From d4a5489be5adf6a227ae11ef757124b8d30eae8a Mon Sep 17 00:00:00 2001 From: Ian VanSchooten Date: Fri, 27 Sep 2024 15:51:49 -0400 Subject: [PATCH 1/7] Add build workflow --- .github/workflows/build.yml | 65 +++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..478a965 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,65 @@ +name: Build android and ios +on: + push: + branches: + - main + pull_request: + +jobs: + build: + name: Build ios and android packages + runs-on: macos-latest + + steps: + - name: Set up Go 1.22 + uses: actions/setup-go@v4 + with: + go-version: "1.22" + + - uses: actions/setup-java@v2 + with: + distribution: 'zulu' + java-version: '17' + + - name: Install flutter + uses: subosito/flutter-action@v2 + with: + flutter-version: '3.24.1' + + - name: Check out code + uses: actions/checkout@v3 + + + - name: install dependencies + env: + TOKEN: ${{ secrets.MACHINE_USER_PAT }} + run: | + go install golang.org/x/mobile/cmd/gomobile@latest + gomobile init + + flutter pub get + + touch env.sh + +# - name: Build iOS +# env: +# TOKEN: ${{ secrets.MACHINE_USER_PAT }} +# MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} +# run: | +# cd ios +# pod install +# fastlane build +# cd - +# +# # verify that the github token didn't make it into the output +# mkdir -p build/app/test-ios +# cp ios/MobileNebula.ipa build/app/test-ios +# cd build/app/test-ios +# unzip MobileNebula.ipa +# if find . | xargs strings 2>/dev/null | grep -qF "${TOKEN}" ; then +# echo "Token found in iOS build" +# exit 1 +# fi + + - name: Build Android + run: flutter build appbundle --debug From 5be54c024f1ddec1040215999cc1f481f83ddcc5 Mon Sep 17 00:00:00 2001 From: Ian VanSchooten Date: Mon, 30 Sep 2024 13:57:12 -0400 Subject: [PATCH 2/7] Specify androidapi for gomobile --- nebula/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nebula/Makefile b/nebula/Makefile index 3d95d0c..b1d4789 100644 --- a/nebula/Makefile +++ b/nebula/Makefile @@ -7,7 +7,7 @@ clean: mobileNebula.aar: *.go go.sum go get -d golang.org/x/mobile/cmd/gomobile - gomobile bind -trimpath -v --target=android + gomobile bind -trimpath -v --target=android -androidapi=26 MobileNebula.xcframework: *.go go.sum go get -d golang.org/x/mobile/cmd/gomobile From d6f50319ef0557eba37bed320c2dae7b6fbba093 Mon Sep 17 00:00:00 2001 From: Ian VanSchooten Date: Tue, 1 Oct 2024 13:41:02 -0400 Subject: [PATCH 3/7] Add ios build step to ci --- .github/workflows/build.yml | 87 +++++++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 28 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 478a965..15cbe4a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Build android and ios +name: Build on: push: branches: @@ -6,10 +6,9 @@ on: pull_request: jobs: - build: - name: Build ios and android packages + build-android: + name: Android runs-on: macos-latest - steps: - name: Set up Go 1.22 uses: actions/setup-go@v4 @@ -29,6 +28,43 @@ jobs: - name: Check out code uses: actions/checkout@v3 + - name: install dependencies + env: + TOKEN: ${{ secrets.MACHINE_USER_PAT }} + run: | + go install golang.org/x/mobile/cmd/gomobile@latest + gomobile init + flutter pub get + touch env.sh + + - name: Build Android debug + run: flutter build appbundle --debug + + build-ios: + name: iOS + runs-on: macos-latest + + steps: + - name: Set up Go 1.22 + uses: actions/setup-go@v4 + with: + go-version: "1.22" + + - name: Install flutter + uses: subosito/flutter-action@v2 + with: + flutter-version: '3.24.1' + + - name: Check out code + uses: actions/checkout@v3 + + - name: Install the appstore connect key material + env: + AC_API_KEY_SECRET_BASE64: ${{ secrets.AC_API_KEY_SECRET_BASE64 }} + run: | + AC_API_KEY_SECRET_PATH="$RUNNER_TEMP/key.p8" + echo "APP_STORE_CONNECT_API_KEY_KEY_FILEPATH=$AC_API_KEY_SECRET_PATH" >> $GITHUB_ENV + echo -n "$AC_API_KEY_SECRET_BASE64" | base64 --decode --output "$AC_API_KEY_SECRET_PATH" - name: install dependencies env: @@ -36,30 +72,25 @@ jobs: run: | go install golang.org/x/mobile/cmd/gomobile@latest gomobile init - flutter pub get - touch env.sh + + - name: Build iOS + env: + TOKEN: ${{ secrets.MACHINE_USER_PAT }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + run: | + cd ios + pod install + cd - + flutter build ipa --debug -# - name: Build iOS -# env: -# TOKEN: ${{ secrets.MACHINE_USER_PAT }} -# MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} -# run: | -# cd ios -# pod install -# fastlane build -# cd - -# -# # verify that the github token didn't make it into the output -# mkdir -p build/app/test-ios -# cp ios/MobileNebula.ipa build/app/test-ios -# cd build/app/test-ios -# unzip MobileNebula.ipa -# if find . | xargs strings 2>/dev/null | grep -qF "${TOKEN}" ; then -# echo "Token found in iOS build" -# exit 1 -# fi - - - name: Build Android - run: flutter build appbundle --debug + # verify that the github token didn't make it into the output + mkdir -p build/app/test-ios + cp ios/MobileNebula.ipa build/app/test-ios + cd build/app/test-ios + unzip MobileNebula.ipa + if find . | xargs strings 2>/dev/null | grep -qF "${TOKEN}" ; then + echo "Token found in iOS build" + exit 1 + fi \ No newline at end of file From e0788799f761bf97aa3a6c0c7416474a41adc952 Mon Sep 17 00:00:00 2001 From: Ian VanSchooten Date: Tue, 1 Oct 2024 15:05:42 -0400 Subject: [PATCH 4/7] Add fastlane match token --- .github/workflows/build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 15cbe4a..ab592c9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -66,6 +66,12 @@ jobs: echo "APP_STORE_CONNECT_API_KEY_KEY_FILEPATH=$AC_API_KEY_SECRET_PATH" >> $GITHUB_ENV echo -n "$AC_API_KEY_SECRET_BASE64" | base64 --decode --output "$AC_API_KEY_SECRET_PATH" + - name: Place Github token for fastlane match + env: + TOKEN: ${{ secrets.MACHINE_USER_PAT }} + run: + echo "MATCH_GIT_BASIC_AUTHORIZATION=$(echo -n "defined-machine:${TOKEN}" | base64)" >> $GITHUB_ENV + - name: install dependencies env: TOKEN: ${{ secrets.MACHINE_USER_PAT }} From 9071ce34c59afa40ff1565543a9a64c148443d4b Mon Sep 17 00:00:00 2001 From: Ian VanSchooten Date: Tue, 1 Oct 2024 15:26:37 -0400 Subject: [PATCH 5/7] Use fastlane to build --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ab592c9..d4611bc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -88,8 +88,8 @@ jobs: run: | cd ios pod install + fastlane build cd - - flutter build ipa --debug # verify that the github token didn't make it into the output mkdir -p build/app/test-ios From c98946c5ea508ceae51c4d903ceeff0a3172bb56 Mon Sep 17 00:00:00 2001 From: Ian VanSchooten Date: Tue, 1 Oct 2024 15:58:48 -0400 Subject: [PATCH 6/7] Avoid incrementing version number --- .github/workflows/build.yml | 2 +- ios/fastlane/Fastfile | 44 +++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d4611bc..342ba40 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -88,7 +88,7 @@ jobs: run: | cd ios pod install - fastlane build + fastlane checkBuild cd - # verify that the github token didn't make it into the output diff --git a/ios/fastlane/Fastfile b/ios/fastlane/Fastfile index 3969b63..ab4e9dd 100644 --- a/ios/fastlane/Fastfile +++ b/ios/fastlane/Fastfile @@ -18,6 +18,50 @@ default_platform(:ios) platform :ios do desc "Push a new beta build to TestFlight" + lane :checkBuild do + # Do some things like setting up a temporary keystore to host secrets in CI + setup_ci + + # Change signing behavior to work in CI + update_code_signing_settings( + # Automatic signing seems to be a good thing to have on in dev but will not work in CI + use_automatic_signing: false, + # The default value for this is iOS Development which is not appropriate for release + code_sign_identity: "Apple Distribution", + ) + + # Find our signing certs and profiles, these come from a private repository and managed by `fastlane match` + match(type: 'appstore', app_identifier: ["net.defined.mobileNebula","net.defined.mobileNebula.NebulaNetworkExtension"], readonly: true) + + # Update our main program to have the correct provisioning profile from Apple + update_project_provisioning( + xcodeproj: "Runner.xcodeproj", + target_filter: "Runner", + # This comes from match() above + profile:ENV["sigh_net.defined.mobileNebula_appstore_profile-path"], + build_configuration: "Release" + ) + + # Update our network extension to have the correct provisioning profile from Apple + update_project_provisioning( + xcodeproj: "Runner.xcodeproj", + target_filter: "NebulaNetworkExtension", + # This comes from match() above + profile:ENV["sigh_net.defined.mobileNebula.NebulaNetworkExtension_appstore_profile-path"], + build_configuration: "Release" + ) + + build_app( + output_name: "MobileNebula.ipa", + workspace: "Runner.xcworkspace", + scheme: "Runner", + export_method: "app-store", + export_options: { + manageAppVersionAndBuildNumber: false + } + ) + end + lane :build do # Do some things like setting up a temporary keystore to host secrets in CI setup_ci From 0046f6872b5332f3722678eac4a40ae2136030f7 Mon Sep 17 00:00:00 2001 From: Ian VanSchooten Date: Tue, 1 Oct 2024 16:10:14 -0400 Subject: [PATCH 7/7] Rename workflow --- .github/workflows/{build.yml => smoke.yml} | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) rename .github/workflows/{build.yml => smoke.yml} (95%) diff --git a/.github/workflows/build.yml b/.github/workflows/smoke.yml similarity index 95% rename from .github/workflows/build.yml rename to .github/workflows/smoke.yml index 342ba40..d11d24b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/smoke.yml @@ -1,4 +1,6 @@ -name: Build +# This workflow builds the iOS and Android apps, just to check they build without error + +name: Smoke build on: push: branches: