Skip to content
IOS release

IOS release #22

Sign in to view logs

IOS release

IOS release #22

Workflow file for this run

.github/workflows/ios-release.yml at b1ad5ec
name: IOS release
on:
workflow_dispatch:
inputs:
build-name:
required: true
type: string
build-number:
required: true
type: string
workflow_call:
inputs:
build-name:
required: true
type: string
build-number:
required: true
type: string
concurrency:
group: ${{ github.workflow }}-ios-release-${{ github.head_ref }}
cancel-in-progress: true
# TODO https://damienaicheh.github.io/flutter/github/actions/2021/04/22/build-sign-flutter-ios-github-actions-en.html
jobs:
release-ios:
runs-on: macos-latest
timeout-minutes: 30
steps:
# Checks-out our repository under $GITHUB_WORKSPACE, so our job can access it
- name: Checkout repository
uses: actions/checkout@v4
# Install the Apple certificate and provisioning profile
- name: 🔑 Install the Apple certificate and provisioning profile
env:
# NOTE: Once a year this certificate will expire.
# This secret stores the base64 encoded p12. This can be generated with the following:
#
# Follow this guide to convert the downloaded certifacte to p12
# https://gist.github.com/jcward/d08b33fc3e6c5f90c18437956e5ccc35
# Rough overview
# Generate certifacte (.cer) or use the same file as before
# Upload cert here and download output: https://developer.apple.com/account/resources/profiles/list
# Do some stuff to generate p12 cert (ios_distribution.p12)
# NOTE: When running `openssl pkcs12 -export` use the -legacy flag
# NOTE: Download apple cert from https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
#
# After generating use `cat ios_distribution.p12 | base64 | xclip
# -selection c` to copy the output and update the secret. If passowrd
# is chnage update P12_PASSWORD as well
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPSTORE_CERT_BASE64 }}
P12_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
# To generate download provisioning pofile from apple and run
# cat nowu.mobileprovision | base64 | xclip -selection c
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.MOBILEPROVISION_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: 🧰 Setup app
uses: ./.github/actions/setup-app
# Build and sign the ipa using a single flutter command
- name: 🛠️ Building IPA
run: flutter build ipa --release --export-options-plist=ios/Runner/ExportOptions.plist --build-name=${{ inputs.build-name }} --build-number=${{ inputs.build-number }}
# Important! Cleanup: remove the certificate and provisioning profile from the runner!
- name: 🧹 Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
- name: ⏫ Publishing app to TestFlight
env:
APPLEID_USERNAME: ${{ secrets.APPLEID_USERNAME }}
APPLEID_PASSWORD: ${{ secrets.APPLEID_PASSWORD }}
IPA_PATH: build/ios/ipa/now-u.ipa
run: ./.github/scripts/publish_testflight.sh