Build #75
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
workflow_dispatch: | |
inputs: | |
build-variant: | |
description: "Which variant of the app to build" | |
required: true | |
type: choice | |
options: | |
- Production | |
build-version: | |
description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project." | |
required: false | |
type: string | |
build-number: | |
description: "Optional. Build number to use. Overrides default of GitHub run number." | |
required: false | |
type: number | |
xcode-version: | |
description: "Optional. Xcode version to use. Overrides default." | |
required: false | |
type: string | |
env: | |
build-variant: ${{ inputs.build-variant || 'Production' }} | |
XCODE_VERSION: ${{ inputs.xcode-version || '15.4' }} | |
jobs: | |
build: | |
name: Build | |
runs-on: macos-14 | |
env: | |
MINT_PATH: .mint/lib | |
MINT_LINK_PATH: .mint/bin | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set Xcode version | |
uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 | |
with: | |
xcode-version: ${{ env.XCODE_VERSION }} | |
- name: Cache Mint packages | |
id: mint-cache | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: .mint | |
key: ${{ runner.os }}-mint-${{ hashFiles('**/Mintfile') }} | |
restore-keys: | | |
${{ runner.os }}-mint- | |
- name: Install yeetd | |
run: | | |
wget https://github.com/biscuitehh/yeetd/releases/download/1.0/yeetd-normal.pkg | |
sudo installer -pkg yeetd-normal.pkg -target / | |
yeetd & | |
- name: Log in to Azure | |
uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1 | |
with: | |
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
- name: Retrieve secrets | |
uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
with: | |
keyvault: "bitwarden-ci" | |
secrets: "appcenter-ios-token" | |
- name: Retrieve production provisioning profiles | |
if: env.build-variant == 'Production' | |
env: | |
ACCOUNT_NAME: bitwardenci | |
CONTAINER_NAME: profiles | |
run: | | |
mkdir -p $HOME/secrets | |
profiles=( | |
"dist_authenticator.mobileprovision" | |
) | |
for FILE in "${profiles[@]}" | |
do | |
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ | |
--file $HOME/secrets/$FILE --output none | |
done | |
- name: Retrieve Google Services secret | |
env: | |
ACCOUNT_NAME: bitwardenci | |
CONTAINER_NAME: mobile | |
FILE: GoogleService-Info.plist | |
run: | | |
mkdir -p $HOME/secrets | |
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ | |
--file Authenticator/Application/Support/$FILE --output none | |
- name: Retrieve certificates | |
run: | | |
mkdir -p $HOME/certificates | |
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution | | |
jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12 | |
- name: Configure Keychain Access | |
env: | |
KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }} | |
run: | | |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain | |
security set-keychain-settings -lut 1200 build.keychain | |
security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \ | |
-T /usr/bin/security | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain | |
- name: Configure production provisioning profiles | |
if: env.build-variant == 'Production' | |
run: | | |
AUTHENTICATOR_PROFILE_PATH=$HOME/secrets/dist_authenticator.mobileprovision | |
PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles | |
mkdir -p "$PROFILES_DIR_PATH" | |
AUTHENTICATOR_UUID=$(grep UUID -A1 -a $AUTHENTICATOR_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}") | |
cp $AUTHENTICATOR_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTHENTICATOR_UUID.mobileprovision" | |
- name: Configure Ruby | |
uses: ruby/setup-ruby@7bae1d00b5db9166f4f0fc47985a3a5702cb58f0 # v1.197.0 | |
with: | |
bundler-cache: true | |
- name: Install Mint, protobuf, xcbeautify, and yq | |
run: | | |
brew install mint swift-protobuf xcbeautify yq | |
- name: Install Mint packages | |
if: steps.mint-cache.outputs.cache-hit != 'true' | |
run: | | |
mint bootstrap | |
- name: Select variant | |
run: | | |
./Scripts/select_variant.sh ${{ env.build-variant }} | |
- name: Update build version | |
if: ${{ inputs.build-version }} | |
run: | | |
yq -i '.settings.MARKETING_VERSION = "${{ inputs.build-version }}"' 'project.yml' | |
- name: Update build number | |
run: | | |
BUILD_NUMBER=$(($GITHUB_RUN_NUMBER)) | |
yq -i ".settings.CURRENT_PROJECT_VERSION = ${{ inputs.build-number || '$BUILD_NUMBER' }}" 'project.yml' | |
- name: Build iOS app | |
run: | | |
BUILD_NUMBER=$(($GITHUB_RUN_NUMBER)) | |
./Scripts/build.sh | |
- name: Upload IPA | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: Authenticator iOS | |
path: build/Authenticator/Authenticator.ipa | |
- name: Set up private auth key | |
run: | | |
mkdir ~/private_keys | |
cat << EOF > ~/private_keys/AuthKey_S4VJ5UU8J2.p8 | |
${{ secrets.APP_STORE_CONNECT_AUTH_KEY }} | |
EOF | |
- name: Validate app with App Store Connect | |
run: | | |
xcrun altool --validate-app \ | |
--type ios \ | |
--file "build/Authenticator/Authenticator.ipa" \ | |
--apiKey "S4VJ5UU8J2" \ | |
--apiIssuer "${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}" | |
- name: Upload app to TestFlight | |
run: | | |
xcrun altool --upload-app \ | |
--type ios \ | |
--file "build/Authenticator/Authenticator.ipa" \ | |
--apiKey "S4VJ5UU8J2" \ | |
--apiIssuer "${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}" | |
crowdin-push: | |
name: Crowdin Push | |
if: github.ref == 'refs/heads/main' | |
needs: | |
- build | |
runs-on: ubuntu-22.04 | |
env: | |
_CROWDIN_PROJECT_ID: "673718" | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Upload sources | |
uses: crowdin/github-action@2d540f18b0a416b1fbf2ee5be35841bd380fc1da # v2.3.0 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }} | |
with: | |
config: crowdin.yml | |
upload_sources: true | |
upload_translations: false |