6177214e-ce7c-49e3-99de-ff9721b26f63 — Commit 0fe48b02
Changed files
.github/workflows/build-ios-stage.yml | 115 ++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+)
Diff
diff --git a/.github/workflows/build-ios-stage.yml b/.github/workflows/build-ios-stage.yml
new file mode 100644
index 00000000..758ec1f6
--- /dev/null
+++ b/.github/workflows/build-ios-stage.yml
@@ -0,0 +1,115 @@
+name: "iOS Stage"
+
+on:
+ push:
+ branches: [ "devops/github-actions" ]
+
+jobs:
+ build:
+ runs-on: macos-26
+ steps:
+ - name: Clone repository
+ uses: actions/checkout@v5
+ with:
+ fetch-depth: 0 # we need the git history for the build number
+
+ - name: Set up Flutter
+ uses: subosito/flutter-action@v2
+ with:
+ channel: stable
+ flutter-version: 3.35.4
+
+ - name: xcode version
+ run: |
+ sudo xcode-select -s /Applications/Xcode_26.2.app
+ /usr/bin/xcodebuild -version
+
+ - name: Install the Apple certificate and provisioning profile
+ env:
+ CERTIFICATE_P12: ${{ secrets.DISTRIBUTION_CERTIFICATE }}
+ P12_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
+ PROVISIONING_PROFILE: ${{ secrets.PROV_PROFILE_STAGE }}
+ run: |
+ # create variables
+ CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+ PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+ KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+ # import certificate and provisioning profile from secrets
+ echo -n "$CERTIFICATE_P12" | base64 --decode -o $CERTIFICATE_PATH
+ echo -n "$PROVISIONING_PROFILE" | base64 --decode -o $PP_PATH
+
+ # create temporary keychain
+ security create-keychain -p "$P12_PASSWORD" $KEYCHAIN_PATH
+ security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+ security unlock-keychain -p "$P12_PASSWORD" $KEYCHAIN_PATH
+
+ # import certificate to keychain
+ security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+ security set-key-partition-list -S apple-tool:,apple: -k "$P12_PASSWORD" $KEYCHAIN_PATH
+ security list-keychain -d user -s $KEYCHAIN_PATH
+
+ # apply provisioning profile
+ mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+ cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+
+ - name: Download dotenv
+ env:
+ DOTENV_FILE: ${{ secrets.DOTENV_STAGE }}
+ run: |
+ mkdir dotenv
+ DOTENV_PATH=comwell_key_app/env/.stage.env
+ echo "$DOTENV_FILE" | base64 -d > $DOTENV_PATH
+
+ - name: Update build number
+ run: |
+ cd comwell_key_app
+ git=$(sh /etc/profile; which git)
+ bundleVersion=$("$git" log --pretty=oneline HEAD^@ |wc -l)
+ offsetBuildNumber=$((bundleVersion+4520))
+ /usr/libexec/PlistBuddy -c "Set :CFBundleVersion $offsetBuildNumber" "ios/Runner/Info.plist"
+ echo "Updated build number in ios/Runner/Info.plist to $offsetBuildNumber"
+
+ - name: flutter build ipa
+ env:
+ FLAVOR: stage
+ run: flutter build ipa --flavor $FLAVOR --release --no-codesign
+
+ - name: Archive
+ env:
+ WORKSPACE: comwell_key_app/ios/Runner.xcworkspace
+ SCHEME: Stage
+ ARCHIVE_PATH: comwell_key_app/build/ios/archive/Runner.xcarchive
+ run: >-
+ xcodebuild
+ -workspace $WORKSPACE
+ -scheme $SCHEME
+ -archivePath $ARCHIVE_PATH
+ archive
+
+ - name: export
+ env:
+ ARCHIVE_PATH: comwell_key_app/build/ios/archive/Runner.xcarchive
+ EXPORT_OPTIONS_PATH: comwell_key_app/ios/ExportOptionsStage.plist
+ EXPORT_PATH: output
+ run: >-
+ xcodebuild -exportArchive
+ -archivePath $ARCHIVE_PATH
+ -exportPath $EXPORT_PATH
+ -exportOptionsPlist $EXPORT_OPTIONS_PATH
+
+ - name: Validate & upload
+ env:
+ API_KEY: ${{ secrets.APP_STORE_API_KEY }}
+ ISSUER_ID: ${{ secrets.APP_STORE_ISSUER_ID }}
+ APP_STORE_KEY_ID: ${{ secrets.APP_STORE_KEY_ID }}
+ WORKSPACE_PATH: ${{ github.workspace }}
+ IPA_PATH: "comwell_key_app/output/Comwell Phoenix.ipa"
+ run: |
+ mkdir ~/.private_keys
+ API_KEY_FILE_NAME=AuthKey_$APP_STORE_KEY_ID.p8
+ API_KEY_PATH=~/.private_keys/$API_KEY_FILE_NAME
+ echo -n "$API_KEY" | base64 --decode -o $API_KEY_PATH
+
+ xcrun altool --validate-app -f "$IPA_PATH" -t ios --apiKey $APP_STORE_KEY_ID --apiIssuer $ISSUER_ID
+ xcrun altool --upload-app -f "$IPA_PATH" -t ios --apiKey $APP_STORE_KEY_ID --apiIssuer $ISSUER_ID
\ No newline at end of file