Spent considerable effort trying to connect Xcode Cloud directly to this repo's self-hosted Gitea - confirmed not achievable. GitHub Enterprise's provider option hits Gitea's missing /api/v3/ path; GitLab Self-Managed rejects Gitea's UUID-format OAuth2 Client IDs against App Store Connect's 64-char-hex requirement (verified by actually creating a real OAuth2 app and having it rejected). Also stood up Tailscale Funnel on the Gitea host for real public HTTPS access regardless (was LAN-only before), and switched origin to it. Replaced release.yml's commented-out altool placeholder (defunct - Apple retired that upload path in 2023) with the current supported approach: xcodebuild -exportArchive with API-key auth flags handles export and TestFlight upload in a single step. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
67 lines
2.5 KiB
YAML
67 lines
2.5 KiB
YAML
name: Release
|
|
|
|
# Runs only when code lands on main (i.e. after a PR is merged).
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
# ⚠️ Same runner-label caveat as ci.yml — adjust `runs-on` to match your registered runner.
|
|
jobs:
|
|
archive-and-export:
|
|
runs-on: [self-hosted, macos]
|
|
|
|
env:
|
|
SCHEME: KisaniCal
|
|
PROJECT: KisaniCal.xcodeproj
|
|
# A real distribution build MUST be signed. This requires an Apple
|
|
# Distribution certificate + provisioning profile installed in the
|
|
# runner's login keychain (see notes at the bottom of this file).
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Regenerate Xcode project (XcodeGen)
|
|
run: |
|
|
if command -v xcodegen >/dev/null 2>&1; then xcodegen generate; fi
|
|
|
|
- name: Archive
|
|
run: |
|
|
set -o pipefail
|
|
xcodebuild archive \
|
|
-project "$PROJECT" \
|
|
-scheme "$SCHEME" \
|
|
-configuration Release \
|
|
-destination 'generic/platform=iOS' \
|
|
-archivePath "$RUNNER_TEMP/KisaniCal.xcarchive" \
|
|
-allowProvisioningUpdates
|
|
|
|
# Write the App Store Connect API key to disk. xcodebuild's auto-discovery
|
|
# looks for exactly this filename pattern under ~/private_keys.
|
|
- name: Write App Store Connect API key
|
|
run: |
|
|
mkdir -p ~/private_keys
|
|
echo "${{ secrets.APP_STORE_CONNECT_API_KEY_P8 }}" > ~/private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}.p8
|
|
|
|
# Export AND upload in one step: passing the API key credentials to
|
|
# -exportArchive makes xcodebuild upload directly to App Store Connect
|
|
# (method "app-store" in ExportOptions.plist) — no separate altool/
|
|
# Transporter step needed. (altool's own upload path was retired by
|
|
# Apple in 2023; this is the current supported mechanism.)
|
|
- name: Export IPA and upload to TestFlight
|
|
run: |
|
|
set -o pipefail
|
|
xcodebuild -exportArchive \
|
|
-archivePath "$RUNNER_TEMP/KisaniCal.xcarchive" \
|
|
-exportOptionsPlist ExportOptions.plist \
|
|
-exportPath "$RUNNER_TEMP/export" \
|
|
-allowProvisioningUpdates \
|
|
-authenticationKeyPath ~/private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}.p8 \
|
|
-authenticationKeyID ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }} \
|
|
-authenticationKeyIssuerID ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
|
|
ls -la "$RUNNER_TEMP/export"
|
|
|
|
- name: Clean up API key
|
|
if: always()
|
|
run: rm -rf ~/private_keys
|