From 4ec16d3f0fd3efc6ac2452980303885706e8b68d Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 4 Feb 2024 13:20:22 +0100 Subject: [PATCH 01/17] Simplify CD steps --- .github/workflows/cd.yml | 97 ++++++++++++++-------------------------- 1 file changed, 34 insertions(+), 63 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 993a7f1f..2e087ebc 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -26,22 +26,24 @@ jobs: uploadto: app-store - platform: iOS uploadto: ipa - xcode_extra: -sdk iphoneos - platform: iOS uploadto: app-store - xcode_extra: -sdk iphoneos runs-on: macos-13 + env: + APPLE_AUTH_PARAMS: "-authenticationKeyPath ${{ env.APPLE_STORE_AUTH_KEY_PATH }} -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" + EXTRA_XCODEBUILD: "" steps: - name: Checkout code uses: actions/checkout@v3 + + - name: Set iOS extra xcode params + if: matrix.destination.platform == 'iOS' + run: echo "EXTRA_XCODEBUILD=-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" + - name: Decide whether building nightly or release env: PLATFORM: ${{ matrix.destination.platform }} UPLOAD_TO: ${{ matrix.destination.uploadto }} - EXTRA_XCODEBUILD: ${{ matrix.destination.xcode_extra }} - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} shell: python run: | import datetime @@ -61,61 +63,41 @@ jobs: if not is_release and upload_to == "app-store": upload_to_apple = False - extra_xcode = os.getenv("EXTRA_XCODEBUILD", "") - if os.getenv("PLATFORM") == "iOS": - extra_xcode += f" -authenticationKeyPath {os.getenv('APPLE_STORE_AUTH_KEY_PATH')}" - extra_xcode += f" -authenticationKeyID {os.getenv('APPLE_STORE_AUTH_KEY_ID')}" - extra_xcode += f" -authenticationKeyIssuerID {os.getenv('APPLE_STORE_AUTH_KEY_ISSUER_ID')}" - with open(os.getenv("GITHUB_ENV"), "a") as fh: fh.write(f"VERSION={version}\n") fh.write(f"ISRELEASE={'yes' if is_release else ''}\n") fh.write(f"EXPORT_METHOD={export_method}\n") fh.write(f"UPLOAD_FOLDER={upload_folder}\n") - fh.write(f"EXTRA_XCODEBUILD={extra_xcode}\n") fh.write(f"UPLOAD_TO_APPLE={'yes' if upload_to_apple else ''}\n") - name: Prepare use of Developper ID Certificate - if: ${{ matrix.destination.uploadto == 'dmg' }} - shell: bash + if: matrix.destination.uploadto == 'dmg' env: - APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }} - APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }} - APPLE_DEVELOPER_ID_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }} - run: | - echo "SIGNING_CERTIFICATE=${APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" - echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" - echo "SIGNING_IDENTITY=${APPLE_DEVELOPER_ID_SIGNING_IDENTITY}" >> "$GITHUB_ENV" + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }} + SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }} + run: echo "" - name: Prepare use of Apple Development Certificate - if: ${{ matrix.destination.uploadto == 'ipa' }} - shell: bash + if: matrix.destination.uploadto == 'ipa' env: - APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} - run: | - echo "SIGNING_CERTIFICATE=${APPLE_DEVELOPMENT_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" - echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" - echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV" + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} + SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} + run: echo "" - name: Prepare use of Apple Distribution Certificate - if: ${{ matrix.destination.uploadto == 'app-store' }} - shell: bash + if: matrix.destination.uploadto == 'app-store' env: - APPLE_DISTRIBUTION_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} - APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} - APPLE_DEVELOPMENT_SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} - run: | - echo "SIGNING_CERTIFICATE=${APPLE_DISTRIBUTION_SIGNING_CERTIFICATE}" >> "$GITHUB_ENV" - echo "SIGNING_CERTIFICATE_P12_PASSWORD=${APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD}" >> "$GITHUB_ENV" - echo "SIGNING_IDENTITY=${APPLE_DEVELOPMENT_SIGNING_IDENTITY}" >> "$GITHUB_ENV" + SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} + SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} + SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} + run: echo "" - name: Add Apple Store Key env: APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} - shell: bash run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH - name: Build xcarchive @@ -135,7 +117,6 @@ jobs: EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} - name: Add altool credentials to Keychain - shell: bash env: APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }} @@ -152,14 +133,14 @@ jobs: $KEYCHAIN_PROFILE - name: Prepare export for ${{ env.EXPORT_METHOD }} - if: ${{ matrix.destination.uploadto != 'ipa' }} + if: matrix.destination.uploadto != 'ipa' run: | plutil -create xml1 ./export.plist plutil -insert destination -string upload ./export.plist plutil -insert method -string $EXPORT_METHOD ./export.plist - name: Prepare export for IPA - if: ${{ matrix.destination.uploadto == 'ipa' }} + if: matrix.destination.uploadto == 'ipa' run: | plutil -create xml1 ./export.plist plutil -insert method -string ad-hoc ./export.plist @@ -168,47 +149,37 @@ jobs: - name: Upload Archive to Apple (App Store or Notarization) if: ${{ env.UPLOAD_TO_APPLE }} - env: - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} - run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID + run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates $APPLE_AUTH_PARAMS - name: Export notarized App from archive - if: ${{ matrix.destination.uploadto == 'dmg' }} - env: - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} - run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -authenticationKeyPath $APPLE_STORE_AUTH_KEY_PATH -allowProvisioningUpdates -authenticationKeyID $APPLE_STORE_AUTH_KEY_ID -authenticationKeyIssuerID $APPLE_STORE_AUTH_KEY_ISSUER_ID + if: matrix.destination.uploadto == 'dmg' + run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS - name: Create DMG - if: ${{ matrix.destination.uploadto == 'dmg' }} + if: matrix.destination.uploadto == 'dmg' run: | pip install dmgbuild dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg - name: Notarize DMG - if: ${{ matrix.destination.uploadto == 'dmg' }} + if: matrix.destination.uploadto == 'dmg' run: | xcrun notarytool submit --keychain $KEYCHAIN --keychain-profile $KEYCHAIN_PROFILE --wait $PWD/kiwix-$VERSION.dmg xcrun stapler staple $PWD/kiwix-$VERSION.dmg - name: Add SSH_KEY to filesystem - if: ${{ matrix.destination.uploadto == 'dmg' || matrix.destination.uploadto == 'ipa' }} + if: matrix.destination.uploadto == 'dmg' || matrix.destination.uploadto == 'ipa' shell: bash - env: - PRIVATE_KEY: ${{ secrets.SSH_KEY }} run: | - echo "${PRIVATE_KEY}" > $SSH_KEY + echo "${{ secrets.SSH_KEY }}" > $SSH_KEY chmod 600 $SSH_KEY - name: Upload DMG - if: ${{ matrix.destination.uploadto == 'dmg' }} + if: matrix.destination.uploadto == 'dmg' run: python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} - name: Upload IPA - if: ${{ matrix.destination.uploadto == 'ipa' }} + if: matrix.destination.uploadto == 'ipa' run: | mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} From 2619fc42fd975779b703fbbac7ef1ffc294b601f Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 4 Feb 2024 22:04:05 +0100 Subject: [PATCH 02/17] Change upload to flow --- .github/workflows/cd.yml | 123 ++++++++++++++++++++------------------- 1 file changed, 64 insertions(+), 59 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 2e087ebc..a0deb220 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -19,82 +19,92 @@ jobs: strategy: fail-fast: false matrix: - destination: - - platform: macOS - uploadto: dmg - - platform: macOS - uploadto: app-store - - platform: iOS - uploadto: ipa - - platform: iOS - uploadto: app-store + platform: [iOS, macOS] + uploadto: [app-store, ftp] + # destination: + # - platform: macOS + # uploadto: dmg + # - platform: macOS + # uploadto: app-store + # - platform: iOS + # uploadto: ipa + # - platform: iOS + # uploadto: app-store runs-on: macos-13 env: APPLE_AUTH_PARAMS: "-authenticationKeyPath ${{ env.APPLE_STORE_AUTH_KEY_PATH }} -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" + # conditionally updated later: + EXPORT_METHOD: "app-store" EXTRA_XCODEBUILD: "" + UPLOAD_TO: "" + VERSION: "" + steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set iOS extra xcode params - if: matrix.destination.platform == 'iOS' - run: echo "EXTRA_XCODEBUILD=-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" + if: matrix.platform == 'iOS' + env: + EXTRA_XCODEBUILD: "-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" + run: echo + + - name: Set macOS FTP export method + if: matrix.platform == 'macOS' && matrix.uploadto == 'ftp' + env: + EXPORT_METHOD: "developer-id" + run: echo - name: Decide whether building nightly or release env: - PLATFORM: ${{ matrix.destination.platform }} - UPLOAD_TO: ${{ matrix.destination.uploadto }} + UPLOAD_TO: ${{ matrix.uploadto }} shell: python run: | import datetime import os + + upload_to = os.getenv("UPLOAD_TO") + if os.getenv("GITHUB_EVENT_NAME", "") == "release": - is_release = True version = os.getenv("GITHUB_REF_NAME") upload_folder = f"release/{version}" else: - is_release = False version = str(datetime.date.today()) upload_folder = f"nightly/{version}" - - upload_to = os.getenv("UPLOAD_TO") - export_method = "developer-id" if upload_to == "dmg" else "app-store" - upload_to_apple = True - if not is_release and upload_to == "app-store": - upload_to_apple = False + if upload_to == "app-store": + upload_to = "" # do not upload in this case with open(os.getenv("GITHUB_ENV"), "a") as fh: fh.write(f"VERSION={version}\n") - fh.write(f"ISRELEASE={'yes' if is_release else ''}\n") - fh.write(f"EXPORT_METHOD={export_method}\n") fh.write(f"UPLOAD_FOLDER={upload_folder}\n") - fh.write(f"UPLOAD_TO_APPLE={'yes' if upload_to_apple else ''}\n") + fh.write(f"UPLOAD_TO={upload_to}\n") - - name: Prepare use of Developper ID Certificate - if: matrix.destination.uploadto == 'dmg' + - name: Use Developer ID Certificate + if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS' env: SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }} SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }} SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }} - run: echo "" + run: echo - - name: Prepare use of Apple Development Certificate - if: matrix.destination.uploadto == 'ipa' + - name: Use Apple Development Certificate + if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS' env: SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} - run: echo "" + run: echo - - name: Prepare use of Apple Distribution Certificate - if: matrix.destination.uploadto == 'app-store' + - name: Use Apple Distribution Certificate + if: env.UPLOAD_TO == 'app-store' env: SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} - run: echo "" + run: echo - - name: Add Apple Store Key + - name: Decode Apple Store Key + if: env.UPLOAD_TO != '' env: APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} @@ -102,10 +112,11 @@ jobs: - name: Build xcarchive uses: ./.github/actions/xcbuild + if: env.UPLOAD_TO != '' with: action: archive - xc-destination: generic/platform=${{ matrix.destination.platform }} - upload-to: ${{ matrix.destination.uploadto }} + xc-destination: generic/platform=${{ matrix.platform }} + upload-to: ${{ env.UPLOAD_TO }} version: ${{ env.VERSION }} APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} @@ -117,6 +128,7 @@ jobs: EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} - name: Add altool credentials to Keychain + if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' env: APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }} @@ -132,54 +144,47 @@ jobs: --keychain $KEYCHAIN \ $KEYCHAIN_PROFILE - - name: Prepare export for ${{ env.EXPORT_METHOD }} - if: matrix.destination.uploadto != 'ipa' - run: | - plutil -create xml1 ./export.plist - plutil -insert destination -string upload ./export.plist - plutil -insert method -string $EXPORT_METHOD ./export.plist - - name: Prepare export for IPA - if: matrix.destination.uploadto == 'ipa' + if: matrix.platform == 'iOS' && env.UPLOAD_TO == 'ftp' run: | plutil -create xml1 ./export.plist plutil -insert method -string ad-hoc ./export.plist plutil -insert provisioningProfiles -dictionary ./export.plist plutil -replace provisioningProfiles -json '{ "self.Kiwix" : "iOS Team Provisioning Profile" }' ./export.plist + - name: Prepare export for ${{ env.EXPORT_METHOD }} + if: matrix.platform != 'iOS' || env.UPLOAD_TO == 'app-store' + run: | + plutil -create xml1 ./export.plist + plutil -insert destination -string upload ./export.plist + plutil -insert method -string $EXPORT_METHOD ./export.plist + - name: Upload Archive to Apple (App Store or Notarization) - if: ${{ env.UPLOAD_TO_APPLE }} + if: env.UPLOAD_TO == 'app-store' run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates $APPLE_AUTH_PARAMS - - name: Export notarized App from archive - if: matrix.destination.uploadto == 'dmg' - run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS - - - name: Create DMG - if: matrix.destination.uploadto == 'dmg' + - name: Export notarized App from archive, Create DMG, Notarize DMG + if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' run: | + python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS pip install dmgbuild dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg - - - name: Notarize DMG - if: matrix.destination.uploadto == 'dmg' - run: | xcrun notarytool submit --keychain $KEYCHAIN --keychain-profile $KEYCHAIN_PROFILE --wait $PWD/kiwix-$VERSION.dmg xcrun stapler staple $PWD/kiwix-$VERSION.dmg - name: Add SSH_KEY to filesystem - if: matrix.destination.uploadto == 'dmg' || matrix.destination.uploadto == 'ipa' + if: env.UPLOAD_TO == 'ftp' shell: bash run: | echo "${{ secrets.SSH_KEY }}" > $SSH_KEY chmod 600 $SSH_KEY - name: Upload DMG - if: matrix.destination.uploadto == 'dmg' + if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS' run: python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} - name: Upload IPA - if: matrix.destination.uploadto == 'ipa' + if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS' run: | mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} From 00127fd2382eb29d11105ebf4cb9144b3143bfdb Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 4 Feb 2024 22:29:10 +0100 Subject: [PATCH 03/17] Simplify CI steps, remove unused xcbuild param --- .github/actions/xcbuild/action.yml | 2 -- .github/workflows/cd.yml | 10 ++++--- .github/workflows/ci.yml | 47 +++++++++--------------------- 3 files changed, 20 insertions(+), 39 deletions(-) diff --git a/.github/actions/xcbuild/action.yml b/.github/actions/xcbuild/action.yml index 56b29d21..12eb633a 100644 --- a/.github/actions/xcbuild/action.yml +++ b/.github/actions/xcbuild/action.yml @@ -8,8 +8,6 @@ inputs: required: true xc-destination: required: true - upload-to: - required: true APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: required: true APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index a0deb220..d45527de 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -12,7 +12,7 @@ env: KEYCHAIN_PASSWORD: mysecretpassword KEYCHAIN_PROFILE: build-profile SSH_KEY: /tmp/id_rsa - APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 + jobs: build_and_deploy: @@ -32,12 +32,15 @@ jobs: # uploadto: app-store runs-on: macos-13 env: - APPLE_AUTH_PARAMS: "-authenticationKeyPath ${{ env.APPLE_STORE_AUTH_KEY_PATH }} -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" + APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 + APPLE_AUTH_PARAMS: "-authenticationKeyPath /tmp/authkey.p8 -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" # conditionally updated later: EXPORT_METHOD: "app-store" EXTRA_XCODEBUILD: "" UPLOAD_TO: "" - VERSION: "" + VERSION: "" + SIGNING_CERTIFICATE: "" + SIGNING_CERTIFICATE_P12_PASSWORD: "" steps: - name: Checkout code @@ -116,7 +119,6 @@ jobs: with: action: archive xc-destination: generic/platform=${{ matrix.platform }} - upload-to: ${{ env.UPLOAD_TO }} version: ${{ env.VERSION }} APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e548fef5..6abe5f74 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,9 +7,6 @@ on: branches: - main -env: - APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 - jobs: authorize: # sets environment based on origin of PR: internal (non-existent) for own-repo or external (requires reviewer to run) for external repos @@ -20,54 +17,38 @@ jobs: build: needs: authorize runs-on: macos-13 + env: + EXTRA_XCODEBUILD: "" + APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 + APPLE_AUTH_PARAMS: "-authenticationKeyPath /tmp/authkey.p8 -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" strategy: fail-fast: false matrix: - destination: - - platform: macOS - - platform: iOS - xcode_extra: -sdk iphoneos + platform: [macOS, iOS] + steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # /!\ important: this checks out code from the HEAD of the PR instead of the main branch (for pull_request_target) ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Add Apple Store Key - if: ${{ matrix.destination.platform == 'iOS' }} - env: - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} - shell: bash - run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH + if: matrix.platform == 'iOS' + run: echo "${{ secrets.APPLE_STORE_AUTH_KEY }}" | base64 --decode -o ${{ env.APPLE_STORE_AUTH_KEY_PATH}} - - name: Extend EXTRA_XCODEBUILD - if: ${{ matrix.destination.platform == 'iOS' }} + - name: Set EXTRA_XCODEBUILD + if: matrix.platform == 'iOS' env: - EXTRA_XCODEBUILD: ${{ matrix.destination.xcode_extra }} - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} - APPLE_STORE_AUTH_KEY_ISSUER_ID: ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }} - shell: python - run: | - import os - extra_xcode = os.getenv("EXTRA_XCODEBUILD", "") - extra_xcode += f" -authenticationKeyPath {os.getenv('APPLE_STORE_AUTH_KEY_PATH')}" - extra_xcode += f" -authenticationKeyID {os.getenv('APPLE_STORE_AUTH_KEY_ID')}" - extra_xcode += f" -authenticationKeyIssuerID {os.getenv('APPLE_STORE_AUTH_KEY_ISSUER_ID')}" - - with open(os.getenv("GITHUB_ENV"), "a") as fh: - fh.write(f"EXTRA_XCODEBUILD={extra_xcode}\n") + EXTRA_XCODEBUILD: "-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" + run: echo - name: Build uses: ./.github/actions/xcbuild with: action: build - xc-destination: generic/platform=${{ matrix.destination.platform }} - upload-to: dev + xc-destination: generic/platform=${{ matrix.platform }} version: CI APPLE_DEVELOPMENT_SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} - From 62444f14daf8320e517b85a3976943c0574d185a Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 4 Feb 2024 22:30:59 +0100 Subject: [PATCH 04/17] Remove uncommented ones --- .github/workflows/cd.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index d45527de..b7ccddd4 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -21,15 +21,6 @@ jobs: matrix: platform: [iOS, macOS] uploadto: [app-store, ftp] - # destination: - # - platform: macOS - # uploadto: dmg - # - platform: macOS - # uploadto: app-store - # - platform: iOS - # uploadto: ipa - # - platform: iOS - # uploadto: app-store runs-on: macos-13 env: APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 From dd6d7733608b94b0dc3a0bdbd076492d6fa20290 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Sun, 4 Feb 2024 23:59:37 +0100 Subject: [PATCH 05/17] Fix title, inline vars --- .github/workflows/cd.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index b7ccddd4..d22a3911 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -99,10 +99,7 @@ jobs: - name: Decode Apple Store Key if: env.UPLOAD_TO != '' - env: - APPLE_STORE_AUTH_KEY_PATH: ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - APPLE_STORE_AUTH_KEY: ${{ secrets.APPLE_STORE_AUTH_KEY }} - run: echo "${APPLE_STORE_AUTH_KEY}" | base64 --decode -o $APPLE_STORE_AUTH_KEY_PATH + run: echo "${{ secrets.APPLE_STORE_AUTH_KEY }}" | base64 --decode -o ${{ env.APPLE_STORE_AUTH_KEY_PATH }} - name: Build xcarchive uses: ./.github/actions/xcbuild @@ -145,7 +142,7 @@ jobs: plutil -insert provisioningProfiles -dictionary ./export.plist plutil -replace provisioningProfiles -json '{ "self.Kiwix" : "iOS Team Provisioning Profile" }' ./export.plist - - name: Prepare export for ${{ env.EXPORT_METHOD }} + - name: Prepare export for ${{ matrix.uploadto }} if: matrix.platform != 'iOS' || env.UPLOAD_TO == 'app-store' run: | plutil -create xml1 ./export.plist From db144138a525a8b88226e9945258a218c3a8c898 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Mon, 5 Feb 2024 00:03:33 +0100 Subject: [PATCH 06/17] Regroup env variables --- .github/workflows/cd.yml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index d22a3911..2df5a070 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -12,8 +12,16 @@ env: KEYCHAIN_PASSWORD: mysecretpassword KEYCHAIN_PROFILE: build-profile SSH_KEY: /tmp/id_rsa + APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 + APPLE_AUTH_PARAMS: "-authenticationKeyPath /tmp/authkey.p8 -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" + # conditionally updated later: + EXPORT_METHOD: "app-store" + EXTRA_XCODEBUILD: "" + UPLOAD_TO: "" + VERSION: "" + SIGNING_CERTIFICATE: "" + SIGNING_CERTIFICATE_P12_PASSWORD: "" - jobs: build_and_deploy: strategy: @@ -22,17 +30,7 @@ jobs: platform: [iOS, macOS] uploadto: [app-store, ftp] runs-on: macos-13 - env: - APPLE_STORE_AUTH_KEY_PATH: /tmp/authkey.p8 - APPLE_AUTH_PARAMS: "-authenticationKeyPath /tmp/authkey.p8 -authenticationKeyID ${{ secrets.APPLE_STORE_AUTH_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPLE_STORE_AUTH_KEY_ISSUER_ID }}" - # conditionally updated later: - EXPORT_METHOD: "app-store" - EXTRA_XCODEBUILD: "" - UPLOAD_TO: "" - VERSION: "" - SIGNING_CERTIFICATE: "" - SIGNING_CERTIFICATE_P12_PASSWORD: "" - + steps: - name: Checkout code uses: actions/checkout@v4 From 7b2f8640784911c3fb97c234f1855dc6a14ca05c Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Mon, 5 Feb 2024 00:46:00 +0100 Subject: [PATCH 07/17] Fix env vars --- .github/workflows/cd.yml | 36 ++++++++++++++---------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 2df5a070..e21b100d 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -37,15 +37,11 @@ jobs: - name: Set iOS extra xcode params if: matrix.platform == 'iOS' - env: - EXTRA_XCODEBUILD: "-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" - run: echo + run: echo "EXTRA_XCODEBUILD=-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" >> $GITHUB_ENV - name: Set macOS FTP export method if: matrix.platform == 'macOS' && matrix.uploadto == 'ftp' - env: - EXPORT_METHOD: "developer-id" - run: echo + run: echo "EXPORT_METHOD=developer-id" >> $GITHUB_ENV - name: Decide whether building nightly or release env: @@ -73,27 +69,24 @@ jobs: - name: Use Developer ID Certificate if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS' - env: - SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }} - SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }} - SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }} - run: echo + run: | + echo "SIGNING_CERTIFICATE=${{ secrets.APPLE_DEVELOPER_ID_SIGNING_CERTIFICATE }}" >> $GITHUB_ENV + echo "SIGNING_CERTIFICATE_P12_PASSWORD=${{ secrets.APPLE_DEVELOPER_ID_SIGNING_P12_PASSWORD }}" >> $GITHUB_ENV + echo "SIGNING_IDENTITY=${{ secrets.APPLE_DEVELOPER_ID_SIGNING_IDENTITY }}" >> $GITHUB_ENV - name: Use Apple Development Certificate if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS' - env: - SIGNING_CERTIFICATE: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }} - SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }} - SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} - run: echo + run: | + echo "SIGNING_CERTIFICATE=${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}" >> $GITHUB_ENV + echo "SIGNING_CERTIFICATE_P12_PASSWORD=${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}" >> $GITHUB_ENV + echo "SIGNING_IDENTITY=${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }}" >> $GITHUB_ENV - name: Use Apple Distribution Certificate if: env.UPLOAD_TO == 'app-store' - env: - SIGNING_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }} - SIGNING_CERTIFICATE_P12_PASSWORD: ${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }} - SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} - run: echo + run: | + echo "SIGNING_CERTIFICATE=${{ secrets.APPLE_DISTRIBUTION_SIGNING_CERTIFICATE }}" >> $GITHUB_ENV + echo "SIGNING_CERTIFICATE_P12_PASSWORD=${{ secrets.APPLE_DISTRIBUTION_SIGNING_P12_PASSWORD }}" >> $GITHUB_ENV + echo "SIGNING_IDENTITY=${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }}" >> $GITHUB_ENV - name: Decode Apple Store Key if: env.UPLOAD_TO != '' @@ -162,7 +155,6 @@ jobs: - name: Add SSH_KEY to filesystem if: env.UPLOAD_TO == 'ftp' - shell: bash run: | echo "${{ secrets.SSH_KEY }}" > $SSH_KEY chmod 600 $SSH_KEY From 70e330f1d1414f91c9cc07794f0d3fd3f23f53ba Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Mon, 5 Feb 2024 10:44:43 +0100 Subject: [PATCH 08/17] Add debug, skip upload for testing --- .github/workflows/cd.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index e21b100d..11937312 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -144,6 +144,9 @@ jobs: if: env.UPLOAD_TO == 'app-store' run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates $APPLE_AUTH_PARAMS + - name: Show the list of files + run: ls -la + - name: Export notarized App from archive, Create DMG, Notarize DMG if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' run: | From 4a6d5b8b8b3e9c14c32fe34a94ef3bec7e0f7f6c Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 6 Feb 2024 13:52:26 +0100 Subject: [PATCH 09/17] Split the export archive part, temp. disable upload --- .github/workflows/cd.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 11937312..8d2a0ddc 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -142,15 +142,20 @@ jobs: - name: Upload Archive to Apple (App Store or Notarization) if: env.UPLOAD_TO == 'app-store' - run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates $APPLE_AUTH_PARAMS + run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} + + - name: Export notarized App from archive + if: env.UPLOAD_TO == 'ftp' + run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} - name: Show the list of files - run: ls -la - - - name: Export notarized App from archive, Create DMG, Notarize DMG - if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' run: | - python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates $APPLE_AUTH_PARAMS + ls -la + ls -la export/ + + - name: Create and Notarize Notarize DMG + if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' + run: | pip install dmgbuild dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg xcrun notarytool submit --keychain $KEYCHAIN --keychain-profile $KEYCHAIN_PROFILE --wait $PWD/kiwix-$VERSION.dmg @@ -164,10 +169,12 @@ jobs: - name: Upload DMG if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS' - run: python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} + run: | + echo + # python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} - name: Upload IPA if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS' run: | mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa - python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} + # python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} From 6ce1377dd3c782706299a1159b6e0f5c75e89ba1 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 6 Feb 2024 14:22:00 +0100 Subject: [PATCH 10/17] Fix env --- .github/workflows/cd.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 8d2a0ddc..0ea52405 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -142,19 +142,24 @@ jobs: - name: Upload Archive to Apple (App Store or Notarization) if: env.UPLOAD_TO == 'app-store' + env: + VERSION: ${{ env.VERSION }} run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} - name: Export notarized App from archive if: env.UPLOAD_TO == 'ftp' + env: + VERSION: ${{ env.VERSION }} run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} - name: Show the list of files run: | ls -la - ls -la export/ - name: Create and Notarize Notarize DMG if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' + env: + VERSION: ${{ env.VERSION }} run: | pip install dmgbuild dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg @@ -169,12 +174,16 @@ jobs: - name: Upload DMG if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS' + env: + VERSION: ${{ env.VERSION }} run: | echo # python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} - name: Upload IPA if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS' + env: + VERSION: ${{ env.VERSION }} run: | mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa # python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} From 7639720af5f5a667a05a1cc5cac94c5d47045610 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Tue, 6 Feb 2024 20:53:26 +0100 Subject: [PATCH 11/17] Revert notarization if else --- .github/workflows/cd.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 0ea52405..7a824199 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -109,7 +109,7 @@ jobs: EXTRA_XCODEBUILD: ${{ env.EXTRA_XCODEBUILD }} - name: Add altool credentials to Keychain - if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' + if: env.UPLOAD_TO == 'ftp' env: APPLE_SIGNING_ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} APPLE_SIGNING_ALTOOL_PASSWORD: ${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }} @@ -152,11 +152,7 @@ jobs: VERSION: ${{ env.VERSION }} run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} - - name: Show the list of files - run: | - ls -la - - - name: Create and Notarize Notarize DMG + - name: Create and Notarize DMG if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' env: VERSION: ${{ env.VERSION }} From ce1b9e72126352c7f95624a860c730b510d2dd47 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 7 Feb 2024 11:04:46 +0100 Subject: [PATCH 12/17] Use full semantic version 3.0.0 --- project.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project.yml b/project.yml index f910527f..f5c7b3e7 100644 --- a/project.yml +++ b/project.yml @@ -94,7 +94,7 @@ targets: - ApplicationTemplate settings: base: - MARKETING_VERSION: "3.3" + MARKETING_VERSION: "3.3.0" PRODUCT_BUNDLE_IDENTIFIER: self.Kiwix INFOPLIST_KEY_CFBundleDisplayName: Kiwix INFOPLIST_FILE: Support/Info.plist From 9ee4ce2ed6e5daff1827f1b35b80a72b3a0339f3 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 7 Feb 2024 11:05:08 +0100 Subject: [PATCH 13/17] Remove if condition for notarization --- .github/workflows/cd.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 7a824199..ee4b8af8 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -141,7 +141,6 @@ jobs: plutil -insert method -string $EXPORT_METHOD ./export.plist - name: Upload Archive to Apple (App Store or Notarization) - if: env.UPLOAD_TO == 'app-store' env: VERSION: ${{ env.VERSION }} run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} From a581f44849eb3493231e1a0637cefbd431c76941 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 7 Feb 2024 12:00:43 +0100 Subject: [PATCH 14/17] Change if condition --- .github/workflows/cd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index ee4b8af8..4f076cc6 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -141,6 +141,7 @@ jobs: plutil -insert method -string $EXPORT_METHOD ./export.plist - name: Upload Archive to Apple (App Store or Notarization) + if: env.UPLOAD_TO != '' env: VERSION: ${{ env.VERSION }} run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} From 73bc56d66ec929890215dae03eb5b0d6b39e08f7 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 7 Feb 2024 12:28:46 +0100 Subject: [PATCH 15/17] Update conditions --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 4f076cc6..a2fb570e 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -147,7 +147,7 @@ jobs: run: python .github/retry-if-retcode.py --sleep 60 --attempts 5 --retcode 70 xcrun xcodebuild -exportArchive -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -exportOptionsPlist export.plist -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} - name: Export notarized App from archive - if: env.UPLOAD_TO == 'ftp' + if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' env: VERSION: ${{ env.VERSION }} run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} From 692dc6c389b06568f030758a4f8989d7f7c632b8 Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Wed, 7 Feb 2024 13:18:02 +0100 Subject: [PATCH 16/17] Uncomment --- .github/workflows/cd.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index a2fb570e..368a62e8 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -173,8 +173,7 @@ jobs: env: VERSION: ${{ env.VERSION }} run: | - echo - # python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} + python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} - name: Upload IPA if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS' @@ -182,4 +181,4 @@ jobs: VERSION: ${{ env.VERSION }} run: | mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa - # python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} + python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} From a3b4799ad68856f2ab7198004ddb6fe74238482a Mon Sep 17 00:00:00 2001 From: Balazs Perlaki-Horvath Date: Thu, 8 Feb 2024 09:31:28 +0100 Subject: [PATCH 17/17] Update env variables --- .github/workflows/cd.yml | 11 +++-------- .github/workflows/ci.yml | 4 +--- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 368a62e8..7da37a05 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -134,6 +134,9 @@ jobs: plutil -replace provisioningProfiles -json '{ "self.Kiwix" : "iOS Team Provisioning Profile" }' ./export.plist - name: Prepare export for ${{ matrix.uploadto }} + # else statement for Prepare export for IPA + # excluding UPLOAD_TO == '', which really means we should not upload + # [(macOS, ftp), (macOS, app-store), (iOS, app-store)] if: matrix.platform != 'iOS' || env.UPLOAD_TO == 'app-store' run: | plutil -create xml1 ./export.plist @@ -148,14 +151,10 @@ jobs: - name: Export notarized App from archive if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' - env: - VERSION: ${{ env.VERSION }} run: python .github/retry-if-retcode.py --sleep 60 --attempts 20 --retcode 65 xcrun xcodebuild -exportNotarizedApp -archivePath $PWD/Kiwix-$VERSION.xcarchive -exportPath $PWD/export/ -allowProvisioningUpdates ${{ env.APPLE_AUTH_PARAMS }} - name: Create and Notarize DMG if: matrix.platform == 'macOS' && env.UPLOAD_TO == 'ftp' - env: - VERSION: ${{ env.VERSION }} run: | pip install dmgbuild dmgbuild -s .github/dmg-settings.py -Dapp=$PWD/export/Kiwix.app -Dbg=.github/dmg-bg.png "Kiwix-$VERSION" $PWD/kiwix-$VERSION.dmg @@ -170,15 +169,11 @@ jobs: - name: Upload DMG if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'macOS' - env: - VERSION: ${{ env.VERSION }} run: | python .github/upload_file.py --src ${PWD}/kiwix-${VERSION}.dmg --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} - name: Upload IPA if: env.UPLOAD_TO == 'ftp' && matrix.platform == 'iOS' - env: - VERSION: ${{ env.VERSION }} run: | mv ${PWD}/export/Kiwix.ipa ${PWD}/export/kiwix-${VERSION}.ipa python .github/upload_file.py --src ${PWD}/export/kiwix-${VERSION}.ipa --dest ci@master.download.kiwix.org:30022/data/download/${UPLOAD_FOLDER} --ssh-key ${SSH_KEY} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6abe5f74..b5d155d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,9 +39,7 @@ jobs: - name: Set EXTRA_XCODEBUILD if: matrix.platform == 'iOS' - env: - EXTRA_XCODEBUILD: "-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" - run: echo + run: echo "EXTRA_XCODEBUILD=-sdk iphoneos ${{ env.APPLE_AUTH_PARAMS }}" >> $GITHUB_ENV - name: Build uses: ./.github/actions/xcbuild