From 9c5b87647edaba5b85514378255d2c55af58cf5c Mon Sep 17 00:00:00 2001 From: Maximilian Mitchell Date: Sun, 25 Apr 2021 21:31:18 +0100 Subject: [PATCH] fix ci app signing --- .github/workflows/ci.yml | 87 +++++++++++-------- .github/workflows/utils/set-keychain-certs.sh | 13 +++ .gitignore | 7 ++ README.md | 11 ++- ios/fastlane/Fastfile | 1 + ios/fastlane/README.md | 12 +-- lib/notifications/notifis.dart | 6 +- macos/Gemfile | 3 + macos/Runner.xcodeproj/project.pbxproj | 14 +-- macos/Runner/DebugProfile.entitlements | 2 - macos/Runner/notifiDebug.entitlements | 2 - macos/fastlane/Appfile | 8 ++ macos/fastlane/Fastfile | 34 ++++++++ macos/fastlane/README.md | 29 +++++++ 14 files changed, 170 insertions(+), 59 deletions(-) create mode 100644 .github/workflows/utils/set-keychain-certs.sh create mode 100644 macos/Gemfile create mode 100644 macos/fastlane/Appfile create mode 100644 macos/fastlane/Fastfile create mode 100644 macos/fastlane/README.md diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5ca80f14..fd1beee9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -75,6 +75,16 @@ jobs: - uses: actions/setup-java@v1 with: java-version: '12.x' + - name: "Setup Code signing" + env: + DEV_P12_CERT: ${{ secrets.DEV_P12_CERT }} + DIST_P12_CERT: ${{ secrets.DIST_P12_CERT }} + DEV_P12_PASS: ${{ secrets.DEV_P12_PASS }} + DIST_P12_PASS: ${{ secrets.DIST_P12_PASS }} + IOS_PROVISION: ${{ secrets.IOS_PROVISION }} + MAC_PROVISION: ${{ secrets.MAC_PROVISION }} + run: | + bash ~/.github/workflows/utils/set-keychain-certs.sh - uses: subosito/flutter-action@v1 with: channel: 'dev' @@ -89,25 +99,40 @@ jobs: echo "${{ secrets.B64_DEV_ENV }}" | base64 --decode > .env fi flutter build macos --release --build-name=${{ needs.version.outputs.version }} - - name: "Codesign" - continue-on-error: true + + - name: "Create App" + env: + FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD: ${{ secrets.FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD }} + FASTLANE_SESSION: ${{ secrets.FASTLANE_SESSION }} + FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }} run: | - echo ${{ secrets.DEVELOPMENT_P12 }} | base64 --decode > certificate.p12 - security create-keychain -p p4ssword build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p p4ssword build.keychain - security import certificate.p12 -k build.keychain -P ${{ secrets.DEVELOPMENT_P12_PASS }} -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k p4ssword build.keychain - security find-identity - /usr/bin/codesign --deep --force --verbose --sign E4KXC49Y29 build/macos/Build/Products/Release/notifi.app - /usr/bin/codesign --verify -vvvv build/macos/Build/Products/Release/notifi.app - spctl -a -vvvv build/macos/Build/Products/Release/notifi.app + flutter config --enable-macos-desktop + flutter pub get + + if [[ "${{ github.ref }}" == "refs/heads/master" ]] + then + echo "${{ secrets.B64_ENV }}" | base64 --decode > .env + else + echo "${{ secrets.B64_DEV_ENV }}" | base64 --decode > .env + fi + + cd macos + + # write version + xcrun agvtool new-marketing-version ${{ needs.version.outputs.version }} + xcrun agvtool new-version -all ${{ needs.version.outputs.version }} + + pod install + + gem install fastlane + fastlane mac build + - name: "Create .dmg" continue-on-error: true run: | npm install --global create-dmg mkdir dmg - create-dmg build/macos/Build/Products/Release/notifi.app dmg/ + create-dmg ./notifi.app dmg/ - name: "Store .dmg artifact" uses: actions/upload-artifact@v2 with: @@ -148,11 +173,25 @@ jobs: - uses: actions/setup-java@v1 with: java-version: '12.x' + - name: "Setup Code signing" + env: + DEV_P12_CERT: ${{ secrets.DEV_P12_CERT }} + DIST_P12_CERT: ${{ secrets.DIST_P12_CERT }} + DEV_P12_PASS: ${{ secrets.DEV_P12_PASS }} + DIST_P12_PASS: ${{ secrets.DIST_P12_PASS }} + IOS_PROVISION: ${{ secrets.IOS_PROVISION }} + MAC_PROVISION: ${{ secrets.MAC_PROVISION }} + run: | + bash ~/.github/workflows/utils/set-keychain-certs.sh - uses: subosito/flutter-action@v1 with: channel: 'dev' - - name: "Build" + - name: "Build & Deploy" + env: + FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD: ${{ secrets.FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD }} + FASTLANE_SESSION: ${{ secrets.FASTLANE_SESSION }} + FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }} run: | flutter pub get if [[ "${{ github.ref }}" != "refs/heads/master" ]] @@ -170,27 +209,7 @@ jobs: pod install - - name: "Setup codesign keychain" - run: | - echo ${{ secrets.MACOS_CERTIFICATE }} | base64 --decode > certificate.p12 - security create-keychain -p p4ssword build.keychain - security default-keychain -s build.keychain - security unlock-keychain -p p4ssword build.keychain - security import certificate.p12 -k build.keychain -P ${{ secrets.MACOS_CERTIFICATE_PWD }} -T /usr/bin/codesign - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k p4ssword build.keychain - - mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles - echo ${{ secrets.PROVISIONING_PROFILE_DATA }} | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/profile.mobileprovision - - - name: "Run fastlane" - env: - FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD: ${{ secrets.FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD }} - FASTLANE_SESSION: ${{ secrets.FASTLANE_SESSION }} - FASTLANE_PASSWORD: ${{ secrets.FASTLANE_PASSWORD }} - run: | - cd ios gem install fastlane - if [[ "${{ github.ref }}" == "refs/heads/master" ]] then fastlane asdeploy diff --git a/.github/workflows/utils/set-keychain-certs.sh b/.github/workflows/utils/set-keychain-certs.sh new file mode 100644 index 00000000..01dd9f10 --- /dev/null +++ b/.github/workflows/utils/set-keychain-certs.sh @@ -0,0 +1,13 @@ +#!/bin/bash +echo "$DEV_P12_CERT" | base64 --decode > devcert.p12 # ios +echo "$DIST_P12_CERT" | base64 --decode > distcert.p12 +security create-keychain -p p4ssword build.keychain +security default-keychain -s build.keychain +security unlock-keychain -p p4ssword build.keychain +security import devcert.p12 -k build.keychain -P "$DEV_P12_PASS" -T /usr/bin/codesign +security import distcert.p12 -k build.keychain -P "$DIST_P12_PASS" -T /usr/bin/codesign +security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k p4ssword build.keychain + +mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles +echo "$IOS_PROVISION" | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/profile.mobileprovision +echo "$MAC_PROVISION" | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/mac.provisionprofile diff --git a/.gitignore b/.gitignore index 4e5fcf7b..2a695c12 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,10 @@ app.*.map.json /ios/Runner.app.dSYM.zip /ios/Runner.ipa /ios/fastlane/Preview.html +/ios/production_it.notifi.notifi.p12 +/ios/production_it.notifi.notifi.pem +/ios/production_it.notifi.notifi.pkey +/macos/notifi.app.dSYM.zip +/macos/notifi.app/ +/ios/fastlane/report.xml +/macos/fastlane/report.xml diff --git a/README.md b/README.md index 35167e8d..268b4766 100644 --- a/README.md +++ b/README.md @@ -64,12 +64,15 @@ ln -s $(pwd)/pre-commit.sh $(pwd)/.git/hooks/pre-commit chmod +x $(pwd)/.git/hooks/pre-commit ``` -### Screenshot -```bash -brew update && brew install imagemagick -pub global activate screenshots +### fastlane +#### provision profiles +``` +fastlane sigh -p macos +fastlane sigh -p ios ``` +### + ### Jetbrains flutter plugin: https://plugins.jetbrains.com/plugin/9212-flutter/versions diff --git a/ios/fastlane/Fastfile b/ios/fastlane/Fastfile index 495818c2..be6b5058 100644 --- a/ios/fastlane/Fastfile +++ b/ios/fastlane/Fastfile @@ -31,6 +31,7 @@ platform :ios do desc "Upload build to app store" lane :asdeploy do + get_push_certificate build_ios_app( export_method: "app-store", export_options: { diff --git a/ios/fastlane/README.md b/ios/fastlane/README.md index e185cec1..d6224abe 100644 --- a/ios/fastlane/README.md +++ b/ios/fastlane/README.md @@ -16,16 +16,16 @@ or alternatively using `brew install fastlane` # Available Actions ## iOS -### ios screenshots -``` -fastlane ios screenshots -``` -Generate new localized screenshots ### ios tfdeploy ``` fastlane ios tfdeploy ``` - +Upload build to test flight +### ios asdeploy +``` +fastlane ios asdeploy +``` +Upload build to app store ---- diff --git a/lib/notifications/notifis.dart b/lib/notifications/notifis.dart index 3d0ec61d..6ace7a51 100644 --- a/lib/notifications/notifis.dart +++ b/lib/notifications/notifis.dart @@ -68,11 +68,7 @@ class Notifications extends ChangeNotifier { tableNotifier.reloadTable(); } else { // scroll to top of table - tableController.animateTo( - 0, - duration: const Duration(milliseconds: 250), - curve: Curves.ease, - ); + scrollToTop(); // animate in notification if (tableKey.currentState != null) { diff --git a/macos/Gemfile b/macos/Gemfile new file mode 100644 index 00000000..7a118b49 --- /dev/null +++ b/macos/Gemfile @@ -0,0 +1,3 @@ +source "https://rubygems.org" + +gem "fastlane" diff --git a/macos/Runner.xcodeproj/project.pbxproj b/macos/Runner.xcodeproj/project.pbxproj index 19638d6f..fe6f2d5a 100644 --- a/macos/Runner.xcodeproj/project.pbxproj +++ b/macos/Runner.xcodeproj/project.pbxproj @@ -424,9 +424,10 @@ CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = Runner/DebugProfile.entitlements; CODE_SIGN_IDENTITY = "-"; - CODE_SIGN_STYLE = Automatic; + CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_TEAM = Z28DW76Y3W; + ENABLE_HARDENED_RUNTIME = YES; INFOPLIST_FILE = Runner/Info.plist; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", @@ -434,7 +435,7 @@ ); MACOSX_DEPLOYMENT_TARGET = 10.11; PRODUCT_BUNDLE_IDENTIFIER = it.notifi.notifi; - PROVISIONING_PROFILE_SPECIFIER = ""; + PROVISIONING_PROFILE_SPECIFIER = "it.notifi.notifi AppStore"; SWIFT_VERSION = 5.0; }; name = Profile; @@ -554,9 +555,10 @@ CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = Runner/notifiDebug.entitlements; CODE_SIGN_IDENTITY = "-"; - CODE_SIGN_STYLE = Automatic; + CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_TEAM = Z28DW76Y3W; + ENABLE_HARDENED_RUNTIME = YES; INFOPLIST_FILE = Runner/Info.plist; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", @@ -564,7 +566,7 @@ ); MACOSX_DEPLOYMENT_TARGET = 10.11; PRODUCT_BUNDLE_IDENTIFIER = it.notifi.notifi; - PROVISIONING_PROFILE_SPECIFIER = ""; + PROVISIONING_PROFILE_SPECIFIER = "it.notifi.notifi AppStore"; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; }; @@ -578,7 +580,7 @@ CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = Runner/Release.entitlements; CODE_SIGN_IDENTITY = "-"; - CODE_SIGN_STYLE = Automatic; + CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_TEAM = Z28DW76Y3W; INFOPLIST_FILE = Runner/Info.plist; @@ -588,7 +590,7 @@ ); MACOSX_DEPLOYMENT_TARGET = 10.11; PRODUCT_BUNDLE_IDENTIFIER = it.notifi.notifi; - PROVISIONING_PROFILE_SPECIFIER = ""; + PROVISIONING_PROFILE_SPECIFIER = "it.notifi.notifi AppStore"; SWIFT_VERSION = 5.0; }; name = Release; diff --git a/macos/Runner/DebugProfile.entitlements b/macos/Runner/DebugProfile.entitlements index 3ba6c126..7a2230dc 100644 --- a/macos/Runner/DebugProfile.entitlements +++ b/macos/Runner/DebugProfile.entitlements @@ -4,8 +4,6 @@ com.apple.security.app-sandbox - com.apple.security.cs.allow-jit - com.apple.security.network.client com.apple.security.network.server diff --git a/macos/Runner/notifiDebug.entitlements b/macos/Runner/notifiDebug.entitlements index 3ba6c126..7a2230dc 100644 --- a/macos/Runner/notifiDebug.entitlements +++ b/macos/Runner/notifiDebug.entitlements @@ -4,8 +4,6 @@ com.apple.security.app-sandbox - com.apple.security.cs.allow-jit - com.apple.security.network.client com.apple.security.network.server diff --git a/macos/fastlane/Appfile b/macos/fastlane/Appfile new file mode 100644 index 00000000..1cc95df7 --- /dev/null +++ b/macos/fastlane/Appfile @@ -0,0 +1,8 @@ +app_identifier("it.notifi.notifi") # The bundle identifier of your app +apple_id("maxmitch@hotmail.co.uk") # Your Apple email address + +itc_team_id("81836802") # App Store Connect Team ID +team_id("Z28DW76Y3W") # Developer Portal Team ID + +# For more information about the Appfile, see: +# https://docs.fastlane.tools/advanced/#appfile diff --git a/macos/fastlane/Fastfile b/macos/fastlane/Fastfile new file mode 100644 index 00000000..efe021e0 --- /dev/null +++ b/macos/fastlane/Fastfile @@ -0,0 +1,34 @@ +# This file contains the fastlane.tools configuration +# You can find the documentation at https://docs.fastlane.tools +# +# For a list of all available actions, check out +# +# https://docs.fastlane.tools/actions +# +# For a list of all available plugins, check out +# +# https://docs.fastlane.tools/plugins/available-plugins +#edit_items.append(EditItem(link_id=link_id, product_id=str(product_id_tag["id"]))) + +# Uncomment the line if you want fastlane to automatically update itself +# update_fastlane + + +default_platform(:mac) + +platform :mac do + desc "Upload build to test flight" + lane :build do + + # https://docs.fastlane.tools/actions/build_mac_app/ + build_mac_app( + export_method: "mac-application", + export_options: { + provisioningProfiles: { + "it.notifi.notifi" => "it.notifi.notifi AppStore" + } + }, + output_name: "notifi.ipa" + ) + end +end diff --git a/macos/fastlane/README.md b/macos/fastlane/README.md new file mode 100644 index 00000000..2db1cba6 --- /dev/null +++ b/macos/fastlane/README.md @@ -0,0 +1,29 @@ +fastlane documentation +================ +# Installation + +Make sure you have the latest version of the Xcode command line tools installed: + +``` +xcode-select --install +``` + +Install _fastlane_ using +``` +[sudo] gem install fastlane -NV +``` +or alternatively using `brew install fastlane` + +# Available Actions +## Mac +### mac build +``` +fastlane mac build +``` +Upload build to test flight + +---- + +This README.md is auto-generated and will be re-generated every time [fastlane](https://fastlane.tools) is run. +More information about fastlane can be found on [fastlane.tools](https://fastlane.tools). +The documentation of fastlane can be found on [docs.fastlane.tools](https://docs.fastlane.tools).