d99dae0ca9
Some checks are pending
Build & Deploy iOS to TestFlight / build-and-deploy (push) Waiting to run
139 lines
5.6 KiB
YAML
139 lines
5.6 KiB
YAML
name: Build & Deploy iOS to TestFlight
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: macos-latest
|
|
|
|
steps:
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Flutter
|
|
uses: subosito/flutter-action@v2
|
|
with:
|
|
channel: "stable"
|
|
cache: true
|
|
|
|
- name: Install Dependencies
|
|
run: flutter pub get
|
|
|
|
# ── Code Signing Setup ──────────────────────────────────────────────────
|
|
|
|
- name: Install Apple Certificate
|
|
env:
|
|
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
|
|
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
|
|
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
|
|
run: |
|
|
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
|
|
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
|
|
|
|
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
|
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
|
|
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
|
|
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A \
|
|
-t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
security set-key-partition-list -S apple-tool:,apple: \
|
|
-s -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
|
|
security list-keychain -d user -s $KEYCHAIN_PATH
|
|
|
|
- name: Install Provisioning Profile
|
|
env:
|
|
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
|
|
run: |
|
|
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
|
|
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
|
|
|
|
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
|
|
|
|
# Xcode requires the filename to be the profile's UUID
|
|
UUID=$(security cms -D -i $PP_PATH | plutil -extract UUID raw -)
|
|
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles/$UUID.mobileprovision
|
|
echo "Installed provisioning profile UUID: $UUID"
|
|
|
|
# ── CocoaPods ───────────────────────────────────────────────────────────
|
|
|
|
- name: Install CocoaPods Dependencies
|
|
run: |
|
|
cd ios
|
|
rm -f Podfile.lock
|
|
pod install --repo-update
|
|
|
|
# ── Build ───────────────────────────────────────────────────────────────
|
|
|
|
- name: Build iOS Archive
|
|
env:
|
|
TEAM_ID: ${{ secrets.TEAM_ID }}
|
|
run: |
|
|
# Disable Swift Package Manager — use CocoaPods only (required for plugins not yet SPM-compatible)
|
|
flutter config --no-enable-swift-package-manager
|
|
|
|
# Build Flutter (no codesign — signing happens in xcodebuild archive)
|
|
flutter build ios --release --no-codesign
|
|
|
|
# Archive with manual signing scoped only to Runner target
|
|
xcodebuild archive \
|
|
-workspace ios/Runner.xcworkspace \
|
|
-scheme Runner \
|
|
-configuration Release \
|
|
-archivePath $RUNNER_TEMP/Runner.xcarchive \
|
|
-destination "generic/platform=iOS" \
|
|
CODE_SIGN_STYLE="Manual" \
|
|
DEVELOPMENT_TEAM="$TEAM_ID" \
|
|
"PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]=Enaklo Owner App Store" \
|
|
CODE_SIGN_IDENTITY="iPhone Distribution" \
|
|
CODE_SIGNING_REQUIRED=YES \
|
|
CODE_SIGNING_ALLOWED=YES
|
|
|
|
- name: Export IPA
|
|
run: |
|
|
xcodebuild -exportArchive \
|
|
-archivePath $RUNNER_TEMP/Runner.xcarchive \
|
|
-exportPath $RUNNER_TEMP/export \
|
|
-exportOptionsPlist ios/ExportOptions.plist \
|
|
-allowProvisioningUpdates
|
|
|
|
# Copy IPA to build output folder
|
|
mkdir -p build/ios/ipa
|
|
cp $RUNNER_TEMP/export/*.ipa build/ios/ipa/
|
|
|
|
# ── Upload to TestFlight ────────────────────────────────────────────────
|
|
|
|
- name: Upload to TestFlight via Transporter
|
|
env:
|
|
APPLE_ID: ${{ secrets.APPLE_ID }}
|
|
APP_SPECIFIC_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }}
|
|
run: |
|
|
xcrun altool --upload-app \
|
|
--type ios \
|
|
--file "build/ios/ipa/*.ipa" \
|
|
--username "$APPLE_ID" \
|
|
--password "$APP_SPECIFIC_PASSWORD" \
|
|
--verbose
|
|
|
|
# ── Cleanup ─────────────────────────────────────────────────────────────
|
|
|
|
- name: Clean Up Keychain and Provisioning Profile
|
|
if: ${{ always() }}
|
|
run: |
|
|
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db || true
|
|
rm -rf ~/Library/MobileDevice/Provisioning\ Profiles/*.mobileprovision || true
|
|
|
|
# ── Artifact ────────────────────────────────────────────────────────────
|
|
|
|
- name: Upload IPA as Artifact
|
|
if: always()
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ios-ipa
|
|
path: build/ios/ipa/*.ipa
|
|
retention-days: 7
|