SilverLABS
cdc40774c4
Replace unsigned CODE_SIGNING_ALLOWED=NO build with proper ad-hoc signed archive using keychain, certificate, and provisioning profile. Update xtool.yml schema to match current xtool v1 format. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
146 lines
5.5 KiB
YAML
146 lines
5.5 KiB
YAML
workflows:
|
|
ios-release:
|
|
name: SilverApple iOS Release
|
|
instance_type: mac_mini_m2
|
|
max_build_duration: 30
|
|
|
|
triggering:
|
|
events:
|
|
- tag
|
|
tag_patterns:
|
|
- pattern: 'v*'
|
|
include: true
|
|
|
|
environment:
|
|
xcode: latest
|
|
groups:
|
|
- SLABS
|
|
- APPLE_SIGNING
|
|
vars:
|
|
BUNDLE_ID: uk.silverlabs.silverapple
|
|
GITEA_REPO: SilverLABS/SilverApple
|
|
GITEA_API: https://git.silverlabs.uk/api/v1
|
|
|
|
scripts:
|
|
- name: Generate Xcode project
|
|
script: |
|
|
brew install xcodegen
|
|
xcodegen generate --spec project.yml
|
|
|
|
- name: Initialize keychain
|
|
script: keychain initialize
|
|
|
|
- name: Install signing certificate
|
|
script: |
|
|
echo $CM_CERTIFICATE | base64 --decode > /tmp/cert.p12
|
|
keychain add-certificates \
|
|
--certificate /tmp/cert.p12 \
|
|
--certificate-password $CM_CERTIFICATE_PASSWORD
|
|
|
|
- name: Install provisioning profile
|
|
script: |
|
|
echo $CM_PROVISIONING_PROFILE | base64 --decode > /tmp/profile.mobileprovision
|
|
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
|
|
cp /tmp/profile.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/
|
|
|
|
- name: Configure Xcode signing
|
|
script: xcode-project use-profiles
|
|
|
|
- name: Build (signed)
|
|
script: |
|
|
xcodebuild archive \
|
|
-project SilverApple.xcodeproj \
|
|
-scheme SilverApple \
|
|
-destination "generic/platform=iOS" \
|
|
-configuration Release \
|
|
-archivePath "$CM_BUILD_DIR/SilverApple.xcarchive" \
|
|
DEVELOPMENT_TEAM="$APPLE_TEAM_ID" \
|
|
CODE_SIGN_STYLE=Manual
|
|
|
|
- name: Export signed IPA
|
|
script: |
|
|
cat > /tmp/ExportOptions.plist << 'EOF'
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>method</key>
|
|
<string>ad-hoc</string>
|
|
<key>signingStyle</key>
|
|
<string>manual</string>
|
|
</dict>
|
|
</plist>
|
|
EOF
|
|
xcodebuild -exportArchive \
|
|
-archivePath "$CM_BUILD_DIR/SilverApple.xcarchive" \
|
|
-exportPath "$CM_BUILD_DIR/export" \
|
|
-exportOptionsPlist /tmp/ExportOptions.plist
|
|
cp "$CM_BUILD_DIR/export/SilverApple.ipa" "$CM_BUILD_DIR/SilverApple.ipa"
|
|
|
|
- name: Publish to Gitea
|
|
script: |
|
|
set -exo pipefail
|
|
[ -n "$GITEA_TOKEN" ] || { echo "ERROR: GITEA_TOKEN is not set in Codemagic env vars"; exit 1; }
|
|
echo "TAG=$CM_TAG BUILD_DIR=$CM_BUILD_DIR"
|
|
echo "GITEA_API=$GITEA_API TOKEN_SET=yes"
|
|
|
|
TAG="${CM_TAG:-$(git tag --points-at HEAD | head -1)}"
|
|
[ -n "$TAG" ] || { echo "ERROR: could not determine tag"; exit 1; }
|
|
VERSION="${TAG#v}"
|
|
IPA="$CM_BUILD_DIR/SilverApple.ipa"
|
|
|
|
# Verify IPA exists
|
|
ls -lh "$IPA"
|
|
|
|
SHA256=$(shasum -a 256 "$IPA" | awk '{print $1}')
|
|
SIZE=$(wc -c < "$IPA" | tr -d ' ')
|
|
DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
|
|
DOWNLOAD_URL="https://git.silverlabs.uk/$GITEA_REPO/releases/download/$TAG/SilverApple.ipa"
|
|
|
|
# Update altstore-source.json
|
|
jq --arg version "$VERSION" \
|
|
--arg date "$DATE" \
|
|
--arg url "$DOWNLOAD_URL" \
|
|
--arg sha "$SHA256" \
|
|
--argjson size "$SIZE" \
|
|
'.apps[0].downloadURL = $url |
|
|
.apps[0].versions = [{"version": $version, "buildVersion": $version, "date": $date,
|
|
"localizedDescription": "See release notes.", "downloadURL": $url,
|
|
"sha256": $sha, "size": $size}] + .apps[0].versions' \
|
|
altstore-source.json > altstore-source.tmp.json
|
|
mv altstore-source.tmp.json altstore-source.json
|
|
|
|
# Get current file SHA from Gitea API
|
|
FILE_SHA=$(curl -s \
|
|
-H "Authorization: token $GITEA_TOKEN" \
|
|
"$GITEA_API/repos/$GITEA_REPO/contents/altstore-source.json" \
|
|
| jq -r '.sha')
|
|
echo "FILE_SHA=$FILE_SHA"
|
|
|
|
# Update altstore-source.json via Gitea contents API
|
|
CONTENT=$(base64 -i altstore-source.json | tr -d '\n')
|
|
curl -s -X PUT "$GITEA_API/repos/$GITEA_REPO/contents/altstore-source.json" \
|
|
-H "Authorization: token $GITEA_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"message\":\"chore(altstore): update source for $TAG\",\"content\":\"$CONTENT\",\"sha\":\"$FILE_SHA\",\"branch\":\"main\"}" \
|
|
| jq -r '.commit.sha // "FAILED"'
|
|
|
|
# Create Gitea release
|
|
RELEASE_ID=$(curl -s -X POST "$GITEA_API/repos/$GITEA_REPO/releases" \
|
|
-H "Authorization: token $GITEA_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"tag_name\":\"$TAG\",\"name\":\"SilverApple $TAG\",\"body\":\"AltStore / SideStore release.\",\"draft\":false,\"prerelease\":false}" \
|
|
| jq -r '.id')
|
|
echo "RELEASE_ID=$RELEASE_ID"
|
|
|
|
# Upload IPA
|
|
curl -s -X POST "$GITEA_API/repos/$GITEA_REPO/releases/$RELEASE_ID/assets" \
|
|
-H "Authorization: token $GITEA_TOKEN" \
|
|
-F "attachment=@$IPA;type=application/octet-stream" \
|
|
| jq -r '.name // "UPLOAD_FAILED"'
|
|
|
|
echo "Done: $TAG → $DOWNLOAD_URL"
|
|
|
|
artifacts:
|
|
- $CM_BUILD_DIR/SilverApple.ipa
|