app/.github/workflows/ios_debug.yml at main · humake-dev/app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: iOS Secrets Rerun Debug

on:
  workflow_dispatch:

jobs:
  rerun-debug:
    runs-on: macos-latest
    env:
      IOS_CERT_PASSWORD: ${{ secrets.IOS_CERT_PASSWORD }}
      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
      IOS_CERT_BASE64: ${{ secrets.IOS_CERT_BASE64 }}
      IOS_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISION_PROFILE_BASE64 }}

    steps:
      - name: Checkout repo
        uses: actions/checkout@v4

      - name: Debug IOS_CERT_PASSWORD
        run: |
          echo "=== DEBUG: IOS_CERT_PASSWORD ==="
          echo "PASS len: ${#IOS_CERT_PASSWORD}"
          printf "'%s'\n" "$IOS_CERT_PASSWORD"

      - name: Decode IOS_CERT_BASE64 → cert.p12
        run: |
          echo "=== DEBUG: IOS_CERT_BASE64 decode ==="
          echo "$IOS_CERT_BASE64" | base64 --decode > cert.p12
          file cert.p12
          ls -l cert.p12
          openssl pkcs12 -info -in cert.p12 -noout -passin pass:$IOS_CERT_PASSWORD || true

      - name: Check p12 checksum
        run: |
          shasum cert.p12
          file cert.p12
          ls -l cert.p12

      - name: Decode IOS_PROVISION_PROFILE_BASE64
        run: |
          echo "=== DEBUG: IOS_PROVISION_PROFILE_BASE64 decode ==="
          echo "$IOS_PROVISION_PROFILE_BASE64" | base64 --decode > profile.mobileprovision
          ls -l profile.mobileprovision

      - name: Setup provisioning profile
        run: |
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
          echo "${{ secrets.IOS_PROVISION_PROFILE_BASE64 }}" | base64 --decode > /tmp/profile.mobileprovision
          UUID=$(security cms -D -i /tmp/profile.mobileprovision | plutil -extract UUID raw -)
          cp /tmp/profile.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$UUID.mobileprovision
          chmod 644 ~/Library/MobileDevice/Provisioning\ Profiles/$UUID.mobileprovision
          security cms -D -i ~/Library/MobileDevice/Provisioning\ Profiles/*.mobileprovision | plutil -extract Name raw -

      - name: Show keychain list
        run: |
          KEYCHAIN_PATH="$HOME/Library/Keychains/build.keychain"

          echo "=== Creating keychain ==="
          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"

          echo "=== Unlocking keychain ==="
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"

          echo "=== Setting as default keychain ==="
          security default-keychain -s "$KEYCHAIN_PATH"

          echo "=== List keychains ==="
          security list-keychains

          echo "=== Import certificate ==="
          security import cert.p12 \
            -k "$KEYCHAIN_PATH" \
            -P "$IOS_CERT_PASSWORD" \
            -T /usr/bin/codesign

      - name: Test import with verbose
        run: |
          security import cert.p12 -k build.keychain -P "$IOS_CERT_PASSWORD" -T /usr/bin/codesign

      - name: Debug p12 checksum
        run: |
          echo "$IOS_CERT_BASE64" | base64 --decode > cert.p12
          md5 cert.p12