IOS CI and Ability to distribute to single platform (#1095)

* added IOS github action. * trigger workflow. * Update release.yml * fix branch issue. * fix syntex issue. * Update build-ios.yml * Added flutter pub get. * Added tunnel profile. * Update build-ios.yml * Hide tunnel profile. * uncomment tunnel profile. * Update build-ios.yml * Update build-ios.yml * Update build-ios.yml * Update build-ios.yml * Update build-ios.yml * Update build-ios.yml * Update tunnel vaules. * uncomment full steps. * Update project.pbxproj * Fix issue with variable. * Removes automatic signin * Trigger CI flow. * Added debug logs. * Change code sign. * Added verbose. * Update project.pbxproj * Update project.pbxproj * Update project.pbxproj * Added export_option.plist. * Update build-ios.yml * Update build-ios.yml * Update build-ios.yml * Update build-ios.yml * updated project path. * Update build-ios.yml * added scheme in action. * Added build framework as step. * update command. * updated config. * Update build-ios.yml * Added changes on FFI bindings step. * Fix syntax issue. * Removed unused code. * Added TestFlight action. * Change variable name. * Try to find workspace location. * Update build-ios.yml * Update build-ios.yml * Update build-ios.yml * Added debug step * Added more debug steps. * Update build-ios.yml * Remove debug steps. * Added lot of debug steps. * Added echo. * Update release.yml * use steps instead of needs. * Added logs. * Update release.yml * Use env. * Update release.yml * Try to use envs. * change tag for testing * Enable all jobs. * Added push to s3 step. * Comment push-binaries step. * Updated copy action. * Enable all workflow. * Upgrade multiple action packages due to d deprecated version. * Updated readme and updated more actions pacakges. * Do not push ios build to s3. * Build ios when tag to prod * merge latest --------- Co-authored-by: atavism <paul@getlantern.org>
getlantern · Jun 23, 2024 · 3b664b3 · 3b664b3
1 parent 599ba3d
commit 3b664b3
Show file tree

Hide file tree

Showing 13 changed files with 687 additions and 328 deletions.
diff --git a/.github/workflows/browerstack.yml b/.github/workflows/browerstack.yml
@@ -27,7 +27,7 @@ jobs:
       - run: flutter --version
 
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version-file: "go.mod"
 

diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml
@@ -0,0 +1,164 @@
+name: Build Android Installer
+on:
+  workflow_call:
+    inputs:
+      version_file:
+        type: string
+        required: true
+      version:
+        type: string
+        required: true
+      prefix:
+        type: string
+        required: true
+
+env:
+  GOPRIVATE: github.com/getlantern
+  S3_BUCKET: lantern
+
+jobs:
+  build-android:
+    env:
+      version: ${{ inputs.version }}
+      version_file: ${{ inputs.version_file }}
+      prefix: ${{ inputs.prefix }}
+    runs-on: macos-latest-xlarge
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          lfs: true
+
+      - name: Pull LFS objects
+        run: git lfs pull
+
+      - name: Installing Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          channel: "stable"
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: "go.mod"
+
+      - name: Install latest protoc-gen-go
+        run: go install github.com/golang/protobuf/protoc-gen-go@latest
+
+      - name: Granting private modules access
+        run: |
+          git config --global url."https://${{ secrets.CI_PRIVATE_REPOS_GH_TOKEN }}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
+
+      - name: Setup Sentry CLI
+        uses: mathieu-bour/setup-sentry-cli@v2
+        with:
+          version: latest
+          token: ${{ SECRETS.SENTRY_TOKEN }} # from GitHub secrets
+          organization: getlantern
+          project: android
+
+      - name: Setup JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Generate ffi bindings
+        run: |
+          make darwin
+          make ffigen
+
+      - name: Setup protoc
+        uses: arduino/setup-protoc@v2
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Activate protoc-gen-dart plugin
+        run: |
+          echo "${HOME}/.pub-cache/bin" >> $GITHUB_PATH
+          dart pub global activate protoc_plugin
+
+      - name: Set gradle properties
+        env:
+          GRADLE_PROPERTIES: ${{ secrets.GRADLE_PROPERTIES }}
+        run: |
+          mkdir -p ~/.gradle/
+          echo "GRADLE_USER_HOME=${HOME}/.gradle" >> $GITHUB_ENV
+          echo "${GRADLE_PROPERTIES}" > ~/.gradle/gradle.properties
+
+      - name: Decode Keystore
+        id: write_file
+        uses: timheuer/base64-to-file@v1.2
+        with:
+          fileName: 'keystore.release.jks'
+          fileDir: './android/app'
+          encodedString: ${{ secrets.KEYSTORE }}
+
+      - name: Generate app.env
+        env:
+          ANDROID_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID }}
+          IOS_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID_IOS }}
+        run: |
+          touch app.env
+          echo "Android_interstitialAd=$ANDROID_INTERSTITIAL_AD_ID" > app.env
+          echo "IOS_interstitialAd=$IOS_INTERSTITIAL_AD_ID" >> app.env
+
+      - name: Build Android installers
+        run: make package-android
+        env:
+          INTERSTITIAL_AD_UNIT: "${{ secrets.INTERSTITIAL_AD_UNIT_ID }}"
+          SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
+          VERSION: "${{ env.version }}"
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: android-apk-build
+          retention-days: 2
+          path: |
+            lantern-installer.apk
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: android-aab-build
+          retention-days: 2
+          path: |
+            lantern-installer.aab
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install s3cmd
+        run: pip install s3cmd
+
+      - name: Set s3cmd permissions
+        run: |
+          echo "[default]" > "$HOME/.s3cfg"
+          echo "access_key = ${{ secrets.AWS_ACCESS_KEY }}" >> "$HOME/.s3cfg"
+          echo "secret_key = ${{ secrets.AWS_SECRET_KEY }}" >> "$HOME/.s3cfg"
+
+      - name: Push binaries to s3
+        env:
+          VERSION: "${{ env.version }}"
+          APK: "${{ env.prefix }}-${{ env.version }}.apk"
+          AAB: "${{ env.prefix }}-${{ env.version }}.aab"
+          update: "lantern_update_android_arm-${{inputs.version}}.bz2"
+          update_source: lantern_update_android_arm.bz2
+        run: |
+          mv ${{ env.update_source }} ${{ env.update }}
+          mv lantern-installer.apk "$APK"
+          mv lantern-installer.aab "$AAB"
+          cp "$APK" ${{ env.prefix }}.apk
+          cp "$AAB" ${{ env.prefix }}.aab
+          echo ${{ env.version }} > ${{ env.version_file }}
+          shasum -a 256 "$APK" | cut -d " " -f 1 > "$APK".sha256
+          shasum -a 256 "$AAB" | cut -d " " -f 1 > "$AAB".sha256
+          shasum -a 256 ${{ env.update }} | cut -d " " -f 1 > ${{ env.update }}.sha256
+          cp "$APK".sha256 ${{ env.prefix }}.apk.sha256
+          cp "$AAB".sha256 ${{ env.prefix }}.aab.sha256
+          s3cmd put --acl-public "$APK" "$APK".sha256 ${{ env.update }} ${{ env.update }}.sha256 ${{ env.version_file }} ${{ env.prefix }}.apk.sha256 ${{ env.prefix }}.apk "s3://$S3_BUCKET"
+          s3cmd put --acl-public "$AAB" "$AAB".sha256 ${{ env.prefix }}.aab.sha256 ${{ env.prefix }}.aab "s3://$S3_BUCKET"
+          s3cmd modify --add-header='content-type':'application/vnd.android.package-archive' "s3://$S3_BUCKET/$APK"
+          s3cmd modify --add-header='content-type':'application/vnd.android.package-archive' "s3://$S3_BUCKET/${{ env.prefix }}.apk"
+          s3cmd modify --add-header='content-type':'application/vnd.android.package-archive' "s3://$S3_BUCKET/$AAB"
+          s3cmd modify --add-header='content-type':'application/vnd.android.package-archive' "s3://$S3_BUCKET/${{ env.prefix }}.aab"
+
diff --git a/.github/workflows/build-darwin.yml b/.github/workflows/build-darwin.yml
@@ -34,15 +34,15 @@ jobs:
       AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
     runs-on: ${{ inputs.macos_version }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         lfs: true
 
     - name: Pull LFS objects
       run: git lfs pull
 
     - name: Setup Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version-file: "go.mod"
 
@@ -62,7 +62,7 @@ jobs:
         chmod 600 /tmp/cache/.netrc
 
     - name: Setup Sentry CLI
-      uses: mathieu-bour/setup-sentry-cli@v1
+      uses: mathieu-bour/setup-sentry-cli@v2
       with:
         version: latest
         token: ${{ SECRETS.SENTRY_TOKEN }} # from GitHub secrets

diff --git a/.github/workflows/build-ios.yml b/.github/workflows/build-ios.yml
@@ -0,0 +1,184 @@
+name: Build IOS
+on:
+  workflow_call:
+    inputs:
+      version_file:
+        type: string
+        required: true
+      macos_version:
+        type: string
+        required: true
+      xcode_version:
+        type: string
+        required: true
+      version:
+        type: string
+        required: true
+      prefix:
+        type: string
+        required: true
+env:
+  GOPRIVATE: github.com/getlantern
+jobs:
+  build-ios:
+    runs-on: ${{ inputs.macos_version }}
+    permissions:
+      contents: "read"
+      id-token: "write"
+    env:
+      version: ${{ inputs.version }}
+      version_file: ${{ inputs.version_file }}
+      prefix: ${{ inputs.prefix }}
+      AC_USERNAME: accounts@getlantern.org
+      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          lfs: true
+      - name: Pull LFS objects
+        run: git lfs pull
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: "go.mod"
+
+      - name: Setup Xcode
+        uses: maxim-lobanov/setup-xcode@v1
+        with:
+          xcode-version: ${{ inputs.xcode_version }}
+
+      - name: Repo access
+        run: |
+          mkdir /tmp/cache
+          echo "machine github.com login ${{ secrets.GH_TOKEN }} password x-oauth-basic" > /tmp/cache/.netrc
+          chmod 600 /tmp/cache/.netrc
+
+      - name: Setup Sentry CLI
+        uses: mathieu-bour/setup-sentry-cli@v2
+        with:
+          version: latest
+          token: ${{ SECRETS.SENTRY_TOKEN }} # from GitHub secrets
+          organization: getlantern
+          project: lantern-ios
+
+      - name: Install Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          channel: "stable"
+
+      - name: Install the Apple certificate and provisioning profile
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.IOS_CERTIFICATE_P12_BASE64 }}
+          P12_PASSWORD: ${{ secrets.IOS_CERTIFICATE_P12_PASS }}
+          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISION_PROFILE_BASE6 }}
+          BUILD_TUNNEL_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_TUNNEL_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          EXPORT_OPTIONS: ${{ secrets.EXPORT_OPTION_PLIST }}
+        run: |
+          set -x
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          TPP_PATH=$RUNNER_TEMP/build_tpp.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          EXPORT_OPTIONS_PATH=$GITHUB_WORKSPACE/ExportOptions.plist
+
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+          
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          PROVISIONING_PROFILES_DIR=~/Library/MobileDevice/Provisioning\ Profiles
+          mkdir -p "$PROVISIONING_PROFILES_DIR"
+          
+           # apply main provisioning profile
+          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+          
+          # apply tunnel provisioning profile
+          echo -n "$BUILD_TUNNEL_PROVISION_PROFILE_BASE64" | base64 --decode -o $TPP_PATH
+          cp $TPP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+          
+           # Create ExportOptions.plist
+          echo "$EXPORT_OPTIONS" | base64 --decode > "$EXPORT_OPTIONS_PATH"
+
+      - name: Generate FFI bindings
+        run: |
+          make darwin
+          make ffigen
+
+      - name: Generate app.env
+        env:
+          ANDROID_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID }}
+          IOS_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID_IOS }}
+        run: |
+          touch app.env
+          echo "Android_interstitialAd=$ANDROID_INTERSTITIAL_AD_ID" > app.env
+          echo "IOS_interstitialAd=$IOS_INTERSTITIAL_AD_ID" >> app.env
+
+      - name: Get dependencies & Pod install
+        run: |
+          flutter pub get
+          cd ios
+          pod install
+          cd ..
+
+      - name: Build iOS app
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: getlantern
+          SENTRY_PROJECT_IOS: lantern-ios
+        run: make ios-release
+
+      - name: Upload application
+        uses: actions/upload-artifact@v4
+        with:
+          name: Lantern.ipa
+          path: ${{ github.workspace }}/build/ios/ipa/Lantern.ipa
+          retention-days: 2
+#
+#      - name: Compress artifacts using bzip2
+#        run: |
+#          cd ${{ github.workspace }}/build/ios/ipa/
+#          bzip2 -zk Lantern.ipa
+#
+#      - name: Copy .ipa and .bz2 to root
+#        run: |
+#          cp ${{ github.workspace }}/build/ios/ipa/Lantern.ipa ${{ github.workspace }}/Lantern.ipa
+#          cp ${{ github.workspace }}/build/ios/ipa/Lantern.ipa.bz2 ${{ github.workspace }}/Lantern.ipa.bz2
+#
+#      - name: Install s3cmd
+#        run: pip install s3cmd
+#
+#      - name: Set s3cmd permissions
+#        run: |
+#          echo "[default]" > "$HOME/.s3cfg"
+#          echo "access_key = ${{ secrets.AWS_ACCESS_KEY }}" >> "$HOME/.s3cfg"
+#          echo "secret_key = ${{ secrets.AWS_SECRET_KEY }}" >> "$HOME/.s3cfg"
+#
+#      - name: Push binaries to s3
+#        env:
+#          VERSION: "${{ env.version }}"
+#          IPA: "${{ env.prefix }}-${{ env.version }}.ipa"
+#          update: "lantern_update_ios-${{inputs.version}}.bz2"
+#          update_source: Lantern.ipa.bz2
+#        run: |
+#          mv ${{ env.update_source }} ${{ env.update }}
+#          mv Lantern.ipa "$IPA"
+#          cp "$IPA" ${{ env.prefix }}.ipa
+#          echo ${{ env.version }} > ${{ env.version_file }}
+#          shasum -a 256 "$IPA" | cut -d " " -f 1 > "$IPA".sha256
+#          shasum -a 256 ${{ env.update }} | cut -d " " -f 1 > ${{ env.update }}.sha256
+#          cp "$IPA".sha256 ${{ env.prefix }}.ipa.sha256
+#          s3cmd put --acl-public "$IPA" "$IPA".sha256 ${{ env.update }} ${{ env.update }}.sha256 ${{ env.version_file }} ${{ env.prefix }}.ipa.sha256 ${{ env.prefix }}.ipa "s3://lantern"