name: Release # Runs only when code lands on main (i.e. after a PR is merged). on: push: branches: [main] # ⚠️ Same runner-label caveat as ci.yml — adjust `runs-on` to match your registered runner. jobs: archive-and-export: runs-on: [self-hosted, macOS] env: SCHEME: KisaniCal PROJECT: KisaniCal.xcodeproj # A real distribution build MUST be signed. This requires an Apple # Distribution certificate + provisioning profile installed in the # runner's login keychain (see notes at the bottom of this file). steps: - name: Checkout uses: actions/checkout@v4 - name: Regenerate Xcode project (XcodeGen) run: | if command -v xcodegen >/dev/null 2>&1; then xcodegen generate; fi - name: Archive run: | set -o pipefail xcodebuild archive \ -project "$PROJECT" \ -scheme "$SCHEME" \ -configuration Release \ -destination 'generic/platform=iOS' \ -archivePath "$RUNNER_TEMP/KisaniCal.xcarchive" \ -allowProvisioningUpdates - name: Export IPA run: | set -o pipefail xcodebuild -exportArchive \ -archivePath "$RUNNER_TEMP/KisaniCal.xcarchive" \ -exportOptionsPlist ExportOptions.plist \ -exportPath "$RUNNER_TEMP/export" \ -allowProvisioningUpdates ls -la "$RUNNER_TEMP/export" # ------------------------------------------------------------------ # PLACEHOLDER: Upload to TestFlight / App Store Connect. # # Add these as Gitea repo secrets: Settings → Actions → Secrets # APP_STORE_CONNECT_API_KEY_ID (the "Key ID" from App Store Connect) # APP_STORE_CONNECT_ISSUER_ID (the "Issuer ID") # APP_STORE_CONNECT_API_KEY_P8 (contents of the AuthKey_XXXX.p8 file) # # Then uncomment ONE of the approaches below. # ------------------------------------------------------------------ # --- Option A: modern notarytool / App Store Connect API key (recommended) --- # - name: Write API key to file # run: | # mkdir -p ~/private_keys # echo "${{ secrets.APP_STORE_CONNECT_API_KEY_P8 }}" > ~/private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}.p8 # # - name: Upload to TestFlight (altool with API key) # run: | # xcrun altool --upload-app \ # --type ios \ # --file "$RUNNER_TEMP/export/KisaniCal.ipa" \ # --apiKey "${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}" \ # --apiIssuer "${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}" # --- Option B: notarytool (for notarizing a macOS build, not iOS TestFlight) --- # - name: Notarize # run: | # xcrun notarytool submit "$RUNNER_TEMP/export/KisaniCal.ipa" \ # --key ~/private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}.p8 \ # --key-id "${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}" \ # --issuer "${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}" \ # --wait - name: Notice run: | echo "IPA exported. TestFlight upload step is a commented-out placeholder." echo "Add App Store Connect API-key secrets and uncomment Option A in release.yml."