-
Notifications
You must be signed in to change notification settings - Fork 0
123 lines (110 loc) · 4.81 KB
/
pre-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Pre Release
on:
push:
tags:
- '*p'
workflow_run:
workflows:
- 'Pre Bump'
types:
- completed
permissions:
contents: write
env:
TAG: ${{ github.sha }}
Identity: ''
SCHEME: GitOK
DESTINATION: 'generic/platform=macOS'
ArchivePath: './myapp'
BuildPath: './temp'
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
jobs:
build_with_signing:
runs-on: macos-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: pre
- name: 读取版本号
run: |
# 读取配置文件路径
projectFile=$(find $(pwd) ! -path "*Resources*" -type f -name "*.pbxproj" | head -n 1)
# 读取文件中的版本号
version=$(grep -o 'MARKETING_VERSION = [^"]*' $projectFile | head -n 1 | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+')
echo "版本号->$version"
build=$(agvtool what-version -terse)
echo "TAG=p$version($build)" >> $GITHUB_ENV
# https://docs.github.com/zh/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
- name: Install the Apple certificate and provisioning profile
env:
P12_PASSWORD: ${{ secrets.BUILD_CERTIFICATE_P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64_GITOK_MACOS }}
KEYCHAIN_PASSWORD: 'xxx'
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.provisionprofile
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "${{ env.BUILD_CERTIFICATE_BASE64 }}" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
- name: 生成 App Store Connect API 的 AuthKey
run: |
mkdir -p ./private_keys
echo -n "${{ secrets.APP_STORE_CONNECT_KEY_BASE64 }}" | base64 --decode -o ./private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_KEY_ID }}.p8
- run: security find-identity -v
- name: Build
run: xcodebuild -scheme ${{ env.SCHEME }} -configuration Release -derivedDataPath ${{ env.BuildPath }} clean build
- name: find identity
run: |
i=$(security find-identity -v -p codesigning | grep '^[[:space:]]*1)' | awk -F'[(|)]' '{print $3}')
echo "Identity=$i" >> $GITHUB_ENV
- name: Codesign
run: codesign --force -s ${{ env.Identity }} --option=runtime temp/Build/Products/Release/${{ env.SCHEME }}.app
- name: Codesign Check
run: codesign -dv temp/Build/Products/Release/${{ env.SCHEME }}.app
- name: Create DMG
run: |
npm i -g create-dmg
create-dmg "temp/Build/Products/Release/${{ env.SCHEME }}.app"
- name: Notary
continue-on-error: true
run: |
file=$(find . -maxdepth 1 -type f -name "*.dmg" | head -n 1)
xcrun notarytool submit "$file" \
--key ./private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_KEY_ID }}.p8 \
--key-id=${{ secrets.APP_STORE_CONNECT_KEY_ID }} \
--issuer ${{ secrets.APP_STORE_CONNECT_KEY_ISSER_ID }} \
--wait \
--timeout 10m
stapler staple "$file"
# 如果出现错误,查询日志
# xcrun notarytool log f66d58e3-d03a-4202-937e-5fca4e7cea83
# --key ./private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_KEY_ID }}.p8 \
# --key-id ${{ secrets.APP_STORE_CONNECT_KEY_ID }} \
# --issuer ${{ secrets.APP_STORE_CONNECT_KEY_ISSER_ID }}
- name: 公证结果
continue-on-error: true
run: |
file=$(find . -maxdepth 1 -type f -name "*.dmg" | head -n 1)
stapler validate "$file"
# - name: Generate Changelog
# run: echo ""> ${{ github.workspace }}-CHANGELOG.txt
- uses: softprops/action-gh-release@v2
with:
tag_name: ${{ env.TAG }}
# body_path: ${{ github.workspace }}-CHANGELOG.txt
prerelease: true
files: |
./**/*.dmg