We currently have two workflows. The workflows use our Fastlane scripts. More details about the functioning of the Fastlane scripts can be found in the README.
This workflow checks whether a change passes all our quality gates.
Below a list of the secrets that are needed. The secrets should be uploaded as repository secret to both the Actions context and the Dependabot context. This means you need to upload every secret twice.
ANDROID_DEVELOPMENT_SIGNING_KEYSTORE: Base64 encoded Android keystore for development purposes (dummy key), check the Fastlane docs for generating instructions.ANDROID_DEVELOPMENT_SIGNING_KEYSTORE_PASSWORD: password of the Android keystore (see above).APPLE_DEVELOPMENT_CERTIFICATE: Base64 encoded PKCS12 certificate of the Apple development certificate, check the Fastlane docs for generating instructions. This certificate expires every year and is linked to the 'IRMA Beheer' email address.APPLE_DEVELOPMENT_CERTIFICATE_PASSWORD: password of the Apple development certificate (see above).APPLE_DEVELOPMENT_PROVISIONING_PROFILE: Base64 encoded Apple provisioning profile that is linked to the development certificate (see above). This should be renewed when the development certificate is being renewed.GCLOUD_PROJECT_NAME: Google Firebase project name (for Device Test Lab access).GCLOUD_SERVICE_KEY: Google Firebase service account JSON key (for Device Test Lab access).
This workflow generates distribution app builds. It generates iOS builds (IPA) and Android builds (APK and App Bundle).
For iOS, an ad-hoc build is made on every merge to master using the alpha app ID, and an app-store build is made on every
version change in pubspec.yaml using the production app ID.
For Android, an APK and App Bundle are made on every merge to master for both the alpha and the beta flavor, being signed
with a alpha app signing key (different to production). On every version change in pubspec.yaml an App Bundle
is made using the upload key that is registered with Google.
Below a list of the secrets that are needed. The secrets should be uploaded as environment secrets.
Secrets for the android-alpha (Android master builds) and android-beta (Android production builds) environments:
ANDROID_SIGNING_KEYSTORE: Base64 encoded Android signing/upload keystore, check the Fastlane docs for generating instructions. For theandroid-alphaenvironment it concerns a signing keystore and for theandroid-betaenvironment an upload keystore.ANDROID_SIGNING_KEYSTORE_PASSWORD: password of the Android keystore (see above).SENTRY_DSN: Sentry DSN for error reporting.
Secrets for the ad-hoc-alpha (iOS master/alpha builds) and the app-store-beta (iOS production builds) environments:
APPLE_DISTRIBUTION_CERTIFICATE: Base64 encoded PKCS12 certificate of the Apple distribution certificate, check the Fastlane docs for generating instructions. In both thead-hoc-alphaandapp-store-betaenvironment the same distribution certificate should be uploaded, because there only is one. This certificate expires every year.APPLE_DISTRIBUTION_CERTIFICATE_PASSWORD: password of the Apple development certificate (see above).APPLE_PROVISIONING_PROFILE: Base64 encoded Apple provisioning profile that is linked to the distribution certificate (see above). In thead-hoc-alphaenvironment theGitHub Actions ad hoc alphaad-hoc provisioning profile should be uploaded (linked tofoundation.privacybydesign.irmamob.alpha) and in theapp-store-betaenvironment theGitHub Actions app store betaapp store provisioning profile should be uploaded (linked tofoundation.privacybydesign.irmamob). These should be renewed when the distribution certificate is being renewed.SENTRY_DSN: Sentry DSN for error reporting.