From e4a6fca883d52eebdf5517b655163d2e089edb9c Mon Sep 17 00:00:00 2001 From: Simon McLoughlin Date: Mon, 27 May 2024 11:07:57 +0100 Subject: [PATCH] - disable watchdog termination alerts from sentry as too many false flags - add prov profiles to codeQL script to allow build to run --- .github/workflows/codeql.yml | 55 ++++++++++++++++++++++++++++++++++ Kukai Mobile/AppDelegate.swift | 1 + 2 files changed, 56 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7453a049..7e9e62c2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,6 +21,61 @@ jobs: - name: Get current date run: echo "NOW=$(date +'%Y-%m-%dT%H-%M-%S')" >> $GITHUB_ENV + + # Env variables + - name: Setup Global Env + run: | + echo "BUILD_CERTIFICATE_BASE64=${{ secrets.BUILD_CERTIFICATE_BASE64 }}" >> $GITHUB_ENV + echo "P12_PASSWORD=${{ secrets.P12_PASSWORD }}" >> $GITHUB_ENV + echo "KEYCHAIN_PASSWORD=${{ secrets.KEYCHAIN_PASSWORD }}" >> $GITHUB_ENV + + - name: Setup env variables for main + if: github.ref == 'refs/heads/main' + run: | + echo "BUILD_PROVISION_PROFILE_BASE64=${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}" >> $GITHUB_ENV + + - name: Setup env varibales for develop + if: github.ref == 'refs/heads/develop' + run: | + echo "BUILD_PROVISION_PROFILE_BASE64=${{ secrets.BUILD_PROVISION_PROFILE_BETA_BASE64 }}" >> $GITHUB_ENV + + + + # Upload Base64 copies of apple certs to github following these instructions: + # Note: Use app store distribution certs + # https://docs.github.com/en/actions/guides/installing-an-apple-certificate-on-macos-runners-for-xcode-development + # + # Every time we update certs / profiles or they expire, we need to update the following github actions secrets + # BUILD_CERTIFICATE_BASE64 = exported distribution cert from inside Xcode account settings, copied with `base64 -i | pbcopy` + # P12_PASSWORD = whatever new password created for previous file + # BUILD_PROVISION_PROFILE_BASE64 = download "Kukai Mobile Prov Dist App Store" from app store connect, copied with `base64 -i | pbcopy` + # BUILD_PROVISION_PROFILE_BETA_BASE64 = download "Kukai Mobile Beta Prov Dist App Store" from app store connect, copied with `base64 -i | pbcopy` + # + - name: Install the Apple certificate and provisioning profile + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + + # import certificate and provisioning profile from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH + echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH + + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + + # apply provisioning profile + mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles + + - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: diff --git a/Kukai Mobile/AppDelegate.swift b/Kukai Mobile/AppDelegate.swift index 452ac2d5..4772dcd0 100644 --- a/Kukai Mobile/AppDelegate.swift +++ b/Kukai Mobile/AppDelegate.swift @@ -32,6 +32,7 @@ class AppDelegate: UIResponder, UIApplicationDelegate { // If not running on simulator, Setup Sentry, but with Anonymous events SentrySDK.start { options in options.dsn = "https://6078bc46bd5c46e1aa6a416c8043f9f4@o1056238.ingest.sentry.io/4505443257024512" + options.enableWatchdogTerminationTracking = false options.beforeSend = { (event) -> Event? in // Scrub any identifiable data to keep users anonymous