diff --git a/.github/actions/archive/action.yml b/.github/actions/archive/action.yml index c34bd3ce..f33717ec 100644 --- a/.github/actions/archive/action.yml +++ b/.github/actions/archive/action.yml @@ -29,6 +29,9 @@ runs: xcodebuild archive \ -allowProvisioningUpdates \ -allowProvisioningDeviceRegistration \ + -skipPackagePluginValidation \ + -skipMacroValidation \ + -onlyUsePackageVersionsFromResolvedFile \ -authenticationKeyID ${{ inputs.app-store-key-id }} \ -authenticationKeyIssuerID ${{ inputs.app-store-key-issuer-id }} \ -authenticationKeyPath "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8" \ diff --git a/.github/actions/notarize/action.yml b/.github/actions/notarize/action.yml new file mode 100644 index 00000000..739e9ea3 --- /dev/null +++ b/.github/actions/notarize/action.yml @@ -0,0 +1,57 @@ +name: Notarize +inputs: + app-store-key: + description: App Store key in PEM PKCS#8 format + required: true + app-store-key-id: + description: App Store key ID + required: true + app-store-key-issuer-id: + description: App Store key issuer ID + required: true + archive-path: + description: Xcode archive path + required: true +outputs: + notarized-app: + description: The compressed and notarized app + value: ${{ steps.notarize.outputs.notarized-app }} +runs: + using: composite + steps: + - id: notarize + shell: bash + run: | + echo "${{ inputs.app-store-key }}" > AuthKey_${{ inputs.app-store-key-id }}.p8 + + echo '{"destination":"upload","method":"developer-id"}' \ + | plutil -convert xml1 -o ExportOptions.plist - + + xcodebuild \ + -exportArchive \ + -allowProvisioningUpdates \ + -allowProvisioningDeviceRegistration \ + -authenticationKeyID ${{ inputs.app-store-key-id }} \ + -authenticationKeyIssuerID ${{ inputs.app-store-key-issuer-id }} \ + -authenticationKeyPath "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8" \ + -archivePath '${{ inputs.archive-path }}' \ + -exportOptionsPlist ExportOptions.plist + + until xcodebuild \ + -exportNotarizedApp \ + -allowProvisioningUpdates \ + -allowProvisioningDeviceRegistration \ + -authenticationKeyID ${{ inputs.app-store-key-id }} \ + -authenticationKeyIssuerID ${{ inputs.app-store-key-issuer-id }} \ + -authenticationKeyPath "${PWD}/AuthKey_${{ inputs.app-store-key-id }}.p8" \ + -archivePath '${{ inputs.archive-path }}' \ + -exportPath Release + do + echo "Failed to export app, trying again in 10s..." + sleep 10 + done + + tar --options xz:compression-level=9 -C Release -cJvf Wallet.txz ./ + echo "notarized-app=Wallet.txz" >> $GITHUB_OUTPUT + + rm -rf AuthKey_${{ inputs.app-store-key-id }}.p8 Release ExportOptions.plist diff --git a/.github/workflows/build-apple.yml b/.github/workflows/build-apple.yml index da0f56a6..1c00042d 100644 --- a/.github/workflows/build-apple.yml +++ b/.github/workflows/build-apple.yml @@ -12,7 +12,7 @@ concurrency: jobs: build: name: Build App (${{ matrix.platform }}) - runs-on: macos-13 + runs-on: macos-14 strategy: fail-fast: false matrix: @@ -53,7 +53,6 @@ jobs: - name: Install Rust uses: dtolnay/rust-toolchain@stable with: - toolchain: stable targets: ${{ join(matrix.rust-targets, ', ') }} - name: Build id: build diff --git a/.github/workflows/release-apple.yml b/.github/workflows/release-apple.yml index 3ea185de..5c2b1ce2 100644 --- a/.github/workflows/release-apple.yml +++ b/.github/workflows/release-apple.yml @@ -1,26 +1,25 @@ name: Build Apple Release on: - release: - types: - - created + push: + branches: + - main jobs: build: name: Build ${{ matrix.configuration['platform'] }} Release - runs-on: macos-13 + runs-on: macos-14 strategy: fail-fast: false matrix: configuration: - - scheme: App (iOS) - destination: generic/platform=iOS + - destination: generic/platform=iOS platform: iOS - method: ad-hoc - artifact-file: Apple/Release/Burrow.ipa - - scheme: App (macOS) - destination: generic/platform=macOS + rust-targets: + - aarch64-apple-ios + - destination: generic/platform=macOS platform: macOS - method: mac-application - artifact-file: Burrow.app.txz + rust-targets: + - x86_64-apple-darwin + - aarch64-apple-darwin env: DEVELOPER_DIR: /Applications/Xcode_15.2.app/Contents/Developer steps: @@ -34,32 +33,36 @@ jobs: with: certificate: ${{ secrets.DEVELOPER_CERT }} password: ${{ secrets.DEVELOPER_CERT_PASSWORD }} + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + with: + targets: ${{ join(matrix.rust-targets, ', ') }} - name: Archive uses: ./.github/actions/archive with: - scheme: ${{ matrix.configuration['scheme'] }} + scheme: App destination: ${{ matrix.configuration['destination'] }} app-store-key: ${{ secrets.APPSTORE_KEY }} app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }} app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }} archive-path: Burrow.xcarchive - - name: Export Locally + - name: Upload uses: ./.github/actions/export with: - method: ${{ matrix.configuration['method'] }} - destination: export + method: app-store-connect + destination: upload app-store-key: ${{ secrets.APPSTORE_KEY }} app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }} app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }} archive-path: Burrow.xcarchive export-path: Release - - name: Compress + - name: Notarize if: ${{ matrix.configuration['platform'] == 'macOS' }} - shell: bash - run: tar --options xz:compression-level=9 -C Apple/Release -cJf Burrow.app.txz ./ - - name: Attach Artifact - uses: SierraSoftworks/gh-releases@v1.0.6 + uses: ./.github/actions/notarize with: - token: ${{ secrets.GITHUB_TOKEN }} - overwrite: 'false' - files: ${{ matrix.configuration['artifact-file'] }} + app-store-key: ${{ secrets.APPSTORE_KEY }} + app-store-key-id: ${{ secrets.APPSTORE_KEY_ID }} + app-store-key-issuer-id: ${{ secrets.APPSTORE_KEY_ISSUER_ID }} + archive-path: Burrow.xcarchive + product-name: Burrow.app +