-
Notifications
You must be signed in to change notification settings - Fork 0
138 lines (120 loc) · 5.29 KB
/
ios.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#inspired by:
#https://canopas.com/automate-flutter-ios-app-deployment-with-github-actions-and-codemagic-cli-4d063ea6ef08
#https://blog.okaryo.studio/en/20240911-flutter-ios-firebase-app-distribution-github-actions-not-auto-signing/
#to create certificate: https://mzansibytes.com/2021/08/28/create-apple-developer-certificates-on-windows/
name: iOS Build and Deploy
on:
workflow_dispatch:
jobs:
ios_deployment:
runs-on: macos-latest
steps:
# Step 1: Checkout Code
- name: Checkout Repository
uses: actions/checkout@v4
# Step 2: Set up Flutter SDK
- name: Set up Flutter SDK
uses: flutter-actions/setup-flutter@v3
with:
channel: stable
version: 3.27.1 # Keep this up to date with flutter --version
# Step 3: Install Dependencies
- name: Install Dependencies
run: |
flutter clean
flutter pub get
flutter analyze --no-fatal-infos --no-fatal-warnings
# Step 4: Initialize Keychain
- name: Initialize Keychain
env:
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
security create-keychain -p "$KEYCHAIN_PASSWORD" $RUNNER_TEMP/app-signing.keychain-db
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $RUNNER_TEMP/app-signing.keychain-db
security list-keychain -d user -s $RUNNER_TEMP/app-signing.keychain-db
# Step 5: Configure Provisioning Profile
- name: Configure Provisioning Profile
env:
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
run: |
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
echo "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/PiusApp_Distribution_24_12.mobileprovision
# Step 6: Configure Distribution Certificate
- name: Configure Distribution Certificate
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
echo "$BUILD_CERTIFICATE_BASE64" | base64 --decode > /tmp/certificate.p12
security import /tmp/certificate.p12 -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $RUNNER_TEMP/app-signing.keychain-db
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $RUNNER_TEMP/app-signing.keychain-db
# Step 7: Parse Build Number and Name from pubspec.yaml
- name: Parse Build Number and Name
id: version
run: |
VERSION_LINE=$(grep '^version:' pubspec.yaml)
VERSION=$(echo $VERSION_LINE | cut -d' ' -f2 | cut -d'+' -f1)
BUILD_NUMBER=$(echo $VERSION_LINE | cut -d'+' -f2)
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV
# Step 8: Generate ExportOptions.plist from Template
- name: Generate ExportOptions.plist
env:
EXPORT_METHOD: "app-store"
EXPORT_DESTINATION: "export"
BUNDLE_ID: "de.equirinya.piusapp" # Change this when adapting to another app
PROVISIONING_PROFILE: "PiusApp Distribution 24_12"
TEAM_ID: ${{ secrets.TEAM_ID }}
run: |
envsubst < ios/Runner/ExportOptions-Template.plist > ios/Runner/ExportOptions.plist
# Step 9: Build IPA
- name: Build IPA
run: |
flutter build ipa \
--release \
--build-number=$BUILD_NUMBER \
--build-name=$VERSION \
--export-options-plist=ios/Runner/ExportOptions.plist
# Step 10: Create API Key File
- name: Create API Key File
env:
APPSTORE_API_KEY: ${{ secrets.APPSTORE_API_KEY }}
run: |
mkdir -p ~/.private_keys
echo "$APPSTORE_API_KEY" | base64 --decode > ~/.private_keys/AuthKey_${{ secrets.APPSTORE_API_KEY_ID }}.p8
# Step 11: Upload IPA to App Store Connect
- name: Upload to App Store Connect
env:
API_KEY_ID: ${{ secrets.APPSTORE_API_KEY_ID }}
API_ISSUER_ID: ${{ secrets.APPSTORE_ISSUER_ID }}
run: |
APP_FILE=$(find $(pwd) -name "*.ipa")
xcrun altool --upload-app -f "$APP_FILE" -t ios --apiKey "$API_KEY_ID" --apiIssuer "$API_ISSUER_ID"
# Step 12: Upload IPA to GitHub Release
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v$VERSION
release_name: "Release v$VERSION"
draft: true
prerelease: false
- name: Upload IPA to Release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: $(find $(pwd) -name "*.ipa")
asset_name: PiusApp-v$VERSION.ipa
asset_content_type: application/octet-stream
# Step 13: Cleanup Keychain and Profiles
- name: Cleanup
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm -rf ~/Library/MobileDevice/Provisioning\ Profiles
rm -rf ~/.private_keys