From f22916f1d0f5326497625756f1c86820066d4fce Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Mon, 27 Sep 2021 19:33:22 +0200 Subject: [PATCH] Deploy beta via GitHub Actions - Disassemble deploy scripts inside workflow - Update gitignore to avoid dirty status - No readonly - Create additional certs for macOS --- .env | 2 +- .env.beta.mac | 1 + .env.template.secret-codesign | 2 - .env.template.secret-deploy | 10 ---- .github/workflows/beta.yml | 71 +++++++++++++++++++++++++++++ .gitignore | 2 + Gemfile.lock | 8 ++-- Submodules/fastlane-ci-templates | 2 +- scripts/build-appcenter.sh | 7 --- scripts/build-appstore.sh | 7 --- scripts/recognize-match-hostname.sh | 6 +++ scripts/submit-appcenter.sh | 9 ---- scripts/submit-appstore.sh | 9 ---- 13 files changed, 86 insertions(+), 50 deletions(-) delete mode 100644 .env.template.secret-codesign delete mode 100644 .env.template.secret-deploy create mode 100644 .github/workflows/beta.yml delete mode 100755 scripts/build-appcenter.sh delete mode 100755 scripts/build-appstore.sh create mode 100755 scripts/recognize-match-hostname.sh delete mode 100755 scripts/submit-appcenter.sh delete mode 100755 scripts/submit-appstore.sh diff --git a/.env b/.env index f3c22cda..50cfa4f7 100644 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ PROJECT="Passepartout" APP_NAME="Passepartout" -MATCH_READONLY="true" +#MATCH_READONLY="true" BUILD_PATH="build" DIST_PATH="dist" diff --git a/.env.beta.mac b/.env.beta.mac index ecb58ff2..251ae042 100644 --- a/.env.beta.mac +++ b/.env.beta.mac @@ -1,3 +1,4 @@ MATCH_TYPE="appstore" +MATCH_ADDITIONAL_CERT_TYPES="mac_installer_distribution" GYM_EXPORT_METHOD="app-store" GYM_SKIP_PACKAGE_PKG="false" diff --git a/.env.template.secret-codesign b/.env.template.secret-codesign deleted file mode 100644 index c8924c7d..00000000 --- a/.env.template.secret-codesign +++ /dev/null @@ -1,2 +0,0 @@ -MATCH_GIT_URL= -MATCH_PASSWORD= diff --git a/.env.template.secret-deploy b/.env.template.secret-deploy deleted file mode 100644 index 7544df2e..00000000 --- a/.env.template.secret-deploy +++ /dev/null @@ -1,10 +0,0 @@ -APPLE_ID= -FASTLANE_USERNAME= -FASTLANE_PASSWORD= -APPCENTER_OWNER_NAME= -APPCENTER_API_TOKEN= -APPCENTER_DISTRIBUTE_DESTINATIONS= -PILOT_GROUPS= -PILOT_USERNAME= -DELIVER_USERNAME= -PROJECT_ROOT= diff --git a/.github/workflows/beta.yml b/.github/workflows/beta.yml new file mode 100644 index 00000000..ddb1b768 --- /dev/null +++ b/.github/workflows/beta.yml @@ -0,0 +1,71 @@ +name: Beta deployment + +on: + push: + #branches: + # - master + tags: + - 'v*-b*' + #tags-ignore: + # - 'v*-*' + +env: + APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY_ID }} + APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }} + APP_STORE_CONNECT_API_KEY_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY }} + FASTLANE_USERNAME: ${{ secrets.FASTLANE_USERNAME }} + FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }} + MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + MATCH_GIT_URL: ${{ secrets.MATCH_GIT_URL }} + MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} + MATCH_KEYCHAIN_NAME: ${{ secrets.MATCH_KEYCHAIN_NAME }} + MATCH_KEYCHAIN_PASSWORD: ${{ secrets.MATCH_KEYCHAIN_PASSWORD }} + DELIVER_USERNAME: ${{ secrets.DELIVER_USERNAME }} + PILOT_USERNAME: ${{ secrets.PILOT_USERNAME }} + PILOT_GROUPS: ${{ secrets.PILOT_GROUPS }} + APPCENTER_OWNER_NAME: ${{ secrets.APPCENTER_OWNER_NAME }} + APPCENTER_API_TOKEN: ${{ secrets.APPCENTER_API_TOKEN }} + +jobs: + submit_appstore: + runs-on: macos-10.15 + timeout-minutes: 60 + steps: + - name: Check out repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 # for proper build number + submodules: true + - name: Prepare Ruby bundle + uses: ruby/setup-ruby@v1 + with: + ruby-version: 2.7 + bundler-cache: true + - name: Select Xcode version + uses: maxim-lobanov/setup-xcode@v1 + with: + xcode-version: latest-stable + - name: Cache CocoaPods + uses: actions/cache@v1 + with: + path: Pods + key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }} + restore-keys: | + ${{ runner.os }}-pods- + - name: Prepare for fastlane match + run: | + scripts/recognize-match-hostname.sh + bundle exec fastlane run create_keychain name:"$MATCH_KEYCHAIN_NAME" password:"$MATCH_KEYCHAIN_PASSWORD" + ci/update-certs.sh mac development + ci/update-certs.sh ios development + - name: Build (macOS) + run: ci/beta-archive.sh mac + - name: Clean up + run: scripts/reset-archive.sh + - name: Build (iOS) + run: ci/beta-archive.sh ios + - name: Send to App Store (macOS) + run: ci/store-deploy.sh mac + - name: Submit to TestFlight (iOS) + run: ci/beta-deploy.sh ios diff --git a/.gitignore b/.gitignore index e077aa15..f2d3b435 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,5 @@ l10n passepartout-translations.zip default.profraw asc-key.json +.bundle +vendor/ diff --git a/Gemfile.lock b/Gemfile.lock index 6416bdf1..2433bcdd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -17,7 +17,7 @@ GEM artifactory (3.0.15) atomos (0.1.3) aws-eventstream (1.2.0) - aws-partitions (1.506.0) + aws-partitions (1.508.0) aws-sdk-core (3.121.1) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) @@ -82,7 +82,7 @@ GEM domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) dotenv (2.7.6) - emoji_regex (3.2.2) + emoji_regex (3.2.3) escape (0.0.4) ethon (0.14.0) ffi (>= 1.15.0) @@ -187,13 +187,13 @@ GEM google-cloud-core (~> 1.6) googleauth (>= 0.16.2, < 2.a) mini_mime (~> 1.0) - googleauth (0.17.1) + googleauth (1.0.0) faraday (>= 0.17.3, < 2.0) jwt (>= 1.4, < 3.0) memoist (~> 0.16) multi_json (~> 1.11) os (>= 0.9, < 2.0) - signet (~> 0.15) + signet (>= 0.16, < 2.a) highline (2.0.3) http-cookie (1.0.4) domain_name (~> 0.5) diff --git a/Submodules/fastlane-ci-templates b/Submodules/fastlane-ci-templates index 836f52ea..bd02f983 160000 --- a/Submodules/fastlane-ci-templates +++ b/Submodules/fastlane-ci-templates @@ -1 +1 @@ -Subproject commit 836f52ea36a399e4727da08374b07032e6121521 +Subproject commit bd02f983863fbb7964766cb632762a2412082e3c diff --git a/scripts/build-appcenter.sh b/scripts/build-appcenter.sh deleted file mode 100755 index 0a9037b5..00000000 --- a/scripts/build-appcenter.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -rm -rf build dist -scripts/commit-beta.sh -ci/dev-archive.sh mac || { echo "Failed to build macOS" ; exit 1 ; } -scripts/reset-archive.sh -ci/dev-archive.sh ios || { echo "Failed to build iOS" ; exit 1 ; } -#scripts/reset-archive.sh diff --git a/scripts/build-appstore.sh b/scripts/build-appstore.sh deleted file mode 100755 index 314cf790..00000000 --- a/scripts/build-appstore.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -rm -rf build dist -scripts/commit-beta.sh -ci/beta-archive.sh mac || { echo "Failed to build macOS" ; exit 1 ; } -scripts/reset-archive.sh -ci/beta-archive.sh ios || { echo "Failed to build iOS" ; exit 1 ; } -#scripts/reset-archive.sh diff --git a/scripts/recognize-match-hostname.sh b/scripts/recognize-match-hostname.sh new file mode 100755 index 00000000..7ba767f7 --- /dev/null +++ b/scripts/recognize-match-hostname.sh @@ -0,0 +1,6 @@ +#!/bin/sh +HOSTNAME=`echo $MATCH_GIT_URL | sed -E "s/^.*@(.*):.*$/\1/"` +grep -q $HOSTNAME ~/.ssh/known_hosts +if [[ $? != 0 ]]; then + ssh-keyscan $HOSTNAME 2>/dev/null >>~/.ssh/known_hosts +fi diff --git a/scripts/submit-appcenter.sh b/scripts/submit-appcenter.sh deleted file mode 100755 index 23e738bb..00000000 --- a/scripts/submit-appcenter.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -ci/dev-deploy.sh mac || { echo "Failed to deploy macOS" ; exit 1 ; } -ci/dev-deploy.sh ios || { echo "Failed to deploy iOS" ; exit 1 ; } - -VERSION=`agvtool mvers -terse1` -BUILD=`agvtool vers -terse` -git tag "v$VERSION-a$BUILD" - -scripts/reset-archive.sh diff --git a/scripts/submit-appstore.sh b/scripts/submit-appstore.sh deleted file mode 100755 index 0e986461..00000000 --- a/scripts/submit-appstore.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -ci/store-deploy.sh mac || { echo "Failed to deploy macOS" ; exit 1 ; } -ci/beta-deploy.sh ios || { echo "Failed to deploy iOS" ; exit 1 ; } - -VERSION=`agvtool mvers -terse1` -BUILD=`agvtool vers -terse` -git tag "v$VERSION-b$BUILD" - -scripts/reset-archive.sh