Certificate - if: ${{ matrix.destination.uploadto == 'dmg' }} - shell: bash + if: matrix.destination.uploadto == 'dmg' env: - APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }} - APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }} - APPLE_DEVELOPER_ID_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }} - run: | - echo "SIGNING_CERTIFICATE=${APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" - echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" - echo "SIGNING_IDENTITY=${APPLE_DEVELOPER_ID_SIGNING_IDENTITY}" >> "$GITHUB_ENV" + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }} + SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }} + run: echo "" - name: Prepare use of Apple Development Certificate - if: ${{ matrix.destination.uploadto == 'ipa' }} - shell: bash + if: matrix.destination.uploadto == 'ipa' env: - APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} - run: | - echo "SIGNING_CERTIFICATE=${APPLE_DEVELOPMENT_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" - echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" - echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV" + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} + run: echo "" - name: Prepare use of Apple Distribution Certificate - if: ${{ matrix.destination.uploadto == 'app-store' }} - shell: bash + if: matrix.destination.uploadto == 'app-store' env: - APPLE_DISTRIBUTION_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} - APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} - APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} - run: | - echo "SIGNING_CERTIFICATE=${APPLE_DISTRIBUTION_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" - echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" - echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV" + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} + SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} + run: echo "" - name: Add Apple Store Key env: APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} - shell: bash run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH - name: Build xcarchive @@ -135,7 +117,6 @@ jobs: EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} - name: Add altool credentials to Keychain - shell: bash env: APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }} @@ -152,14 +133,14 @@ jobs: $KEYCHAIN_PROFILE - name: Prepare export for ${{ env.EXPORT_METHOD }} - if: ${{ matrix.destination.uploadto != 'ipa' }} + if: matrix.destination.uploadto != 'ipa' run: | plutil -create xml1 ./export.plist plutil -insert destination -string upload ./export.plist plutil -insert method -string $EXPORT_METHOD ./export.plist - name: Prepare export for IPA - if: ${{ matrix.destination.uploadto == 'ipa' }} + if: matrix.destination.uploadto == 'ipa' run: | plutil -create xml1 ./export.plist plutil -insert method -string ad-hoc ./export.plist @@ -168,47 +149,37 @@ jobs: - name: Upload Archive to Apple (App Store or Notarization) if: ${{ env.UPLOAD_TO_APPLE }} - env: - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} - run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID + run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates $APPLE_AUTH_PARAMS - name: Export notarized App from archive - if: ${{ matrix.destination.uploadto == 'dmg' }} - env: - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} - run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID + if: matrix.destination.uploadto == 'dmg' + run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS - name: Create DMG - if: ${{ matrix.destination.uploadto == 'dmg' }} + if: matrix.destination.uploadto == 'dmg' run: | pip install dmgbuild dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg - name: Notarize DMG - if: ${{ matrix.destination.uploadto == 'dmg' }} + if: matrix.destination.uploadto == 'dmg' run: | xcrun notarytool submit --keychain $KEYCHAIN --keychain-profile $KEYCHAIN_PROFILE --wait $PWD/kiwix-$VERSION.dmg xcrun stapler staple $PWD/kiwix-$VERSION.dmg - name: Add SSH_KEY to filesystem - if: ${{ matrix.destination.uploadto == 'dmg' || matrix.destination.uploadto == 'ipa' }} + if: matrix.destination.uploadto == 'dmg' || matrix.destination.uploadto == 'ipa' shell: bash - env: - PRIVATE_KEY: ${{ secrets.SSH_KEY }} run: | - echo "${PRIVATE_KEY}" > $SSH_KEY + echo "${{ secrets.SSH_KEY }}" > $SSH_KEY chmod 600 $SSH_KEY - name: Upload DMG - if: ${{ matrix.destination.uploadto == 'dmg' }} + if: matrix.destination.uploadto == 'dmg' run: python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} - name: Upload IPA - if: ${{ matrix.destination.uploadto == 'ipa' }} + if: matrix.destination.uploadto == 'ipa' run: | mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY}