updated apple id for ios #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: iOS TestFlight | |
| # Uploads the DoomCoder Companion iOS build to TestFlight whenever a | |
| # tag prefixed with `ios-v` is pushed (e.g. `ios-v2.4.0`). Kept separate | |
| # from the macOS release workflow because the cadences and signing | |
| # pipelines are independent — the Mac app ships through Sparkle, the | |
| # iOS app ships through the App Store / TestFlight. | |
| # | |
| # Required repository secrets (Settings → Secrets and variables → Actions): | |
| # APP_STORE_CONNECT_KEY_ID — App Store Connect API key ID (10 chars) | |
| # APP_STORE_CONNECT_ISSUER_ID — App Store Connect issuer UUID | |
| # APP_STORE_CONNECT_PRIVATE_KEY — Base64-encoded contents of AuthKey_xxx.p8 | |
| # IOS_DISTRIBUTION_CERTIFICATE — Base64-encoded Apple Distribution .p12 | |
| # IOS_DISTRIBUTION_CERT_PASSWORD — Password for the .p12 above | |
| # IOS_KEYCHAIN_PASSWORD — Throwaway password for the runner keychain | |
| # | |
| # Required repository variables (Settings → Secrets and variables → Actions → Variables): | |
| # APPLE_TEAM_ID — Apple Developer Team ID (e.g. A9P2388PHM) | |
| on: | |
| push: | |
| tags: | |
| - 'ios-v[0-9]*' | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Marketing version (e.g. 2.4.0)' | |
| required: true | |
| default: '2.4.0' | |
| permissions: | |
| contents: read | |
| jobs: | |
| testflight: | |
| name: Build & Upload to TestFlight | |
| runs-on: macos-26 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Resolve version | |
| run: | | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| VERSION="${{ github.event.inputs.version }}" | |
| else | |
| VERSION="${GITHUB_REF_NAME#ios-v}" | |
| fi | |
| BUILD="$(date -u +%Y%m%d%H%M)" | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
| echo "BUILD=${BUILD}" >> $GITHUB_ENV | |
| - name: Select Xcode | |
| run: | | |
| if [ -d /Applications/Xcode.app ]; then | |
| sudo xcode-select -s /Applications/Xcode.app | |
| else | |
| XCODE_PATH=$(ls -d /Applications/Xcode*.app 2>/dev/null | sort -V | tail -1) | |
| sudo xcode-select -s "${XCODE_PATH}" | |
| fi | |
| xcodebuild -version | |
| - name: Install XcodeGen | |
| run: brew install xcodegen | |
| - name: Regenerate Xcode project from project.yml | |
| working-directory: DoomCoderCompanion | |
| run: xcodegen generate | |
| - name: Stamp version + build number into project | |
| working-directory: DoomCoderCompanion | |
| run: | | |
| /usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString ${VERSION}" \ | |
| DoomCoderCompanion/Resources/Info.plist | |
| /usr/libexec/PlistBuddy -c "Set :CFBundleVersion ${BUILD}" \ | |
| DoomCoderCompanion/Resources/Info.plist | |
| /usr/libexec/PlistBuddy -c "Set :CFBundleShortVersionString ${VERSION}" \ | |
| NotificationService/Info.plist | |
| /usr/libexec/PlistBuddy -c "Set :CFBundleVersion ${BUILD}" \ | |
| NotificationService/Info.plist | |
| - name: Create temporary keychain | |
| env: | |
| KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }} | |
| DIST_CERT_B64: ${{ secrets.IOS_DISTRIBUTION_CERTIFICATE }} | |
| DIST_CERT_PASSWORD: ${{ secrets.IOS_DISTRIBUTION_CERT_PASSWORD }} | |
| run: | | |
| set -euo pipefail | |
| KEYCHAIN_PATH="$RUNNER_TEMP/ios-build.keychain-db" | |
| security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
| security set-keychain-settings -lut 7200 "$KEYCHAIN_PATH" | |
| security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
| security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | tr -d '"') | |
| echo "$DIST_CERT_B64" | base64 --decode > "$RUNNER_TEMP/dist.p12" | |
| security import "$RUNNER_TEMP/dist.p12" \ | |
| -k "$KEYCHAIN_PATH" \ | |
| -P "$DIST_CERT_PASSWORD" \ | |
| -T /usr/bin/codesign \ | |
| -T /usr/bin/security | |
| security set-key-partition-list \ | |
| -S apple-tool:,apple:,codesign: \ | |
| -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
| rm "$RUNNER_TEMP/dist.p12" | |
| - name: Write App Store Connect API key | |
| env: | |
| API_KEY_B64: ${{ secrets.APP_STORE_CONNECT_PRIVATE_KEY }} | |
| API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} | |
| run: | | |
| mkdir -p ~/.appstoreconnect/private_keys | |
| echo "$API_KEY_B64" | base64 --decode \ | |
| > ~/.appstoreconnect/private_keys/AuthKey_${API_KEY_ID}.p8 | |
| - name: Archive (Release) | |
| working-directory: DoomCoderCompanion | |
| env: | |
| APPLE_TEAM_ID: ${{ vars.APPLE_TEAM_ID }} | |
| run: | | |
| # Strip the agent's stale GIT_CONFIG vars so SwiftPM can resolve bare repos. | |
| unset GIT_CONFIG_COUNT GIT_CONFIG_KEY_0 GIT_CONFIG_VALUE_0 | |
| xcodebuild \ | |
| -project DoomCoderCompanion.xcodeproj \ | |
| -scheme DoomCoderCompanion \ | |
| -configuration Release \ | |
| -destination 'generic/platform=iOS' \ | |
| -archivePath "$RUNNER_TEMP/DoomCoderCompanion.xcarchive" \ | |
| -allowProvisioningUpdates \ | |
| -authenticationKeyPath ~/.appstoreconnect/private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_KEY_ID }}.p8 \ | |
| -authenticationKeyID ${{ secrets.APP_STORE_CONNECT_KEY_ID }} \ | |
| -authenticationKeyIssuerID ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} \ | |
| DEVELOPMENT_TEAM=${APPLE_TEAM_ID} \ | |
| archive | |
| - name: Write ExportOptions.plist | |
| run: | | |
| cat > "$RUNNER_TEMP/ExportOptions.plist" <<EOF | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>method</key><string>app-store-connect</string> | |
| <key>destination</key><string>upload</string> | |
| <key>teamID</key><string>${{ vars.APPLE_TEAM_ID }}</string> | |
| <key>signingStyle</key><string>automatic</string> | |
| <key>uploadSymbols</key><true/> | |
| <key>uploadBitcode</key><false/> | |
| <key>manageAppVersionAndBuildNumber</key><false/> | |
| </dict> | |
| </plist> | |
| EOF | |
| - name: Export & upload to TestFlight | |
| run: | | |
| unset GIT_CONFIG_COUNT GIT_CONFIG_KEY_0 GIT_CONFIG_VALUE_0 | |
| xcodebuild \ | |
| -exportArchive \ | |
| -archivePath "$RUNNER_TEMP/DoomCoderCompanion.xcarchive" \ | |
| -exportOptionsPlist "$RUNNER_TEMP/ExportOptions.plist" \ | |
| -exportPath "$RUNNER_TEMP/export" \ | |
| -allowProvisioningUpdates \ | |
| -authenticationKeyPath ~/.appstoreconnect/private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_KEY_ID }}.p8 \ | |
| -authenticationKeyID ${{ secrets.APP_STORE_CONNECT_KEY_ID }} \ | |
| -authenticationKeyIssuerID ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} | |
| - name: Clean up API key | |
| if: always() | |
| run: rm -f ~/.appstoreconnect/private_keys/AuthKey_*.p8 |