-
Notifications
You must be signed in to change notification settings - Fork 2
419 lines (405 loc) · 17.7 KB
/
xcodebuild-or-fastlane.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
#
# This source file is part of the Stanford Biodesign Digital Health Group open-source organization
#
# SPDX-FileCopyrightText: 2022 Stanford University and the project authors (see CONTRIBUTORS.md)
#
# SPDX-License-Identifier: MIT
#
name: Test using xcodebuild or run fastlane
on:
workflow_call:
inputs:
path:
description: |
The path where the project is located. Defaults to $GITHUB_WORKSPACE.
required: false
type: string
default: '.'
runsonlabels:
description: |
JSON-based collection of labels indicating which type of github runner should be chosen.
required: false
type: string
default: '["macos-14"]'
xcodeversion:
description: |
The Xcode version used for the build.
required: false
type: string
default: 'latest-stable'
scheme:
description: |
The scheme in the Xcode project.
Either use `scheme` to use xcodebuild, `fastlanelane` to use fastlane, or a custom command using `customcommand`.
required: false
type: string
default: ''
buildConfig:
description: |
The build configuration parameter that should be passed to xcodebuild.
Either use `Debug` or `Release` to build in the respective modes.
If not defined, the `Debug` configuration is used.
required: false
type: string
default: 'Debug'
destination:
description: |
The destination parameter that should be passed to xcodebuild.
Defaults to the iOS simulator using an iPhone 16 Pro.
required: false
type: string
default: 'platform=iOS Simulator,name=iPhone 16 Pro'
setupSimulators:
description: |
Flag indicating if all iOS simulators matching the `destination` input shoud be setup.
Includes, e.g., password autofill functionality should be disabled [Deprecated].
required: false
type: boolean
default: false
resultBundle:
description: |
The name of the Xcode result bundle that is passed to xcodebuild.
If not defined, the name of the scheme + .xcresult is used.
required: false
type: string
default: ''
swiftVersion:
description: |
Specify the Swift language version when using xcodebuild.
required: false
type: string
default: ''
test:
description: |
A flag indicating if the tests of the Xcode project scheme should run when using xcodebuild.
required: false
type: boolean
default: true
fastlanelane:
description: |
The lane of the fastlane command.
Either use `scheme` to use xcodebuild, `fastlanelane` to use fastlane, or a custom command using `customcommand`.
required: false
type: string
default: ''
customcommand:
description: |
A custom command that should be run after the setup.
Either use `scheme` to use xcodebuild, `fastlanelane` to use fastlane, or a custom command using `customcommand`.
required: false
type: string
default: ''
artifactname:
description: |
The name & path of the artifact that should be uploaded at the end of the build.
required: false
type: string
default: ''
environment:
description: |
GitHub deployment environment to optionally adjust access to variables and secrets with additional protection rules.
https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
required: false
type: string
default: ''
setupsigning:
description: |
Setup the keychain to include Apple certificate and provisioning profile.
required: false
type: boolean
default: false
cacheDerivedData:
description: |
Cache the derived data folder for a build using xcodebuild [Deprecated].
required: false
type: boolean
default: false
setupfirebaseemulator:
description: |
Setup the Firebase Emulator & automatically use it for the automated fastlane commands.
required: false
type: boolean
default: false
firebaseemulatorimport:
description: |
Firebase import directory that contains Authentication, Cloud Firestore, Realtime Database and Cloud Storage data for Firebase emulators.
Can be used to inject a shareable, common baseline data set.
required: false
type: string
default: ''
firebasejsonpath:
description: |
Path to the firebase.json file that is used to boot up the firebase emulator.
Defaults to the root of the project.
required: false
type: string
default: './firebase.json'
googleserviceinfoplistpath:
description: |
Path to the GoogleService-Info.plist file that is replaced using the content found in the secret GOOGLE_SERVICE_INFO_PLIST.
required: false
type: string
default: ''
codeql:
description: |
Use CodeQL code scanning.
required: false
type: boolean
default: false
checkout_submodules:
description: |
Flag indicating if submodules should be automatically checked out.
required: false
type: boolean
checkout_lfs:
description: |
Flag indicating if git lfs should be used when running the check out step.
required: false
type: boolean
default: false
secrets:
BUILD_CERTIFICATE_BASE64:
description: |
The Base64 version of the Apple signing certificate to build your iOS application.
required: false
P12_PASSWORD:
description: |
The password for the Apple signing certificate.
required: false
BUILD_PROVISION_PROFILE_BASE64:
description: |
The Base64 version of the Apple provisioning profile to build your main application (e.g. iOS app).
required: false
BUILD_SECONDARY_PROVISION_PROFILE_BASE64:
description: |
The Base64 version of the Apple provisioning profile to build your an accompanying application (e.g. watchOS app).
required: false
KEYCHAIN_PASSWORD:
description: |
A password for the keychain that will be created on the runner instance.
required: false
APP_STORE_CONNECT_API_KEY_ID:
description: |
The key ID of the API key created in the App Store Connect API keys section.
required: false
APP_STORE_CONNECT_ISSUER_ID:
description: |
The issuer ID of the App Store Connect API is displayed in the App Store Connect API keys section.
required: false
APP_STORE_CONNECT_API_KEY_BASE64:
description: |
The content of the key created in App Store Connect condensed into a Base64 representation.
Can be generated using, e.g., `$ base64 -i AuthKey_ABCDEFGHIJ.p8 | pbcopy`.
required: false
APPLE_ID:
description: |
The Apple ID you use to access the App Store Connect API.
required: false
CHECKOUT_TOKEN:
description: |
The Personal access token (PAT) to use with the checkout action.
required: false
GOOGLE_SERVICE_INFO_PLIST_BASE64:
description: |
The Base64 version of the GoogleService-Info.plist file that is used.
Replace the file found at googleserviceinfoplistpath if the arguemnt is set.
required: false
GOOGLE_APPLICATION_CREDENTIALS_BASE64:
description: |
The Base64 version of the private key JSON file to boot up the firebase emulator.
Only needed if cloud functions are used to fully support the execution of cloud functions in the emulator.
required: false
jobs:
build_and_test:
name: Test using xcodebuild or run fastlane
runs-on: ${{ fromJson(inputs.runsonlabels) }}
defaults:
run:
working-directory: ${{ inputs.path }}
environment: ${{ inputs.environment }}
steps:
- uses: actions/checkout@v4
with:
# This is GitHubs way of implementing ternary expressions (see https://docs.github.com/en/actions/learn-github-actions/expressions)
token: ${{ secrets.CHECKOUT_TOKEN != '' && secrets.CHECKOUT_TOKEN || github.token }}
submodules: ${{ inputs.checkout_submodules }}
lfs: ${{ inputs.checkout_lfs }}
- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: ${{ inputs.xcodeversion }}
- name: Check environment
run: |
xcodebuild -version
swift --version
echo "env.selfhosted: ${{ env.selfhosted }}"
echo "environment: ${{ inputs.environment }}"
- name: Install xcbeautify
if: ${{ !env.selfhosted && inputs.scheme != '' }}
run: brew install xcbeautify
- name: Cache .derivedData folder (Deprecated)
if: ${{ inputs.cacheDerivedData }}
run: |
echo "::warning::Caching of the .derivedData folder was removed and is deprecated. Plase stop using this option."
- name: Cache Firebase Emulators
if: ${{ !env.selfhosted && inputs.setupfirebaseemulator }}
uses: actions/cache@v4
with:
path: ~/.cache/firebase/emulators
key: ${{ runner.os }}-${{ runner.arch }}-firebase-emulators-${{ hashFiles('~/.cache/firebase/emulators/**') }}
- name: Setup NodeJS
if: ${{ !env.selfhosted && inputs.setupfirebaseemulator }}
uses: actions/setup-node@v4
- name: Setup Java
if: ${{ !env.selfhosted && inputs.setupfirebaseemulator }}
uses: actions/setup-java@v4
with:
distribution: 'microsoft'
java-version: '17'
- name: Install Firebase CLI Tools
if: ${{ !env.selfhosted && inputs.setupfirebaseemulator }}
run: npm install -g firebase-tools
- name: Install the Apple certificate and provisioning profile
if: ${{ inputs.setupsigning }}
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
BUILD_SECONDARY_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_SECONDARY_PROVISION_PROFILE_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# Create Variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# Import Certificate and Provisioning Profile from Secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# Create a Temporary Keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# Import Certificate to the Keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Apply Provisioning Profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
UUID=`grep UUID -A1 -a $PP_PATH | grep -io "[-A-F0-9]\{36\}"`
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles/$UUID.mobileprovision
# Secondary Provisioning Profile
if [ -n "$BUILD_SECONDARY_PROVISION_PROFILE_BASE64" ]; then
PP_SECONDARY_PATH=$RUNNER_TEMP/build_pp_secondary.mobileprovision
echo -n "$BUILD_SECONDARY_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_SECONDARY_PATH
SECONDARY_UUID=`grep UUID -A1 -a $PP_SECONDARY_PATH | grep -io "[-A-F0-9]\{36\}"`
cp $PP_SECONDARY_PATH ~/Library/MobileDevice/Provisioning\ Profiles/$SECONDARY_UUID.mobileprovision
fi
- name: Setup Google Services File
if: ${{ inputs.googleserviceinfoplistpath != '' }}
run: |
echo -n "${{ secrets.GOOGLE_SERVICE_INFO_PLIST_BASE64 }}" | base64 --decode -o "${{ inputs.googleserviceinfoplistpath }}"
- name: Initialize CodeQL
if: ${{ !env.selfhosted && inputs.codeql }}
uses: github/codeql-action/init@v3
with:
languages: swift
db-location: '${{ inputs.path }}/.codeql'
- name: Disable Password Autofill in the iOS Simulator (Deprecated)
if: ${{ inputs.setupSimulators && inputs.destination != '' }}
run: |
echo "::warning::Script-based simulator setup to disable Password Autofill was removed and is deprecated. Please stop using this option."
- name: Run custom command
if: ${{ inputs.customcommand != '' }}
run: ${{ inputs.customcommand }}
env:
APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
APPLE_ID: ${{ secrets.APPLE_ID }}
- name: Resolve dependencies (xcodebuild)
if: ${{ inputs.scheme != '' }}
run: |
xcodebuild \
-scheme ${{ inputs.scheme }} \
-resolvePackageDependencies \
-derivedDataPath ".derivedData" \
| xcbeautify \
|| true
- name: Build and test (xcodebuild)
if: ${{ inputs.scheme != '' }}
run: |
if ${{ inputs.test }}; then
XCODECOMMAND="test"
CODECOVERAGEFLAG="-enableCodeCoverage YES"
else
XCODECOMMAND="build"
fi
if [ -z "${{ inputs.resultBundle }}" ]; then
RESULTBUNDLE=${{ inputs.scheme }}.xcresult
else
RESULTBUNDLE=${{ inputs.resultBundle }}
fi
if [ "${{ inputs.buildConfig }}" = "Release" ]; then
ENABLE_TESTING_FLAG="-enable-testing"
else
ENABLE_TESTING_FLAG=""
fi
if [ -n "${{ inputs.swiftVersion }}" ]; then
SWIFT_VERSION_FLAG="-swift-version ${{ inputs.swiftVersion }}"
else
SWIFT_VERSION_FLAG=""
fi
set -o pipefail \
&& xcodebuild $XCODECOMMAND \
-scheme "${{ inputs.scheme }}" \
-configuration "${{ inputs.buildConfig }}" \
-destination "${{ inputs.destination }}" \
$CODECOVERAGEFLAG \
-derivedDataPath ".derivedData" \
-resultBundlePath "$RESULTBUNDLE" \
CODE_SIGNING_REQUIRED=NO \
CODE_SIGN_IDENTITY="" \
OTHER_SWIFT_FLAGS="\$(inherited) $ENABLE_TESTING_FLAG $SWIFT_VERSION_FLAG" \
-skipPackagePluginValidation \
-skipMacroValidation \
| xcbeautify
- name: Fastlane
if: ${{ inputs.fastlanelane != '' }}
run: |
if ${{ inputs.setupfirebaseemulator }}; then
# We try to do an npm install in the functions directory.
npm --prefix ./functions install || true
echo -n "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_BASE64 }}" | base64 -d > "$RUNNER_TEMP/google-application-credentials.json"
export GOOGLE_APPLICATION_CREDENTIALS="$RUNNER_TEMP/google-application-credentials.json"
echo "Stored the Google application credentials at $GOOGLE_APPLICATION_CREDENTIALS"
if [ -n "${{ inputs.firebaseemulatorimport }}" ]; then
echo "Importing firebase emulator data from ${{ inputs.firebaseemulatorimport }}"
firebase emulators:exec -c ${{ inputs.firebasejsonpath }} --import=${{ inputs.firebaseemulatorimport }} 'fastlane ${{ inputs.fastlanelane }}'
else
firebase emulators:exec -c ${{ inputs.firebasejsonpath }} 'fastlane ${{ inputs.fastlanelane }}'
fi
else
fastlane ${{ inputs.fastlanelane }}
fi
env:
APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
APP_STORE_CONNECT_API_KEY_BASE64: ${{ secrets.APP_STORE_CONNECT_API_KEY_BASE64 }}
APPLE_ID: ${{ secrets.APPLE_ID }}
GOOGLE_APPLICATION_CREDENTIALS_BASE64: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_BASE64 }}
- name: Perform CodeQL Analysis
if: ${{ !env.selfhosted && inputs.codeql }}
uses: github/codeql-action/analyze@v3
- name: Upload artifact
if: ${{ (success() || failure()) && inputs.artifactname != '' && inputs.buildConfig != 'Release' }}
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.artifactname }}
path: ${{ inputs.path }}/${{ inputs.artifactname }}
- name: Clean up keychain and provisioning profile
if: ${{ (inputs.setupsigning && env.selfhosted) || failure() }}
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db || true
rm -rf ~/Library/MobileDevice/Provisioning\ Profiles || true
- name: Clean up Google application credentials
if: ${{ inputs.fastlanelane != '' || failure() }}
run: |
rm -rf $RUNNER_TEMP/google-application-credentials.json || true