diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 750716ad..d60eda8c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,89 +55,89 @@ jobs: restore-keys: | ${{ runner.os }}-mint- - # - name: Install yeetd - # run: | - # wget https://github.com/biscuitehh/yeetd/releases/download/1.0/yeetd-normal.pkg - # sudo installer -pkg yeetd-normal.pkg -target / - # yeetd & - - # - name: Log In to Azure - CI Subscription - # uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1 - # with: - # creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + - name: Install yeetd + run: | + wget https://github.com/biscuitehh/yeetd/releases/download/1.0/yeetd-normal.pkg + sudo installer -pkg yeetd-normal.pkg -target / + yeetd & - # - name: Retrieve secrets - # id: retrieve-secrets - # uses: bitwarden/gh-actions/get-keyvault-secrets@main - # with: - # keyvault: "bitwarden-ci" - # secrets: "appcenter-ios-token" + - name: Log In to Azure - CI Subscription + uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} - # - name: Download production provisioning profiles - # if: env.build-variant == 'Production' - # env: - # ACCOUNT_NAME: bitwardenci - # CONTAINER_NAME: profiles - # run: | - # mkdir -p $HOME/secrets - # profiles=( - # "dist_authenticator.mobileprovision" - # ) - - # for FILE in "${profiles[@]}" - # do - # az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ - # --file $HOME/secrets/$FILE --output none - # done - - # - name: Download Google Services secret - # env: - # ACCOUNT_NAME: bitwardenci - # CONTAINER_NAME: mobile - # FILE: GoogleService-Info.plist - # run: | - # mkdir -p $HOME/secrets - # az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ - # --file Authenticator/Application/Support/$FILE --output none + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "appcenter-ios-token" + + - name: Download production provisioning profiles + if: env.build-variant == 'Production' + env: + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: profiles + run: | + mkdir -p $HOME/secrets + profiles=( + "dist_authenticator.mobileprovision" + ) + + for FILE in "${profiles[@]}" + do + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ + --file $HOME/secrets/$FILE --output none + done + + - name: Download Google Services secret + env: + ACCOUNT_NAME: bitwardenci + CONTAINER_NAME: mobile + FILE: GoogleService-Info.plist + run: | + mkdir -p $HOME/secrets + az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \ + --file Authenticator/Application/Support/$FILE --output none - # - name: Get certificates - # run: | - # mkdir -p $HOME/certificates - # az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution | - # jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12 + - name: Get certificates + run: | + mkdir -p $HOME/certificates + az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution | + jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12 - # - name: Set up Keychain - # env: - # KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }} - # run: | - # security create-keychain -p $KEYCHAIN_PASSWORD build.keychain - # security default-keychain -s build.keychain - # security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain - # security set-keychain-settings -lut 1200 build.keychain + - name: Set up Keychain + env: + KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }} + run: | + security create-keychain -p $KEYCHAIN_PASSWORD build.keychain + security default-keychain -s build.keychain + security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain + security set-keychain-settings -lut 1200 build.keychain - # security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \ - # -T /usr/bin/security - # security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain + security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \ + -T /usr/bin/security + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain - # - name: Set up production provisioning profiles - # if: env.build-variant == 'Production' - # run: | - # AUTHENTICATOR_PROFILE_PATH=$HOME/secrets/dist_authenticator.mobileprovision - # PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles + - name: Set up production provisioning profiles + if: env.build-variant == 'Production' + run: | + AUTHENTICATOR_PROFILE_PATH=$HOME/secrets/dist_authenticator.mobileprovision + PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles - # mkdir -p "$PROFILES_DIR_PATH" + mkdir -p "$PROFILES_DIR_PATH" - # AUTHENTICATOR_UUID=$(grep UUID -A1 -a $AUTHENTICATOR_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}") - # cp $AUTHENTICATOR_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTHENTICATOR_UUID.mobileprovision" + AUTHENTICATOR_UUID=$(grep UUID -A1 -a $AUTHENTICATOR_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}") + cp $AUTHENTICATOR_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTHENTICATOR_UUID.mobileprovision" - # - name: Install Mint, xcbeautify, and yq - # run: | - # brew install mint xcbeautify yq + - name: Install Mint, xcbeautify, and yq + run: | + brew install mint xcbeautify yq - # - name: Install Mint packages - # if: steps.mint-cache.outputs.cache-hit != 'true' - # run: | - # mint bootstrap + - name: Install Mint packages + if: steps.mint-cache.outputs.cache-hit != 'true' + run: | + mint bootstrap # - name: Select variant # run: |