-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use fastlane match for code signing DMG builds (#3246)
Task/Issue URL: https://app.asana.com/0/1203301625297703/1208273969808386/f Description: This change adds support for using fastlane match to manage code signing with Developer ID Application certificate. New lanes are added for syncing code signing for local and CI use. Build settings are updated to use provisioning profiles generated by fastlane. archive.sh script and all CI workflows are updated to use fastlane for signing DMG builds and other CI binaries that use Developer ID Application certificate (e.g. unit tests).
- Loading branch information
Showing
32 changed files
with
325 additions
and
828 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -76,11 +76,10 @@ jobs: | |
*) echo "👎 Not a release or hotfix branch"; exit 1 ;; | ||
esac | ||
- name: Register SSH keys for submodules access | ||
- name: Register SSH key for certificates repository access | ||
uses: webfactory/[email protected] | ||
with: | ||
ssh-private-key: | | ||
${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | ||
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | ||
|
||
- name: Check out the code | ||
uses: actions/checkout@v4 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -41,58 +41,6 @@ on: | |
required: false | ||
type: string | ||
secrets: | ||
BUILD_CERTIFICATE_BASE64: | ||
required: true | ||
P12_PASSWORD: | ||
required: true | ||
KEYCHAIN_PASSWORD: | ||
required: true | ||
APPSTORE_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
DBP_AGENT_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: | ||
required: true | ||
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: | ||
required: true | ||
INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: | ||
required: true | ||
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: | ||
required: true | ||
NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: | ||
required: true | ||
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: | ||
required: true | ||
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: | ||
required: true | ||
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: | ||
required: true | ||
RELEASE_PROVISION_PROFILE_BASE64: | ||
required: true | ||
REVIEW_PROVISION_PROFILE_BASE64: | ||
required: true | ||
UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
UNIT_TESTS_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
VPN_APP_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64: | ||
required: true | ||
APPLE_API_KEY_BASE64: | ||
required: true | ||
APPLE_API_KEY_ID: | ||
|
@@ -101,10 +49,6 @@ on: | |
required: true | ||
ASANA_ACCESS_TOKEN: | ||
required: true | ||
MM_HANDLES_BASE64: | ||
required: true | ||
MM_WEBHOOK_URL: | ||
required: true | ||
AWS_ACCESS_KEY_ID: | ||
required: true | ||
AWS_ACCESS_KEY_ID_RELEASE_S3: | ||
|
@@ -113,6 +57,14 @@ on: | |
required: true | ||
AWS_SECRET_ACCESS_KEY_RELEASE_S3: | ||
required: true | ||
MATCH_PASSWORD: | ||
required: true | ||
MM_HANDLES_BASE64: | ||
required: true | ||
MM_WEBHOOK_URL: | ||
required: true | ||
SSH_PRIVATE_KEY_FASTLANE_MATCH: | ||
required: true | ||
|
||
jobs: | ||
export-notarized-app: | ||
|
@@ -132,6 +84,10 @@ jobs: | |
branch: ${{ inputs.branch || github.ref_name }} | ||
|
||
steps: | ||
- name: Register SSH key for certificates repository access | ||
uses: webfactory/[email protected] | ||
with: | ||
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | ||
|
||
- name: Check out the code | ||
uses: actions/checkout@v4 | ||
|
@@ -142,6 +98,20 @@ jobs: | |
- name: Set up fastlane | ||
run: bundle install | ||
|
||
- name: Sync code signing assets | ||
env: | ||
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }} | ||
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }} | ||
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }} | ||
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} | ||
SSH_PRIVATE_KEY_FASTLANE_MATCH: ${{ secrets.SSH_PRIVATE_KEY_FASTLANE_MATCH }} | ||
run: | | ||
if [[ "${{ env.release-type }}" == "release" ]]; then | ||
bundle exec fastlane sync_signing_dmg_release | ||
else | ||
bundle exec fastlane sync_signing_dmg_review | ||
fi | ||
- name: Check if this is an official release build | ||
id: is-official-release | ||
env: | ||
|
@@ -155,36 +125,6 @@ jobs: | |
echo "upload-to=asana" >> $GITHUB_ENV | ||
fi | ||
- name: Install Apple Developer ID Application certificate | ||
uses: ./.github/actions/install-certs-and-profiles | ||
with: | ||
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | ||
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | ||
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | ||
APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | ||
CI_PROVISION_PROFILE_BASE64: ${{ secrets.CI_PROVISION_PROFILE_BASE64 }} | ||
DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | ||
DBP_AGENT_CI_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_CI_PROVISION_PROFILE_BASE64 }} | ||
DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | ||
DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.DBP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | ||
INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.INTEGRATION_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | ||
INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.INTEGRATION_TESTS_CI_PROVISION_PROFILE_BASE64 }} | ||
NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_RELEASE_PROVISION_PROFILE_BASE64 }} | ||
NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_AGENT_REVIEW_PROVISION_PROFILE_BASE64 }} | ||
NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_CI_PROVISION_PROFILE_BASE64 }} | ||
NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_RELEASE_PROVISION_PROFILE_BASE64 }} | ||
NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_NOTIFICATIONS_REVIEW_PROVISION_PROFILE_BASE64 }} | ||
NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_RELEASE_PROVISION_PROFILE_BASE64 }} | ||
NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.NETP_SYSEX_REVIEW_PROVISION_PROFILE_BASE64 }} | ||
RELEASE_PROVISION_PROFILE_BASE64: ${{ secrets.RELEASE_PROVISION_PROFILE_BASE64 }} | ||
REVIEW_PROVISION_PROFILE_BASE64: ${{ secrets.REVIEW_PROVISION_PROFILE_BASE64 }} | ||
UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.UNIT_TESTS_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | ||
UNIT_TESTS_CI_PROVISION_PROFILE_BASE64: ${{ secrets.UNIT_TESTS_CI_PROVISION_PROFILE_BASE64 }} | ||
VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APPEX_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | ||
VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APP_APPSTORE_CI_PROVISION_PROFILE_BASE64 }} | ||
VPN_APP_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_APP_CI_PROVISION_PROFILE_BASE64 }} | ||
VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64: ${{ secrets.VPN_PROXY_EXTENSION_CI_PROVISION_PROFILE_BASE64 }} | ||
|
||
- name: Select Xcode | ||
run: sudo xcode-select -s /Applications/Xcode_$(<.xcode-version).app/Contents/Developer | ||
|
||
|
Oops, something went wrong.