-
Notifications
You must be signed in to change notification settings - Fork 41
122 lines (115 loc) · 4.58 KB
/
Archive-SG.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Archive-SG
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
jobs:
build:
name: Export iPa
runs-on: self-hosted
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.FLINT_BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.FLINT_P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.FLINT_BUILD_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: FillSLSSec
env:
SLS_AK: ${{ secrets.SLS_AK_SG }}
SLS_SK: ${{ secrets.SLS_SK_SG }}
run: |
sh FillSecret.sh SLS_AK $SLS_AK ./Flat/EnvConfigs/Flint_Release.xcconfig
sh FillSecret.sh SLS_SK $SLS_SK ./Flat/EnvConfigs/Flint_Release.xcconfig
- name: PodInstall
run: |
pod repo update
pod install
- name: BuildNumber
uses: yanamura/ios-bump-version@v1
with:
version: ''
build-number: ${{github.run_number}}
- name: GenerateGooglePlist
env:
S: ${{ secrets.FLINT_GOOGLE_SERVICE_BASE64 }}
run: |
echo $S | base64 -d > Flat/GoogleService-Info.plist
- name: Create action log
env:
RUN_ID: ${{github.run_id}}
RUN_NUMBER: ${{github.run_number}}
run: |
touch "archive_$RUN_NUMBER.log"
echo "url: https://github.com/netless-io/flat-ios/actions/runs/$RUN_ID" >> archive_$RUN_NUMBER.log
- name: Test
env:
RUN_NUMBER: ${{github.run_number}}
run: |
sh test.sh Flint_Release_Test test_flat_sg_$RUN_NUMBER.log
- name: Archive
run: |
sh archive.sh Flint-PROD Flint_Release export_release_sg.plist
- name: Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
continue-on-error: true
- name: Upload to appstore
env:
APPSTOREACCOUNT: ${{ secrets.APPSTOREACCOUNT }}
APPSTOREPASSWORD: ${{ secrets.APPSTOREPASSWORD }}
RUN_NUMBER: ${{github.run_number}}
run: |
# upload to appstore using altool
sh upload.sh "$APPSTOREACCOUNT" "$APPSTOREPASSWORD"
IPA=$(find . -name '*.ipa')
SHA=$(shasum -a 256 $IPA)
echo "sha: $SHA" >> archive_$RUN_NUMBER.log
- name: BlackDuck
env:
BLACK_DUCK_TOKEN: ${{ secrets.BLACK_DUCK_TOKEN }}
BD_HOST: ${{ secrets.BD_HOST }}
RUN_NUMBER: ${{github.run_number}}
BD_COMMAND: ${{secrets.BLACK_DUCK_COMMAND}}
run: |
sh blackduck.sh "$BLACK_DUCK_TOKEN" "$BD_COMMAND"
echo "blackduck: $BD_HOST/api/projects/888fe533-a493-45d1-adfd-9e4765793731/versions/ae27340f-0807-4fb0-93a4-5ee322ece657/components" >> archive_$RUN_NUMBER.log
- name: Upload Test Result
uses: actions/upload-artifact@v2
with:
name: test
path: test_flat_sg_${{github.run_number}}.log
- name: Upload artifacts
uses: actions/upload-artifact@v2
with:
name: output
path: iPa/
- name: Upload Report
uses: actions/upload-artifact@v2
with:
name: report
path: archive_${{github.run_number}}.log