Use match to get code signing certificates

.github/workflows/build-and-test-ios-app.yml

@@ -0,0 +1,41 @@
+name: build-and-test-ios-app
+
+on:
+  push:
+    branches-ignore:
+      - main
+      - develop
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  build:
+    permissions:
+      contents: read
+    runs-on: [self-hosted, macOS]
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set Path
+        run: |
+          echo "/opt/homebrew/bin:/Users/github-runner/.rbenv/shims:$PATH" >> $GITHUB_PATH
+
+      - name: Update Bundler
+        run: bundle update
+
+      - name: Check static code quality of iOS App
+        run: bundle exec fastlane swift_lint
+
+      # - name: Run Unit and UI Tests
+      #   run: bundle exec fastlane test
+
+      - name: Build iOS App 
+        run: bundle exec fastlane build
+        env: 
+          BUILD_NUMBER: ${{ github.run_number }}
+          IOS_MATCH_GITLAB_AUTH: ${{ secrets.IOS_MATCH_GITLAB_AUTH }}
+          IOS_KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
+          IOS_APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.IOS_APP_STORE_CONNECT_API_KEY_KEY_ID }}
+          IOS_APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.IOS_APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
+          IOS_APP_STORE_CONNECT_API_KEY_PASSWORD: ${{ secrets.IOS_APP_STORE_CONNECT_API_KEY_PASSWORD }}
+          MATCH_PASSWORD: ${{ secrets.IOS_MATCH_PASSWORD }}

.github/workflows/release-ios-app.yml

@@ -0,0 +1,26 @@
+name: release-ios-app
+
+on:
+  push:
+    branches:
+      - develop
+  workflow_dispatch:
+
+jobs:
+  build:
+    permissions:
+      contents: read
+    uses: ./.github/workflows/build-and-test-ios-app.yml
+
+  release:
+    needs: build
+    runs-on: [self-hosted, macOS]
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Upload iOS App to TestFlight
+        run: bundle exec fastlane upload_to_testflight
+        env: 
+          IOS_APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.IOS_APP_STORE_CONNECT_API_KEY_KEY_ID }}
+          IOS_APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.IOS_APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
+          IOS_APP_STORE_CONNECT_API_KEY_PASSWORD: ${{ secrets.IOS_APP_STORE_CONNECT_API_KEY_PASSWORD }}

fastlane/Fastfile

@@ -10,8 +10,7 @@
 #     https://docs.fastlane.tools/plugins/available-plugins
 #
 
-# Uncomment the line if you want fastlane to automatically update itself
-# update_fastlane
+update_fastlane
 
 default_platform(:ios)
 
@@ -48,83 +47,59 @@ platform :ios do
 
   desc "[CI] Default build configuration"
   lane :build do
+    app_identifier = CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier)
+    team_id = CredentialsManager::AppfileConfig.try_fetch_value(:team_id)
+
     ##########################################
     # Environment Setup
     ##########################################   
 
-    # Unlock the keychain
-    unlock_keychain(
-    	path: ENV['bamboo_KeyChain'],
-      password: ENV['bamboo_KeyChainPassword'],
-    )
-
-    xcode_select "/Applications/Xcode.app"
-
-    # If the build number was specified by the CI environment,
-    # use it to specify the build number for this build
-    if ENV["bamboo_buildNumber"]
-      increment_build_number(
-        build_number: ENV["bamboo_buildNumber"]
-      )
-    end
-
     info_plist_path = "Artemis/Supporting/Info.plist"
 
     set_info_plist_value(
       path: info_plist_path,
-      key: "ITSAppUsesNonExemptEncryption",
-      value: "NO"
+      key: "CFBundleVersion",
+      value: ENV['BUILD_NUMBER']
     )
 
-    ##########################################
-    # Certificates
-    ##########################################
-
-    # Download certificates
-    # from the apple developer portal
-    get_certificates(
-      api_key: api_key,
-      keychain_path: ENV['bamboo_KeyChain'],
-      keychain_password: ENV['bamboo_KeyChainPassword']
+    unlock_keychain(
+      path: "~/Library/Keychains/ios-db",
+      password: ENV['IOS_KEYCHAIN_PASSWORD'],
+      add_to_search_list: :replace
+      # set_default: true
     )
-
+  
     ##########################################
-    # Provisioning Profile
+    # Configure Code Signing via Match
     ##########################################
 
-    # Download the latest provisioning profile
-    # from the apple developer portal
-    get_provisioning_profile(
-      api_key: api_key,
-      force: true
+    match(
+      type: "appstore",
+      team_id: team_id,
+      app_identifier: app_identifier,
+      api_key: api_key, 
+      git_full_name: "Artemis IOS", 
+      git_branch: "main", # branch to store and get certificates from
+      clone_branch_directly: true, # optional
+      git_user_email: "[email protected]",
+      git_url: "https://gitlab.lrz.de/ase/ipraktikum/match-code-signing",
+      readonly: false,
+      keychain_name: "ios",
+      keychain_password: ENV['IOS_KEYCHAIN_PASSWORD'],
+      git_basic_authorization: ENV['IOS_MATCH_GITLAB_AUTH'], # Base-64 encoded, format gitlab_auth_token_name:gitlab_auth_token
+      verbose: true # optional but very helpful
     )
 
     ##########################################
-    # Project Setup
+    # Build
     ##########################################
 
-    # Update AppID for publishing
-    update_app_identifier(
-      plist_path: info_plist_path
-    )
-
-    # Update Xcode Project to use maunual code signing
+    profile_mapping = Actions.lane_context[SharedValues::MATCH_PROVISIONING_PROFILE_MAPPING]
     update_code_signing_settings(
       use_automatic_signing: false,
-      code_sign_identity: "iPhone Distribution",
-      profile_uuid: lane_context[SharedValues::SIGH_UUID],
-      profile_name: lane_context[SharedValues::SIGH_NAME]
-    )
-
-    # Define correct Provisioning Profile in Xcode Project
-    update_project_provisioning(
-      build_configuration: "Release"
+      profile_name: profile_mapping[app_identifier]
     )
 
-    ##########################################
-    # Code sign and Build
-    ##########################################
-
     # Build the app
     build_ios_app(
       clean: true, # Do a clean build each time
@@ -134,17 +109,14 @@ platform :ios do
       cloned_source_packages_path: ".SwiftPackages", # Custom path for cloning source packages to
       derived_data_path: ".DerivedData", # Custom derived data path
       output_directory: "./build", # Directory where the output artifacts are generated
-      scheme: "Artemis", # We want to build the "HallOfFame" scheme
+      codesigning_identity: "Apple Distribution: Technische Universitaet Muenchen (Edu) (T7PP2KY2B6)",
+      scheme: "Artemis",
       xcargs: "-skipMacroValidation -skipPackagePluginValidation"
     )
   end
 
   desc "[CI] Upload a previous build app to TestFlight"
   lane :release do
-    # Support for older fastlane environments
-    # ENV["SPACESHIP_CONNECT_API_IN_HOUSE"] = "true"
-
-    xcode_select "/Applications/Xcode.app"
 
     upload_to_testflight(
       ipa: "#{Dir.pwd}/../build/App.ipa",
@@ -159,9 +131,9 @@ platform :ios do
   lane :api_key do
     app_store_connect_api_key(
       duration: 300, # This Token is valid for 300s
-      key_id: ENV["bamboo_ASE_APP_STORE_CONNECT_API_KEY_KEY_ID"],
-      issuer_id: ENV["bamboo_ASE_APP_STORE_CONNECT_API_KEY_ISSUER_ID"],
-      key_content: ENV["bamboo_ASE_APP_STORE_CONNECT_API_KEY_PASSWORD"],
+      key_id: ENV["IOS_APP_STORE_CONNECT_API_KEY_KEY_ID"],
+      issuer_id: ENV["IOS_APP_STORE_CONNECT_API_KEY_ISSUER_ID"],
+      key_content: ENV["IOS_APP_STORE_CONNECT_API_KEY_PASSWORD"],
       is_key_content_base64: true
     )
   end