Introducing Continuous Integration #36
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| destination: | |
| - platform: macOS | |
| name: Any Mac | |
| - platform: iOS | |
| name: Any iOS Device | |
| runs-on: macos-13 | |
| env: | |
| XCF_URL: https://download.kiwix.org/nightly/libkiwix_xcframework.tar.gz | |
| XC_PROJECT: Kiwix.xcodeproj | |
| XC_WORKSPACE: Kiwix.xcodeproj/project.xcworkspace/ | |
| XC_SCHEME: Kiwix | |
| XC_CONFIG: Release | |
| XC_DESTINATION: platform=${{ matrix.destination.platform }},name=${{ matrix.destination.name }} | |
| CERTIFICATE: /tmp/apple-development.p12 | |
| SIGNING_IDENTITY: ${{ secrets.APPLE_DEVELOPMENT_SIGNING_IDENTITY }} | |
| KEYCHAIN: /Users/runner/build.keychain-db | |
| KEYCHAIN_PASSWORD: mysecretpassword | |
| KEYCHAIN_PROFILE: build-profile | |
| steps: | |
| - name: install Apple certificate | |
| shell: bash | |
| run: | | |
| echo "${{ secrets.APPLE_DEVELOPMENT_SIGNING_CERTIFICATE }}" | base64 --decode -o $CERTIFICATE | |
| security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN | |
| security default-keychain -s $KEYCHAIN | |
| security set-keychain-settings $KEYCHAIN | |
| security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN | |
| security import $CERTIFICATE -k $KEYCHAIN -P "${{ secrets.APPLE_DEVELOPMENT_SIGNING_P12_PASSWORD }}" -A -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild | |
| rm $CERTIFICATE | |
| security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN | |
| security find-identity -v $KEYCHAIN | |
| xcrun notarytool store-credentials \ | |
| --apple-id "${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}" \ | |
| --password "${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}" \ | |
| --team-id "${{ secrets.APPLE_SIGNING_TEAM }}" \ | |
| --validate \ | |
| --keychain $KEYCHAIN \ | |
| $KEYCHAIN_PROFILE | |
| # not necessary on github runner but serves as documentation for local setup | |
| - name: Update Apple Intermediate Certificate | |
| run: | | |
| curl -L -o ~/Downloads/AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer | |
| sudo security import ~/Downloads/AppleWWDRCAG3.cer \ | |
| -k /Library/Keychains/System.keychain \ | |
| -T /usr/bin/codesign \ | |
| -T /usr/bin/security \ | |
| -T /usr/bin/productbuild || true | |
| - name: Set Xcode version (15.0.1) | |
| # https://github.com/actions/runner-images/blob/main/images/macos/macos-13-Readme.md#xcode | |
| run: sudo xcode-select -s /Applications/Xcode_15.0.1.app | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download CoreKiwix.xcframework | |
| run: curl -L -o - $XCF_URL | tar -x --strip-components 2 | |
| - name: Prepare Xcode | |
| run: xcrun xcodebuild -checkFirstLaunchStatus || xcrun xcodebuild -runFirstLaunch | |
| - name: Dump build settings | |
| run: xcrun xcodebuild -workspace $XC_WORKSPACE -scheme $XC_SCHEME -showBuildSettings | |
| # build is launched up to twice as it's common the build fails, looking for CoreKiwix module | |
| - name: Install retry command | |
| run: brew install kadwanev/brew/retry | |
| - name: Build for ${{ matrix.destination.platform }}/${{ matrix.destination.name }} | |
| env: | |
| FRAMEWORK_SEARCH_PATHS: /Users/runner/work/apple/apple/ | |
| run: retry -t 2 -- xcrun xcodebuild -workspace $XC_WORKSPACE -scheme $XC_SCHEME -destination "$XC_DESTINATION" -configuration $XC_CONFIG -onlyUsePackageVersionsFromResolvedFile -derivedDataPath $PWD/build -allowProvisioningUpdates -verbose build |