Skip to content

Commit

Permalink
Merge pull request JohanDegraeve#448 from JohanDegraeve/fastlane
Browse files Browse the repository at this point in the history 
Fastlane integration for GitHub builds
  • Loading branch information
@JohanDegraeve
JohanDegraeve authored Jul 30, 2023
2 parents fd7c39b + 3605412 commit 001c58f
Show file tree
Hide file tree
Showing 11 changed files with 866 additions and 3 deletions.
36 changes: 36 additions & 0 deletions .github/workflows/add_identifiers.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: 2. Add Identifiers
run-name: Add Identifiers
on:
workflow_dispatch:

jobs:
secrets:
uses: ./.github/workflows/validate_secrets.yml
secrets: inherit

identifiers:
needs: secrets
runs-on: macos-13
steps:
# Uncomment to manually select latest Xcode if needed
#- name: Select Latest Xcode
# run: "sudo xcode-select --switch /Applications/Xcode_13.0.app/Contents/Developer"

# Checks-out the repo
- name: Checkout Repo
uses: actions/checkout@v3

# Patch Fastlane Match to not print tables
- name: Patch Match Tables
run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"

# Create or update identifiers for app
- name: Fastlane Provision
run: fastlane identifiers
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
115 changes: 115 additions & 0 deletions .github/workflows/build_xdrip.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
name: 4. Build xDrip4iOS
run-name: Build xDrip4iOS (${{ github.ref_name }})
on:
workflow_dispatch:

## Remove the "#" sign from the beginning of the line below to get automated builds on push (code changes in your repository)
#push:

schedule:
- cron: '0 04 * * *' # Checks for updates at 04:00 UTC every day
- cron: '0 04 1 * *' # Builds the app on the 1th every month

env:
UPSTREAM_REPO: JohanDegraeve/xdripswift
UPSTREAM_BRANCH: ${{ github.ref_name }} # branch on upstream repository to sync from (relpace with specific branch name if needed)
TARGET_BRANCH: ${{ github.ref_name }} # target branch on fork to be kept in sync, and target branch on upstream to be kept alive (relpace with specific branch name if needed)
SYNC_UPSTREAM: 'true' # set to 'false' or 'true' to disable / enable syncing of fork with upstream repository

jobs:
check_latest_from_upstream:
runs-on: ubuntu-latest
name: Check upstream
outputs:
NEW_COMMITS: ${{ steps.sync.outputs.has_new_commits }}

steps:
- name: Checkout target repo
uses: actions/checkout@v3
with:
# optional: set the branch to checkout,
# sync action checks out your 'target_sync_branch' anyway
#submodules: recursive
ref: ${{ env.TARGET_BRANCH }}

# REQUIRED step
# Step 2: run the sync action
- name: Sync upstream changes
if: ${{ env.SYNC_UPSTREAM == 'true' }} && github.repository_owner != 'JohanDegraeve' # do not run the upstream sync action on the upstream repository
id: sync
uses: aormsby/[email protected]
with:
target_sync_branch: ${{ env.TARGET_BRANCH }}
shallow_since: 6 months ago
target_repo_token: ${{ secrets.GH_PAT }}
upstream_sync_branch: ${{ env.UPSTREAM_BRANCH }}
upstream_sync_repo: ${{ env.UPSTREAM_REPO }}

# Step 3: Display a sample message based on the sync output var 'has_new_commits'
- name: New commits found
if: steps.sync.outputs.has_new_commits == 'true'
run: echo "New commits were found to sync."

- name: No new commits
if: steps.sync.outputs.has_new_commits == 'false'
run: echo echo "There were no new commits."

- name: Show value of 'has_new_commits'
run: |
echo ${{ steps.sync.outputs.has_new_commits }}
echo "NEW_COMMITS=${{ steps.sync.outputs.has_new_commits }}" >> $GITHUB_OUTPUT
# Keep repository "alive": add empty commits to TARGET_BRANCH after "time_elapsed" days of inactivity to avoid inactivation of scheduled workflows
- name: Keep alive
if: github.ref == 'refs/heads/${{ env.TARGET_BRANCH }}'
uses: gautamkrishnar/keepalive-workflow@v1 # using the workflow with default settings
with:
time_elapsed: 50 # Time elapsed from the previous commit to trigger a new automated commit (in days)

build:
needs: check_latest_from_upstream
runs-on: macos-13
if: ${{ github.event_name == 'workflow_dispatch' || github.event.schedule == '0 04 1 * *' || needs.check_latest_from_upstream.outputs.NEW_COMMITS == 'true' }} # runs if started manually, or if scheduled on the first each month, or if new commits were found
steps:
- name: Select Xcode version
run: "sudo xcode-select --switch /Applications/Xcode_14.3.app/Contents/Developer"

# Checks-out the repo
- name: Checkout Repo
uses: actions/checkout@v3

# Patch Fastlane Match to not print tables
- name: Patch Match Tables
run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"

# Build signed Xdrip4iOS IPA file
- name: Fastlane Build & Archive
run: fastlane build_xdrip4ios
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}

# Upload to TestFlight
- name: Fastlane upload to TestFlight
run: fastlane release
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}

# Upload Build artifacts
- name: Upload build log, IPA and Symbol artifacts
if: always()
uses: actions/upload-artifact@v3
with:
name: build-artifacts
path: |
artifacts
buildlog
36 changes: 36 additions & 0 deletions .github/workflows/create_certs.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: 3. Create Certificates
run-name: Create Certificates
on:
workflow_dispatch:

jobs:
secrets:
uses: ./.github/workflows/validate_secrets.yml
secrets: inherit

certificates:
needs: secrets
runs-on: macos-13
steps:
# Uncomment to manually select latest Xcode if needed
#- name: Select Latest Xcode
# run: "sudo xcode-select --switch /Applications/Xcode_13.0.app/Contents/Developer"

# Checks-out the repo
- name: Checkout Repo
uses: actions/checkout@v3

# Patch Fastlane Match to not print tables
- name: Patch Match Tables
run: find /usr/local/lib/ruby/gems -name table_printer.rb | xargs sed -i "" "/puts(Terminal::Table.new(params))/d"

# Create or update certificates for app
- name: Create Certificates
run: fastlane certs
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
70 changes: 70 additions & 0 deletions .github/workflows/validate_secrets.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
name: 1. Validate Secrets
run-name: Validate Secrets
on: [workflow_call, workflow_dispatch]

jobs:
validate:
runs-on: macos-13
steps:
# Checks-out the repo
- name: Checkout Repo
uses: actions/checkout@v3

# Validates the repo secrets
- name: Validate Secrets
run: |
# Validate Secrets
echo Validating Repository Secrets...
# Validate TEAMID
if [ -z "$TEAMID" ]; then
failed=true
echo "::error::TEAMID secret is unset or empty. Set it and try again."
elif [ ${#TEAMID} -ne 10 ]; then
failed=true
echo "::error::TEAMID secret is set but has wrong length. Verify that it is set correctly and try again."
fi
# Validate GH_PAT
if [ -z "$GH_PAT" ]; then
failed=true
echo "::error::GH_PAT secret is unset or empty. Set it and try again."
elif [ "$(gh api -H "Accept: application/vnd.github+json" /repos/${{ github.repository_owner }}/Match-Secrets | jq --raw-output '.permissions.push')" != "true" ]; then
failed=true
echo "::error::GH_PAT secret is set but invalid or lacking appropriate privileges on the ${{ github.repository_owner }}/Match-Secrets repository. Verify that it is set correctly and try again."
fi
# Validate FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY
if [ -z "$FASTLANE_ISSUER_ID" ] || [ -z "$FASTLANE_KEY_ID" ] || [ -z "$FASTLANE_KEY" ]; then
failed=true
[ -z "$FASTLANE_ISSUER_ID" ] && echo "::error::The FASTLANE_ISSUER_ID secret is unset or empty. Set it and try again."
[ -z "$FASTLANE_KEY_ID" ] && echo "::error::The FASTLANE_KEY_ID secret is unset or empty. Set it and try again."
[ -z "$FASTLANE_KEY" ] && echo "::error::The FASTLANE_KEY secret is unset or empty. Set it and try again."
elif ! echo "$FASTLANE_KEY" | openssl pkcs8 -nocrypt >/dev/null; then
failed=true
echo "::error::The FASTLANE_KEY secret is set but invalid. Verify that it is set correctly and try again."
elif ! fastlane validate_secrets; then
failed=true
echo "::error::Unable to create a valid authorization token for the App Store Connect API.\
Verify that the FASTLANE_ISSUER_ID, FASTLANE_KEY_ID, and FASTLANE_KEY secrets are set correctly and try again."
fi
# Validate MATCH_PASSWORD
if [ -z "$MATCH_PASSWORD" ]; then
failed=true
echo "::error::The MATCH_PASSWORD secret is unset or empty. Set it and try again."
fi
# Exit unsuccessfully if secret validation failed.
if [ $failed ]; then
exit 2
fi
shell: bash
env:
TEAMID: ${{ secrets.TEAMID }}
GH_PAT: ${{ secrets.GH_PAT }}
FASTLANE_ISSUER_ID: ${{ secrets.FASTLANE_ISSUER_ID }}
FASTLANE_KEY_ID: ${{ secrets.FASTLANE_KEY_ID }}
FASTLANE_KEY: ${{ secrets.FASTLANE_KEY }}
MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
GH_TOKEN: ${{ secrets.GH_PAT }}
3 changes: 3 additions & 0 deletions Gemfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
source "https://rubygems.org"

gem "fastlane"
Loading

0 comments on commit 001c58f

Please sign in to comment.