Update IOS release to use codemagic cli

now-u · Oct 19, 2024 · 164b0a0 · 164b0a0
1 parent f3293bb
commit 164b0a0
Showing 1 changed file with 23 additions and 42 deletions.
diff --git a/.github/workflows/ios-release.yml b/.github/workflows/ios-release.yml
@@ -27,67 +27,48 @@ jobs:
   release-ios:
     runs-on: macos-latest
     timeout-minutes: 30
+    env:
+      APP_STORE_CONNECT_ISSUER_ID: "74f730c9-0d7e-4eff-b480-54f75e8945c8"
+      APP_STORE_CONNECT_KEY_IDENTIFIER: "W4B4G6CUU4"
+      APP_STORE_CONNECT_PRIVATE_KEY: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}
+      CERTIFICATE_PRIVATE_KEY: ${{ secrets.APPLE_CERTIFICATE_PRIVATE_KEY }}
     steps:
       # Checks-out our repository under $GITHUB_WORKSPACE, so our job can access it
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: 🐍 Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: 🪄 Install codemagic-cli-tools
+        run: pip3 install codemagic-cli-tools
+
       # Install the Apple certificate and provisioning profile
       - name: 🔑 Install the Apple certificate and provisioning profile
-        env:
-          # NOTE: Once a year this certificate will expire.
-          # This secret stores the base64 encoded p12. This can be generated with the following:
-          #
-          # Follow this guide to convert the downloaded certifacte to p12
-          # https://gist.github.com/jcward/d08b33fc3e6c5f90c18437956e5ccc35
-          # Rough overview
-          # Generate certifacte (.cer) or use the same file as before
-          # Upload cert here and download output: https://developer.apple.com/account/resources/profiles/list
-          # Do some stuff to generate p12 cert (ios_distribution.p12)
-          # NOTE: When running `openssl pkcs12 -export` use the -legacy flag
-          # NOTE: Download apple cert from  https://developer.apple.com/certificationauthority/AppleWWDRCA.cer
-          #
-          # After generating use `cat ios_distribution.p12 | base64 | xclip
-          # -selection c` to copy the output and update the secret. If passowrd
-          # is chnage update P12_PASSWORD as well
-          BUILD_CERTIFICATE_BASE64: ${{ secrets.APPSTORE_CERT_BASE64 }}
-          P12_PASSWORD: ${{ secrets.APPSTORE_CERT_PASSWORD }}
-          # To generate download provisioning pofile from apple and run
-          # cat nowu.mobileprovision | base64 | xclip -selection c
-          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.MOBILEPROVISION_BASE64 }}
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
         run: |
-          # create variables
-          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
-          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
-          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-          # import certificate and provisioning profile from secrets
-          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
-          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH
-          # create temporary keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          # import certificate to keychain
-          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-          security list-keychain -d user -s $KEYCHAIN_PATH
-          # apply provisioning profile
-          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
-          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+          app-store-connect fetch-signing-files $(xcode-project detect-bundle-id) --platform IOS --type IOS_APP_STORE --create
+          xcode-project use-profiles --export-options-plist=$RUNNER_TEMP/export_options.plist --archive-method=app-store
+          keychain initialize -p $RUNNER_TEMP/build.keychain
+          keychain add-certificates -p $RUNNER_TEMP/build.keychain
+
+          curl -o $RUNNER_TEMP/AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
+          security import $RUNNER_TEMP/AppleWWDRCAG3.cer -k $RUNNER_TEMP/build.keychain -T /usr/bin/codesign
 
       - name: 🧰  Setup app
         uses: ./.github/actions/setup-app
 
       # Build and sign the ipa using a single flutter command
       - name: 🛠️ Building IPA
-        run: flutter build ipa --release --export-options-plist=ios/Runner/ExportOptions.plist --build-name=${{ inputs.build-name }} --build-number=${{ inputs.build-number }}
+        run: flutter build ipa --release --export-options-plist=$RUNNER_TEMP/export_options.plist --build-name=${{ inputs.build-name }} --build-number=${{ inputs.build-number }}
 
       # Important! Cleanup: remove the certificate and provisioning profile from the runner!
       - name: 🧹 Clean up keychain and provisioning profile
         if: ${{ always() }}
         run: |
-          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
-          rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
+          keychain delete -p $RUNNER_TEMP/build.keychain
+          security default-keychain -s login.keychain
 
       - name: ⏫ Publishing app to TestFlight
         env: