m3_lightmeter/.github/workflows/build_ipa.yml

145 lines
5 KiB
YAML

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: Build iOS
run-name: Build iOS v${{ inputs.version }}
on:
workflow_call:
inputs:
version:
description: "Version"
required: true
type: string
include-iap:
type: boolean
description: Include IAP package
default: true
stage-backend:
type: boolean
description: Use stage backend
default: true
workflow_dispatch:
inputs:
version:
description: "Version"
required: true
type: string
include-iap:
type: boolean
description: Include IAP package
default: true
stage-backend:
type: boolean
description: Use stage backend
default: true
env:
FLAVOR: "prod"
RELEASE_NOTES_ARTIFACT_NAME: release_notes_en_${{ inputs.version }}
RELEASE_NOTES_PATH: "assets/release_notes"
jobs:
build:
name: Build .ipa
runs-on: macos-13
timeout-minutes: 60
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Connect private iap package
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.M3_LIGHTMETER_IAP_KEY }}
- name: Install the Apple certificate and provisioning profile
env:
APP_STORE_P12: ${{ secrets.APP_STORE_P12 }}
APP_STORE_P12_PASSWORD: ${{ secrets.APP_STORE_P12_PASSWORD }}
APP_STORE_PROVISION_PROD: ${{ secrets.APP_STORE_PROVISION_PROD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PROVISION_PATH=$RUNNER_TEMP/build_provision.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$APP_STORE_P12" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$APP_STORE_PROVISION_PROD" | base64 --decode -o $PROVISION_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$APP_STORE_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PROVISION_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: Restore GoogleService-Info.plist
run: bash .github/scripts/restore_from_base64.sh "${{ secrets.GOOGLE_SERVICES_JSON_IOS }}" "ios/Runner/GoogleService-Info.plist"
- name: Restore ExportOptions.plist
run: bash .github/scripts/restore_from_base64.sh "${{ secrets.APP_STORE_EXPORT_OPTIONS }}" "ios/Runner/ExportOptions.plist"
- name: Restore firebase_app_id_file.json
run: bash .github/scripts/restore_from_base64.sh "${{ secrets.FIREBASE_APP_ID_FILE }}" "ios/firebase_app_id_file.json"
- name: Restore firebase_options.dart
run: bash .github/scripts/restore_from_base64.sh "${{ secrets.FIREBASE_OPTIONS }}" "lib/firebase_options.dart"
- name: Restore constants.dart
env:
CONSTANTS: ${{inputs.stage-backend && secrets.CONSTANTS_STAGE || secrets.CONSTANTS }}
run: bash .github/scripts/restore_from_base64.sh "${{ env.CONSTANTS }}" "lib/constants.dart"
- name: Increment build number & replace version number
run: bash ./.github/scripts/increment_build_number.sh ${{ github.event.inputs.version }}
- name: Download release notes
uses: actions/download-artifact@v3
with:
name: ${{ env.RELEASE_NOTES_ARTIFACT_NAME }}
path: ${{ env.RELEASE_NOTES_PATH }}
- name: Install Flutter
uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: "3.27.1"
- name: Prepare flutter project
run: |
flutter --version
flutter pub get
flutter pub run intl_utils:generate
- name: Build .ipa
run: |
flutter build ipa \
--release \
--flavor $FLAVOR \
--target lib/main_$FLAVOR.dart \
--export-options-plist=ios/Runner/ExportOptions.plist
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: m3_lightmeter_ipa
path: build/ios/ipa/lightmeter.ipa
- name: Clean up keychain and provisioning profile
if: ${{ always() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
rm ~/Library/MobileDevice/Provisioning\ Profiles/build_provision.mobileprovision