Fix app needing packaging before verifying & deploying

jpmhouston · Nov 8, 2024 · ba90ca8 · ba90ca8
1 parent 366b1f5
commit ba90ca8
Showing 1 changed file with 56 additions and 41 deletions.
diff --git a/.github/workflows/build+appstoredeploy.yml b/.github/workflows/build+appstoredeploy.yml
@@ -257,49 +257,72 @@ jobs:
           # ie. resourcesdir="${{ env.builddir }}/${{ env.bundlename }}/Contents/Resources"
           
           for subitem in $subitems; do
-            xcrun codesign --force -s "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" \
+            xcrun codesign --force --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" \
               --options runtime -v "$subitem"
           done
           IFS=$savedIFS
           
           echo "- Sign app"
-          xcrun codesign --force -s "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" \
+          xcrun codesign --force --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" \
             --options runtime -v "${{ env.builddir }}/${{ env.bundlename }}"
       
-      - name: Verify and Prepare AppStore Connect Acceess
+      - name: Package App
+        id: package
+        run: |
+          :
+          packagefilename="${{ steps.version.outputs.releaseArchivename }}.pkg"
+          
+          echo "- Package app to make \"$packagefilename\""
+          echo "xcrun productbuild --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" \
+            --component \"${{ env.builddir }}/${{ env.bundlename }}\" /Applications \
+            \"$packagefilename\""
+          
+          xcrun productbuild --sign "${{ secrets.PROD_MACOS_CERTIFICATE_NAME }}" \
+            --component "${{ env.builddir }}/${{ env.bundlename }}" /Applications \
+            "$packagefilename"
+      
+          echo "file=$packagefilename" >> $GITHUB_OUTPUT
+
+      - name: Verify Package and AppStore Connect Acceess
         id: connect
         run: |
           :
           if [[ -z "${{ secrets.APPSTORECONNECT_APIKEY }}" ]] ; then
             echo "::error::Secret APPSTORECONNECT_APIKEY not defined"
             exit 1
           fi
-          if [[ -z "${{ secrets.APPSTORECONNECT_APIID }}" ]] ; then
-            echo "::error::Secret APPSTORECONNECT_APIID not defined"
+          if [[ -z "${{ secrets.APPSTORECONNECT_APIKEYID }}" ]] ; then
+            echo "::error::Secret APPSTORECONNECT_APIKEYID not defined"
+            exit 1
+          fi
+          if [[ -z "${{ secrets.APPSTORECONNECT_APIISSUERID }}" ]] ; then
+            echo "::error::Secret APPSTORECONNECT_APIISSUERID not defined"
             exit 1
           fi
-                    
+          
           # Turn our base64-encoded key back to a regular .p8 file
+          # in the expected subdirectory with the expected name containing the key id
           
-          keyid="${{ secrets.APPSTORECONNECT_APIID }}"
-          keyname="appstoreconnectapikey"
-          keyfilename="AuthKey_${keyname}.p8"
+          packagefile="${{ steps.package.outputs.file }}"
+          issuerid="${{ secrets.APPSTORECONNECT_APIISSUERID }}"
+          keyid="${{ secrets.APPSTORECONNECT_APIKEYID }}"
+          keyfilename="AuthKey_${keyid}.p8"
           keydir="private_keys"
           mkdir "$keydir"
           
           echo "- Base64-decode key to make \"$keyfilename\""
           echo "${{ secrets.APPSTORECONNECT_APIKEY }}" | base64 --decode > "./$keydir/$keyfilename"
+          # if deploying, this decoded key file will be used again by altool
           
           echo "- Run verification"
-          echo "xcrun altool --validate-app --file \"${{ env.builddir }}/${{ env.bundlename }}\" \
-            --type macos --apiKey \"$keyname\" --apiIssuer \"$keyid\""
+          echo "xcrun altool --validate-app --file \"$packagefile\" --type macos \
+            --apiKey \"$keyid\" --apiIssuer \"$issuerid\""
           
-          xcrun altool --validate-app --file "${{ env.builddir }}/${{ env.bundlename }}" \
-            --type macos --apiKey "$keyname" --apiIssuer "$keyid" || \
-            echo "::warning::altool --validate-app failed, however contining workflow"
+          xcrun altool --validate-app --file "$packagefile" --type macos \
+            --apiKey "$keyid" --apiIssuer "$issuerid"
           
-          echo "keyname=$keyname" >> $GITHUB_OUTPUT
           echo "keyid=$keyid" >> $GITHUB_OUTPUT
+          echo "issuerid=$issuerid" >> $GITHUB_OUTPUT
       
       - name: Release Notes
         id: notes
@@ -352,32 +375,20 @@ jobs:
           echo "filename=$currentNotesFilename" >> $GITHUB_OUTPUT
           echo "file=${{ env.builddir }}/$currentNotesFilename" >> $GITHUB_OUTPUT
       
-      - name: Build Zip File for Artifact
-        id: zip
-        if: ${{ success() && steps.version.outputs.uploadToStore != 'true' }}
-        run: |
-          :
-          archiveFileName="${{ steps.version.outputs.releaseArchivename }}.zip"
-          
-          echo "- Compress built app to \"$archiveFileName\""
-          ditto -c -k --sequesterRsrc --keepParent "${{ env.builddir }}/${{ env.bundlename }}" \
-            "${{ env.builddir }}/$archiveFileName"
-          
-          echo "file=${{ env.builddir }}/$archiveFileName" >> $GITHUB_OUTPUT
-      
-      - name: Save Build Zip as Artifact
+      - name: Save Build Components as Artifact
         if: ${{ success() && steps.version.outputs.uploadToStore != 'true' }}
         uses: actions/upload-artifact@v4
         with:
-          name: App Store build
+          name: "${{ steps.version.outputs.releaseName }}"
           path: |
-            ${{ steps.zip.outputs.file }}
+            ${{ env.builddir }}/${{ env.bundlename }}
+            ${{ steps.package.outputs.file }}
       
       - name: Save Release Notes as Artifact
         if: ${{ success() && steps.version.outputs.uploadToStore != 'true' }}
         uses: actions/upload-artifact@v4
         with:
-          name: Release notes
+          name: "${{ steps.version.outputs.releaseName }} Release notes"
           path: |
             ${{ steps.notes.outputs.file }}
       
@@ -390,20 +401,24 @@ jobs:
             exit 1
           fi
           
-          keyname="${{ steps.connect.outputs.keyname }}"
+          packagefile="${{ steps.package.outputs.file }}"
           keyid="${{ steps.connect.outputs.keyid }}"
+          issuerid="${{ steps.connect.outputs.issuerid }}"
+          bundleid="${{ steps.build.outputs.bundleID }}"
+          bundleversion="${{ steps.build.outputs.version }}"
+          versionstr="${{ steps.version.outputs.version }}"
           
           echo "- Deploy"
-          echo "xcrun altool --upload-package --file \"${{ env.builddir }}/${{ env.bundlename }}\" \
-            --type macos --apiKey \"$keyname\" --apiIssuer \"$keyid\" \
-            --bundle-id \"${{ steps.build.outputs.bundleID }}\" --bundle-version \"${{ steps.build.outputs.version }}\" \
-            --bundle-short-version-string \"${{ steps.version.outputs.version }}\" \
+          echo "xcrun altool --upload-package --file \"$packagefile\" \
+            --type macos --apiKey \"$keyid\" --apiIssuer \"$issuerid\" \
+            --bundle-id \"$bundleid\" --bundle-version \"$bundleversion\" \
+            --bundle-short-version-string \"$versionstr\" \
             --apple-id \"${{ secrets.APPSTORECONNECT_APPLEID }}\" \"
           
-          xcrun altool --upload-package --file "${{ env.builddir }}/${{ env.bundlename }}" \
-            --type macos --apiKey "$keyname" --apiIssuer "$keyid" \
-            --bundle-id "${{ steps.build.outputs.bundleID }}" --bundle-version "${{ steps.build.outputs.version }}" \
-            --bundle-short-version-string "${{ steps.version.outputs.version }}" \
+          xcrun altool --upload-package --file "$packagefile" \
+            --type macos --apiKey "$keyid" --apiIssuer "$issuerid" \
+            --bundle-id "$bundleid" --bundle-version "$bundleversion" \
+            --bundle-short-version-string "$versionstr" \
             --apple-id "${{ secrets.APPSTORECONNECT_APPLEID }}" \
       
       - name: Fin