diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml index f1eda8d..dfe21db 100644 --- a/.github/workflows/package.yaml +++ b/.github/workflows/package.yaml @@ -2,9 +2,11 @@ name: Build and sign application on: push: - tags: - - "v[0-9]+.[0-9]+.[0-9]+" - - "v[0-9]+.[0-9]+.[0-9]+([0-9]+)" + # TODO remove + branches: ['feature/signing_key'] + # tags: + # - "v[0-9]+.[0-9]+.[0-9]+" + # - "v[0-9]+.[0-9]+.[0-9]+([0-9]+)" workflow_dispatch: inputs: @@ -17,16 +19,115 @@ permissions: contents: write jobs: - build: - environment: packaging - runs-on: ubuntu-latest - + # build-android: + # name: Android Build + # environment: packaging + # runs-on: ubuntu-latest + + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # path: app + + # - name: Checkout "eidmsdk_flutter" + # uses: actions/checkout@v4 + # with: + # repository: slovensko-digital/eidmsdk-flutter + # token: ${{ secrets.GH_PAT }} + # path: eidmsdk_flutter + + # - name: Checkout "autogram_sign" + # uses: actions/checkout@v4 + # with: + # repository: slovensko-digital/avm-client-dart + # token: ${{ secrets.GH_PAT }} + # path: autogram_sign + + # - uses: actions/setup-java@v1 + # with: + # java-version: '17.x' + + # - uses: subosito/flutter-action@v1 + # with: + # flutter-version: '3.16.5' + # channel: 'stable' + + # - name: Install dependencies + # working-directory: ./app + # run: flutter pub get + + # - name: Test + # working-directory: ./app + # run: flutter test + + # - name: Decode Keystore + # env: + # ENCODED_STRING: ${{ secrets.GOOGLE_KEYSTORE_BASE_64 }} + # working-directory: ./app + # run: echo $ENCODED_STRING | base64 -d > release_keystore.jks + + # - name: Build + # env: + # AVM_KEYSTORE_FILE: ../../release_keystore.jks + # AVM_KEYSTORE_PASSWORD: ${{ secrets.GOOGLE_RELEASE_KEYSTORE_PASSWORD }} + # AVM_KEY_ALIAS: ${{ secrets.GOOGLE_RELEASE_KEYSTORE_ALIAS }} + # AVM_KEY_PASSWORD: ${{ secrets.GOOGLE_RELEASE_KEY_PASSWORD }} + # working-directory: ./app + # run: flutter build appbundle --release + + # - name: Upload Release Build to Artifacts + # uses: actions/upload-artifact@v3 + # with: + # name: release-artifacts + # path: ./app/build/app/outputs/bundle/release/app-release.aab + + # - name: Create release if tag pushed + # uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 + # if: startsWith(github.ref, 'refs/tags/') + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # draft: true + # prerelease: true + # files: | + # ./app/build/app/outputs/bundle/release/app-release.aab + + + build-ios: + name: iOS Build + runs-on: macos-latest steps: - name: Checkout uses: actions/checkout@v4 with: path: app + - name: Install the Apple certificate and provisioning profile + env: + BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_CERT_BASE_64 }} + P12_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} + BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.APPLE_PROVISION_PROFILE_BASE_64 }} + KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + run: | + # create variables + CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 + PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + # import certificate and provisioning profile from secrets + echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH + echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH + # create temporary keychain + security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + # import certificate to keychain + security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security list-keychain -d user -s $KEYCHAIN_PATH + # apply provisioning profile + mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles + cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles + - name: Checkout "eidmsdk_flutter" uses: actions/checkout@v4 with: @@ -58,34 +159,18 @@ jobs: working-directory: ./app run: flutter test - - name: Decode Keystore - env: - ENCODED_STRING: ${{ secrets.GOOGLE_KEYSTORE_BASE_64 }} + - name: Building IPA working-directory: ./app - run: echo $ENCODED_STRING | base64 -d > release_keystore.jks - - - name: Build - env: - AVM_KEYSTORE_FILE: ../../release_keystore.jks - AVM_KEYSTORE_PASSWORD: ${{ secrets.GOOGLE_RELEASE_KEYSTORE_PASSWORD }} - AVM_KEY_ALIAS: ${{ secrets.GOOGLE_RELEASE_KEYSTORE_ALIAS }} - AVM_KEY_PASSWORD: ${{ secrets.GOOGLE_RELEASE_KEY_PASSWORD }} - working-directory: ./app - run: flutter build appbundle --release - - - name: Upload Release Build to Artifacts - uses: actions/upload-artifact@v3 - with: - name: release-artifacts - path: ./app/build/app/outputs/bundle/release/app-release.aab - - - name: Create release if tag pushed - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 - if: startsWith(github.ref, 'refs/tags/') - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: flutter build ipa --release + + - name: collect ipa artifacts + uses: actions/upload-artifact@v2 with: - draft: true - prerelease: true - files: | - ./app/build/app/outputs/bundle/release/app-release.aab + name: release-ipa + path: ./app/build/ios/ipa/*.ipa + + - name: Clean up keychain and provisioning profile + if: ${{ always() }} + run: | + security delete-keychain $RUNNER_TEMP/app-signing.keychain-db + rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision