Skip to content

Commit 0b4a5a6

Browse files
rinejthymikee
rinej
and
thymikee
authored
Add support for additional profiles (#16)
* feat: add support for additional profiles * docs: add info about additional profiles * refactor loops to properly exit on error * rename additional profiles input to provisioning-profiles * fix: add support for both legacy single name profile and profiles array * update docs --------- Co-authored-by: Michał Pierzchała <thymikee@gmail.com>
1 parent e82e2b6 commit 0b4a5a6

2 files changed

Lines changed: 139 additions & 48 deletions

File tree

README.md

Lines changed: 36 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ This GitHub Action enables remote building of iOS applications using [Rock](http
77
- Build iOS apps for simulator or device
88
- Automatic artifact caching to speed up builds
99
- Code signing support for device builds
10+
- Support for additional provisioning profiles (extensions, notifications, etc.)
1011
- Re-signing capability for PR builds
1112
- Native fingerprint-based caching
1213
- Configurable build parameters
@@ -38,34 +39,48 @@ jobs:
3839
# certificate-file: './certs/distribution.p12'
3940
# certificate-base64: ${{ secrets.CERTIFICATE_BASE64 }}
4041
# certificate-password: ${{ secrets.CERTIFICATE_PASSWORD }}
41-
# provisioning-profile-file: './profiles/app.mobileprovision'
42-
# provisioning-profile-base64: ${{ secrets.PROVISIONING_PROFILE_BASE64 }}
43-
# provisioning-profile-name: 'YourProfileName'
4442
# keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
4543
# re-sign: true
4644
# ad-hoc: true
45+
# For apps that require provisioning profiles:
46+
# provisioning-profiles: |
47+
# [
48+
# {
49+
# "name": "NewApp_AdHoc",
50+
# "file": "./profiles/new-app-profile.mobileprovision"
51+
# },
52+
# {
53+
# "name": "ShareExtension",
54+
# "file": "./profiles/share-extension.mobileprovision"
55+
# },
56+
# {
57+
# "name": "NotificationExtension",
58+
# "base64": "${{ secrets.NOTIFICATION_PROFILE_BASE64 }}"
59+
# }
60+
# ]
4761
```
4862

4963
## Inputs
5064

51-
| Input | Description | Required | Default |
52-
| ----------------------------- | ------------------------------------------------------------------------------- | -------- | ----------- |
53-
| `github-token` | GitHub Token | Yes | - |
54-
| `working-directory` | Working directory for the build command | No | `.` |
55-
| `destination` | Build destination: "simulator" or "device" | Yes | `simulator` |
56-
| `scheme` | Xcode scheme | Yes | - |
57-
| `configuration` | Xcode configuration | Yes | - |
58-
| `re-sign` | Re-sign the app bundle with new JS bundle | No | `false` |
59-
| `ad-hoc` | Upload the IPA for ad-hoc distribution to easily install on provisioned devices | No | `false` |
60-
| `certificate-base64` | Base64 encoded P12 file for device builds | No | - |
61-
| `certificate-file` | P12 file for device builds | No | - |
62-
| `certificate-password` | Password for the P12 file | No | - |
63-
| `provisioning-profile-base64` | Base64 encoded provisioning profile | No | - |
64-
| `provisioning-profile-file ` | Provisioning profile file | No | - |
65-
| `provisioning-profile-name` | Name of the provisioning profile | No | - |
66-
| `keychain-password` | Password for temporary keychain | No | - |
67-
| `rock-build-extra-params` | Extra parameters for rock build:ios | No | - |
68-
| `comment-bot` | Whether to comment PR with build link | No | `true` |
65+
| Input | Description | Required | Default |
66+
| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------- |
67+
| `github-token` | GitHub Token | Yes | - |
68+
| `working-directory` | Working directory for the build command | No | `.` |
69+
| `destination` | Build destination: "simulator" or "device" | Yes | `simulator` |
70+
| `scheme` | Xcode scheme | Yes | - |
71+
| `configuration` | Xcode configuration | Yes | - |
72+
| `re-sign` | Re-sign the app bundle with new JS bundle | No | `false` |
73+
| `ad-hoc` | Upload the IPA for ad-hoc distribution to easily install on provisioned devices | No | `false` |
74+
| `certificate-base64` | Base64 encoded P12 file for device builds | No | - |
75+
| `certificate-file` | P12 file for device builds | No | - |
76+
| `certificate-password` | Password for the P12 file | No | - |
77+
| `provisioning-profile-base64` | Base64 encoded provisioning profile | No | - |
78+
| `provisioning-profile-file` | Provisioning profile file | No | - |
79+
| `provisioning-profile-name` | Name of the provisioning profile | No | - |
80+
| `provisioning-profiles` | JSON array of provisioning profiles. Supports passing PP as both file and base64 string. Supported keys: `name`, `file`, `base64` | No | - |
81+
| `keychain-password` | Password for temporary keychain | No | - |
82+
| `rock-build-extra-params` | Extra parameters for rock build:ios | No | - |
83+
| `comment-bot` | Whether to comment PR with build link | No | `true` |
6984

7085
## Outputs
7186

action.yml

Lines changed: 103 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,9 @@ inputs:
5151
keychain-password:
5252
description: '[Device Builds] Password that will protect temporary keychain used for signing (can be a random string)'
5353
required: false
54+
provisioning-profiles:
55+
description: '[Device Builds] JSON array of provisioning profiles'
56+
required: false
5457
rock-build-extra-params:
5558
description: 'Extra parameters to pass to "rock build:ios"'
5659
required: false
@@ -100,32 +103,70 @@ runs:
100103
exit 1
101104
fi
102105
103-
if [ -n "${{ inputs.provisioning-profile-file }}" ] && [ -n "${{ inputs.provisioning-profile-base64 }}" ]; then
104-
echo "Cannot specify both 'provisioning-profile-file' and 'provisioning-profile-base64'. Use one or the other."
105-
exit 1
106-
fi
107-
108-
if [ -z "${{ inputs.provisioning-profile-file }}" ] && [ -z "${{ inputs.provisioning-profile-base64 }}" ]; then
109-
echo "Either 'provisioning-profile-file' or 'provisioning-profile-base64' is required for device builds."
110-
exit 1
111-
fi
106+
# Legacy provisioning profile validation (only when not using provisioning-profiles)
107+
if [ -z "${{ inputs.provisioning-profiles }}" ]; then
108+
if [ -n "${{ inputs.provisioning-profile-file }}" ] && [ -n "${{ inputs.provisioning-profile-base64 }}" ]; then
109+
echo "Cannot specify both 'provisioning-profile-file' and 'provisioning-profile-base64'. Use one or the other."
110+
exit 1
111+
fi
112112
113-
if [ -n "${{ inputs.provisioning-profile-file }}" ]; then
114-
if [ ! -f "${{ inputs.provisioning-profile-file }}" ]; then
115-
echo "Provisioning profile file not found: '${{ inputs.provisioning-profile-file }}'"
113+
if [ -z "${{ inputs.provisioning-profile-file }}" ] && [ -z "${{ inputs.provisioning-profile-base64 }}" ]; then
114+
echo "Either 'provisioning-profile-file' or 'provisioning-profile-base64' is required for device builds when not using 'provisioning-profiles'."
116115
exit 1
117116
fi
118-
fi
119117
120-
if [ -z "${{ inputs.provisioning-profile-name }}" ]; then
121-
echo "Input 'provisioning-profile-name' is required for device builds."
118+
if [ -n "${{ inputs.provisioning-profile-file }}" ]; then
119+
if [ ! -f "${{ inputs.provisioning-profile-file }}" ]; then
120+
echo "Provisioning profile file not found: '${{ inputs.provisioning-profile-file }}'"
121+
exit 1
122+
fi
123+
fi
124+
fi
125+
126+
# Check if either provisioning-profile-name or provisioning-profiles is provided
127+
if [ -z "${{ inputs.provisioning-profile-name }}" ] && [ -z "${{ inputs.provisioning-profiles }}" ]; then
128+
echo "Either 'provisioning-profile-name' or 'provisioning-profiles' is required for device builds."
129+
exit 1
130+
fi
131+
132+
if [ -n "${{ inputs.provisioning-profile-name }}" ] && [ -n "${{ inputs.provisioning-profiles }}" ]; then
133+
echo "Cannot specify both 'provisioning-profile-name' and 'provisioning-profiles'. Use one or the other."
122134
exit 1
123135
fi
124136
125137
if [ -z "${{ inputs.keychain-password }}" ]; then
126138
echo "Input 'keychain-password' is required for device builds."
127139
exit 1
128140
fi
141+
142+
# Validate provisioning profiles if provided
143+
if [ -n "${{ inputs.provisioning-profiles }}" ]; then
144+
while read -r profile; do
145+
name=$(echo "$profile" | jq -r '.name')
146+
file_path=$(echo "$profile" | jq -r '.file // empty')
147+
base64_content=$(echo "$profile" | jq -r '.base64 // empty')
148+
149+
if [ -z "$name" ]; then
150+
echo "Provisioning profile missing 'name' field"
151+
exit 1
152+
fi
153+
154+
if [ -n "$file_path" ] && [ -n "$base64_content" ]; then
155+
echo "Cannot specify both 'file' and 'base64' for profile '$name'"
156+
exit 1
157+
fi
158+
159+
if [ -z "$file_path" ] && [ -z "$base64_content" ]; then
160+
echo "Either 'file' or 'base64' is required for profile '$name'"
161+
exit 1
162+
fi
163+
164+
if [ -n "$file_path" ] && [ ! -f "$file_path" ]; then
165+
echo "Provisioning profile file not found: '$file_path'"
166+
exit 1
167+
fi
168+
done < <(echo "${{ inputs.provisioning-profiles }}" | jq -c '.[]')
169+
fi
129170
fi
130171
shell: bash
131172

@@ -223,18 +264,39 @@ runs:
223264
echo "Certificate identity: $IDENTITY"
224265
echo "IDENTITY=$IDENTITY" >> $GITHUB_ENV
225266
226-
# Unpack provisioning profile
267+
# Unpack provisioning profile (legacy single profile support)
227268
PROFILE_DIR="$HOME/Library/MobileDevice/Provisioning Profiles"
228-
PROFILE_PATH="$PROFILE_DIR/${{ inputs.provisioning-profile-name }}.mobileprovision"
229-
230269
mkdir -p "$PROFILE_DIR"
231270
232-
if [ -n "${{ inputs.provisioning-profile-file }}" ]; then
233-
# Use provisioning profile file directly
234-
cp "${{ inputs.provisioning-profile-file }}" "$PROFILE_PATH"
235-
else
236-
# Decode base64 provisioning profile
237-
echo -n "${{ inputs.provisioning-profile-base64 }}" | base64 --decode -o "$PROFILE_PATH"
271+
if [ -n "${{ inputs.provisioning-profile-name }}" ]; then
272+
PROFILE_PATH="$PROFILE_DIR/${{ inputs.provisioning-profile-name }}.mobileprovision"
273+
274+
if [ -n "${{ inputs.provisioning-profile-file }}" ]; then
275+
# Use provisioning profile file directly
276+
cp "${{ inputs.provisioning-profile-file }}" "$PROFILE_PATH"
277+
else
278+
# Decode base64 provisioning profile
279+
echo -n "${{ inputs.provisioning-profile-base64 }}" | base64 --decode -o "$PROFILE_PATH"
280+
fi
281+
fi
282+
283+
# Setup provisioning profiles
284+
if [ -n "${{ inputs.provisioning-profiles }}" ]; then
285+
while read -r profile; do
286+
name=$(echo "$profile" | jq -r '.name')
287+
file_path=$(echo "$profile" | jq -r '.file // empty')
288+
base64_content=$(echo "$profile" | jq -r '.base64 // empty')
289+
290+
ADDITIONAL_PROFILE_PATH="$PROFILE_DIR/${name}.mobileprovision"
291+
292+
if [ -n "$file_path" ]; then
293+
cp "$file_path" "$ADDITIONAL_PROFILE_PATH"
294+
else
295+
echo -n "$base64_content" | base64 --decode -o "$ADDITIONAL_PROFILE_PATH"
296+
fi
297+
298+
echo "Installed provisioning profile: $name"
299+
done < <(echo "${{ inputs.provisioning-profiles }}" | jq -c '.[]')
238300
fi
239301
shell: bash
240302

@@ -400,9 +462,23 @@ runs:
400462
CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12
401463
rm "$CERTIFICATE_PATH"
402464
403-
PROFILE_DIR="$HOME/Library/MobileDevice/Provisioning Profiles"
404-
PROFILE_PATH="$PROFILE_DIR/${{ inputs.provisioning-profile-name }}.mobileprovision"
405-
rm "$PROFILE_PATH"
465+
# Clean up legacy single provisioning profile
466+
if [ -n "${{ inputs.provisioning-profile-name }}" ]; then
467+
PROFILE_DIR="$HOME/Library/MobileDevice/Provisioning Profiles"
468+
PROFILE_PATH="$PROFILE_DIR/${{ inputs.provisioning-profile-name }}.mobileprovision"
469+
rm "$PROFILE_PATH"
470+
fi
471+
472+
# Clean up provisioning profiles
473+
if [ -n "${{ inputs.provisioning-profiles }}" ]; then
474+
PROFILE_DIR="$HOME/Library/MobileDevice/Provisioning Profiles"
475+
while read -r profile; do
476+
name=$(echo "$profile" | jq -r '.name')
477+
PROFILE_PATH="$PROFILE_DIR/${name}.mobileprovision"
478+
rm "$PROFILE_PATH"
479+
echo "Cleaned up additional provisioning profile: $name"
480+
done < <(echo "${{ inputs.provisioning-profiles }}" | jq -c '.[]')
481+
fi
406482
shell: bash
407483

408484
- name: Cleanup Cache

0 commit comments

Comments
 (0)