From dab1cf3d502ee6e6b7e82b7e17c0c9b24f0896b4 Mon Sep 17 00:00:00 2001 From: Max Goedjen Date: Sat, 14 Mar 2020 18:32:02 -0700 Subject: [PATCH] CI first pass (#36) --- .github/release.yml | 67 ++++++++++++++++++++++++++++++++++++++ .github/scripts/signing.sh | 19 +++++++++++ 2 files changed, 86 insertions(+) create mode 100644 .github/release.yml create mode 100644 .github/scripts/signing.sh diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..7932611 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,67 @@ +name: Release + +on: + push: + branches: + - 'master' + tags: + - '*' +jobs: + build: + runs-on: macOS-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@v1 + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: ${{ github.ref }} + body: '' + draft: true + prerelease: false + - name: Set up signing + env: + SIGNING_DATA: ${{ secrets.SIGNING_DATA }} + SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }} + HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }} + AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }} + run: ./scripts/signing.sh + - name: Build + run: xcrun xcodebuild -project Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive + - name: Create ZIPs + run: | + ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive/Products/Applications/Secretive.app ./Secretive.zip + ditto -c -k --sequesterRsrc --keepParent Archive.xcarchive ./Archive.zip + - name: Notarize + env: + APPLE_USERNAME: ${{ secrets.APPLE_USERNAME }} + APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} + run: xcrun altool --notarize-app --primary-bundle-id "com.maxgoedjen.secretive.host" --username "$APPLE_USERNAME" --password "$APPLE_PASSWORD" --file Secretive.zip + - name: Document SHAs + run: | + shasum -a 512 Secretive.zip + shasum -a 512 Archive.zip + - name: Upload App + id: upload-release-asset + uses: actions/upload-release-asset@v1.0.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./Secretive.zip + asset_name: Secretive.zip + asset_content_type: application/zip + - name: Upload Archive + id: upload-release-asset + uses: actions/upload-release-asset@v1.0.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ./Archive.zip + asset_name: Archive.zip + asset_content_type: application/zip \ No newline at end of file diff --git a/.github/scripts/signing.sh b/.github/scripts/signing.sh new file mode 100644 index 0000000..46129a0 --- /dev/null +++ b/.github/scripts/signing.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Import certificate and private key +echo $SIGNING_DATA | base64 -d -o Signing.p12 +security create-keychain -p ci ci.keychain +security default-keychain -s ci.keychain +security list-keychains -s ci.keychain +security import ./Signing.p12 -k ci.keychain -P $SIGNING_PASSWORD -A +security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ci ci.keychain + +# Import Profiles +mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + +echo $HOST_PROFILE_DATA | base64 -d -o Host.mobileprovision +HOST_UUID=`grep UUID -A1 -a Profile.mobileprovision | grep -io "[-A-F0-9]\{36\}"` +cp Host.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$HOST_UUID.mobileprovision +echo $AGENT_PROFILE_DATA | base64 -d -o Agent.mobileprovision +AGENT_UUID=`grep UUID -A1 -a Agent.mobileprovision | grep -io "[-A-F0-9]\{36\}"` +cp Agent.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$AGENT_UUID.mobileprovision \ No newline at end of file