Merge pull request #295 from privacybydesign/fix-unstable-select-xcode #243
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Delivery workflow for the master branch. | |
| # We execute build stages in separate jobs to prevent artifact duplication. | |
| name: Delivery | |
| on: | |
| push: | |
| branches: [master] | |
| concurrency: ${{ github.ref }} | |
| jobs: | |
| build-irmagobridge-ios: | |
| runs-on: macos-15 # MacOS version is pinned, because it determines which XCode version is used. | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Setup build environment | |
| uses: ./.github/actions/setup-build-environment | |
| - run: bundle exec fastlane ios_build_irmagobridge | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: irmagobridge-ios | |
| path: ios/Runner/Irmagobridge.xcframework/ | |
| build-irmagobridge-android: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Setup build environment | |
| uses: ./.github/actions/setup-build-environment | |
| - run: bundle exec fastlane android_build_irmagobridge | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: irmagobridge-android | |
| path: android/irmagobridge/irmagobridge.aar | |
| build-app-ios-alpha: | |
| # Ad Hoc builds do not require unique build numbers, so we can build this on every push. | |
| runs-on: macos-15 # MacOS version is pinned, because it determines which XCode version is used. | |
| needs: build-irmagobridge-ios | |
| environment: ad-hoc-alpha | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Setup build environment | |
| uses: ./.github/actions/setup-build-environment | |
| - name: Download irmagobridge artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: irmagobridge-ios | |
| path: ios/Runner/Irmagobridge.xcframework/ | |
| - name: Decode binary environment secrets | |
| env: | |
| APPLE_DISTRIBUTION_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_CERTIFICATE }} | |
| APPLE_PROVISIONING_PROFILE: ${{ secrets.APPLE_PROVISIONING_PROFILE }} | |
| run: | | |
| mkdir -p ./fastlane/profiles | |
| echo $APPLE_DISTRIBUTION_CERTIFICATE | base64 --decode > ./fastlane/profiles/apple_distribution.p12 | |
| echo $APPLE_PROVISIONING_PROFILE | base64 --decode > ./fastlane/profiles/ad_hoc_alpha.mobileprovision | |
| - name: Build app | |
| run: > | |
| bundle exec fastlane ios_build_app | |
| flavor:alpha | |
| code_signing_identity:"iPhone Distribution" | |
| certificate_path:profiles/apple_distribution.p12 | |
| certificate_password:${{ secrets.APPLE_DISTRIBUTION_CERTIFICATE_PASSWORD }} | |
| provisioning_profile_path:profiles/ad_hoc_alpha.mobileprovision | |
| sentry_dsn:${{ secrets.SENTRY_DSN }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-alpha-ios | |
| path: ./fastlane/build/*.ipa | |
| build-app-android-alpha: | |
| runs-on: ubuntu-latest | |
| needs: build-irmagobridge-android | |
| environment: android-alpha | |
| # For now, we also build the beta flavor using the alpha secrets to enable ad-hoc distribution of the | |
| # beta flavor Android app. This is needed, because the irma-frontend-packages use the app identifier of the | |
| # beta flavor Android app in the intent:// links. | |
| strategy: | |
| matrix: | |
| flavor: [alpha, beta] | |
| type: [apk, appbundle] | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Setup build environment | |
| uses: ./.github/actions/setup-build-environment | |
| - name: Download irmagobridge artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: irmagobridge-android | |
| path: android/irmagobridge/ | |
| - name: Decode binary environment secrets | |
| env: | |
| ANDROID_SIGNING_KEYSTORE: ${{ secrets.ANDROID_SIGNING_KEYSTORE }} | |
| run: | | |
| mkdir -p ./fastlane/profiles | |
| echo $ANDROID_SIGNING_KEYSTORE | base64 --decode > ./fastlane/profiles/keystore.jks | |
| - name: Build app | |
| run: > | |
| bundle exec fastlane android_build_${{ matrix.type }} | |
| flavor:${{ matrix.flavor }} | |
| sentry_dsn:${{ secrets.SENTRY_DSN }} | |
| keystore_path:profiles/keystore.jks | |
| key_alias:android-signing-alpha | |
| keystore_password:${{ secrets.ANDROID_SIGNING_KEYSTORE_PASSWORD }} | |
| key_password:${{ secrets.ANDROID_SIGNING_KEYSTORE_PASSWORD }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-alpha-android-${{ matrix.flavor }}-${{ matrix.type }} | |
| path: | | |
| ./fastlane/build/*.apk | |
| ./fastlane/build/*.aab | |
| bundle-app-alpha: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-app-ios-alpha | |
| - build-app-android-alpha | |
| steps: | |
| - name: Download app-alpha-ios artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-alpha-ios | |
| # Check the comment above in the build-app-android-alpha job spec why the beta is also present here. | |
| - name: Download app-alpha-android-alpha-apk artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-alpha-android-alpha-apk | |
| - name: Download app-alpha-android-alpha-appbundle artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-alpha-android-alpha-appbundle | |
| - name: Download app-alpha-android-beta-apk artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-alpha-android-beta-apk | |
| - name: Download app-alpha-android-beta-appbundle artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-alpha-android-beta-appbundle | |
| - name: Bundle all artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-bundle-alpha | |
| path: . | |
| version-check: | |
| runs-on: ubuntu-latest | |
| needs: bundle-app-alpha | |
| outputs: | |
| version-changed: ${{ steps.detection.outcome == 'success' }} | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Detect version bump | |
| id: detection | |
| run: | | |
| git diff -U0 ${{ github.event.before }} -- pubspec.yaml | egrep "^\+version: [0-9]+\.[0-9]+\.[0-9]+\+[0-9]+$" | |
| shell: bash | |
| continue-on-error: true | |
| build-app-ios-beta: | |
| runs-on: macos-15 # MacOS version is pinned, because it determines which XCode version is used. | |
| needs: version-check | |
| if: needs.version-check.outputs.version-changed == 'true' | |
| environment: app-store-beta | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Setup build environment | |
| uses: ./.github/actions/setup-build-environment | |
| - name: Download irmagobridge artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: irmagobridge-ios | |
| path: ios/Runner/Irmagobridge.xcframework/ | |
| - name: Decode binary environment secrets | |
| env: | |
| APPLE_DISTRIBUTION_CERTIFICATE: ${{ secrets.APPLE_DISTRIBUTION_CERTIFICATE }} | |
| APPLE_PROVISIONING_PROFILE: ${{ secrets.APPLE_PROVISIONING_PROFILE }} | |
| run: | | |
| mkdir -p ./fastlane/profiles | |
| echo $APPLE_DISTRIBUTION_CERTIFICATE | base64 --decode > ./fastlane/profiles/apple_distribution.p12 | |
| echo $APPLE_PROVISIONING_PROFILE | base64 --decode > ./fastlane/profiles/app_store_beta.mobileprovision | |
| - name: Build app | |
| run: > | |
| bundle exec fastlane ios_build_app | |
| flavor:beta | |
| code_signing_identity:"iPhone Distribution" | |
| certificate_path:profiles/apple_distribution.p12 | |
| certificate_password:${{ secrets.APPLE_DISTRIBUTION_CERTIFICATE_PASSWORD }} | |
| provisioning_profile_path:profiles/app_store_beta.mobileprovision | |
| sentry_dsn:${{ secrets.SENTRY_DSN }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-beta-ios | |
| path: ./fastlane/build/*.ipa | |
| build-app-android-beta: | |
| # The Android builds are only signed with a development key. Signing needs to be done manually still. | |
| runs-on: ubuntu-latest | |
| needs: version-check | |
| if: needs.version-check.outputs.version-changed == 'true' | |
| environment: android-beta | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Setup build environment | |
| uses: ./.github/actions/setup-build-environment | |
| - name: Download irmagobridge artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: irmagobridge-android | |
| path: android/irmagobridge/ | |
| - name: Decode binary environment secrets | |
| env: | |
| ANDROID_SIGNING_KEYSTORE: ${{ secrets.ANDROID_SIGNING_KEYSTORE }} | |
| run: | | |
| mkdir -p ./fastlane/profiles | |
| echo $ANDROID_SIGNING_KEYSTORE | base64 --decode > ./fastlane/profiles/keystore.jks | |
| - name: Build app | |
| run: > | |
| bundle exec fastlane android_build_appbundle | |
| flavor:beta | |
| sentry_dsn:${{ secrets.SENTRY_DSN }} | |
| keystore_path:profiles/keystore.jks | |
| key_alias:android-play-store-upload-key | |
| keystore_password:${{ secrets.ANDROID_SIGNING_KEYSTORE_PASSWORD }} | |
| key_password:${{ secrets.ANDROID_SIGNING_KEYSTORE_PASSWORD }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-beta-android | |
| path: | | |
| ./fastlane/build/*.apk | |
| ./fastlane/build/*.aab | |
| bundle-app-beta: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-app-ios-beta | |
| - build-app-android-beta | |
| steps: | |
| - name: Download app-beta-ios artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-beta-ios | |
| - name: Download app-beta-android artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-beta-android | |
| - name: Bundle all artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-bundle-beta | |
| path: . |