- .gitea/workflows/ci.yml: build + test KisaniCal scheme on a self-hosted macOS runner for every PR into main/develop (and pushes to develop). - .gitea/workflows/release.yml: archive + export IPA on push to main, with a commented TestFlight upload placeholder (App Store Connect API key). - ExportOptions.plist: export template (Team ID K8BLMMR883, app-store method). - scripts/gitea-setup.sh: idempotent Gitea API setup for develop default branch + main branch protection. - CONTRIBUTING.md: feature/* -> develop -> main workflow and PR gate rules. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
87 lines
3.3 KiB
YAML
87 lines
3.3 KiB
YAML
name: Release
|
|
|
|
# Runs only when code lands on main (i.e. after a PR is merged).
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
# ⚠️ Same runner-label caveat as ci.yml — adjust `runs-on` to match your registered runner.
|
|
jobs:
|
|
archive-and-export:
|
|
runs-on: [self-hosted, macOS]
|
|
|
|
env:
|
|
SCHEME: KisaniCal
|
|
PROJECT: KisaniCal.xcodeproj
|
|
# A real distribution build MUST be signed. This requires an Apple
|
|
# Distribution certificate + provisioning profile installed in the
|
|
# runner's login keychain (see notes at the bottom of this file).
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Regenerate Xcode project (XcodeGen)
|
|
run: |
|
|
if command -v xcodegen >/dev/null 2>&1; then xcodegen generate; fi
|
|
|
|
- name: Archive
|
|
run: |
|
|
set -o pipefail
|
|
xcodebuild archive \
|
|
-project "$PROJECT" \
|
|
-scheme "$SCHEME" \
|
|
-configuration Release \
|
|
-destination 'generic/platform=iOS' \
|
|
-archivePath "$RUNNER_TEMP/KisaniCal.xcarchive" \
|
|
-allowProvisioningUpdates
|
|
|
|
- name: Export IPA
|
|
run: |
|
|
set -o pipefail
|
|
xcodebuild -exportArchive \
|
|
-archivePath "$RUNNER_TEMP/KisaniCal.xcarchive" \
|
|
-exportOptionsPlist ExportOptions.plist \
|
|
-exportPath "$RUNNER_TEMP/export" \
|
|
-allowProvisioningUpdates
|
|
ls -la "$RUNNER_TEMP/export"
|
|
|
|
# ------------------------------------------------------------------
|
|
# PLACEHOLDER: Upload to TestFlight / App Store Connect.
|
|
#
|
|
# Add these as Gitea repo secrets: Settings → Actions → Secrets
|
|
# APP_STORE_CONNECT_API_KEY_ID (the "Key ID" from App Store Connect)
|
|
# APP_STORE_CONNECT_ISSUER_ID (the "Issuer ID")
|
|
# APP_STORE_CONNECT_API_KEY_P8 (contents of the AuthKey_XXXX.p8 file)
|
|
#
|
|
# Then uncomment ONE of the approaches below.
|
|
# ------------------------------------------------------------------
|
|
|
|
# --- Option A: modern notarytool / App Store Connect API key (recommended) ---
|
|
# - name: Write API key to file
|
|
# run: |
|
|
# mkdir -p ~/private_keys
|
|
# echo "${{ secrets.APP_STORE_CONNECT_API_KEY_P8 }}" > ~/private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}.p8
|
|
#
|
|
# - name: Upload to TestFlight (altool with API key)
|
|
# run: |
|
|
# xcrun altool --upload-app \
|
|
# --type ios \
|
|
# --file "$RUNNER_TEMP/export/KisaniCal.ipa" \
|
|
# --apiKey "${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}" \
|
|
# --apiIssuer "${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}"
|
|
|
|
# --- Option B: notarytool (for notarizing a macOS build, not iOS TestFlight) ---
|
|
# - name: Notarize
|
|
# run: |
|
|
# xcrun notarytool submit "$RUNNER_TEMP/export/KisaniCal.ipa" \
|
|
# --key ~/private_keys/AuthKey_${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}.p8 \
|
|
# --key-id "${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}" \
|
|
# --issuer "${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}" \
|
|
# --wait
|
|
|
|
- name: Notice
|
|
run: |
|
|
echo "IPA exported. TestFlight upload step is a commented-out placeholder."
|
|
echo "Add App Store Connect API-key secrets and uncomment Option A in release.yml."
|