diff --git a/.github/workflows/deploy-release.yaml b/.github/workflows/deploy-release.yaml index fbd7b62..a32ce9d 100644 --- a/.github/workflows/deploy-release.yaml +++ b/.github/workflows/deploy-release.yaml @@ -113,30 +113,18 @@ jobs: api-key-id: ${{ secrets.APPSTORE_KEY_ID }} api-private-key: ${{ secrets.APPSTORE_API_KEY_P8 }} - # The generated Xcode project defaults to automatic signing, which on - # CI has no Apple account to auto-create a Development profile. Force - # manual signing with the App Store distribution profile we just - # installed via an xcconfig override — xcodebuild honours - # XCODE_XCCONFIG_FILE regardless of how Tauri invokes it, so we don't - # have to edit the generated project. - - name: Configure manual code signing + # Give xcodebuild an App Store Connect API key so its automatic + # signing (-allowProvisioningUpdates, which Tauri passes) can + # authenticate non-interactively. Without it, CI has no Apple account + # and fails with "No Accounts". Tauri forwards APPLE_API_* to + # xcodebuild as -authenticationKey{ID,IssuerID,Path}. + - name: Prepare App Store Connect API key + env: + APPSTORE_API_KEY_P8: ${{ secrets.APPSTORE_API_KEY_P8 }} run: | - PROFILE=$(ls "$HOME/Library/MobileDevice/Provisioning Profiles/"*.mobileprovision 2>/dev/null | head -n 1) - if [[ -z "$PROFILE" ]]; then - echo "No iOS provisioning profile was installed" >&2 - exit 1 - fi - security cms -D -i "$PROFILE" -o "$RUNNER_TEMP/pp.plist" - NAME=$(/usr/libexec/PlistBuddy -c "Print :Name" "$RUNNER_TEMP/pp.plist") - CFG="$RUNNER_TEMP/signing.xcconfig" - { - echo "CODE_SIGN_STYLE = Manual" - echo "CODE_SIGN_IDENTITY = Apple Distribution" - echo "DEVELOPMENT_TEAM = G93CJ6PWZH" - echo "PROVISIONING_PROFILE_SPECIFIER = $NAME" - } > "$CFG" - echo "Using provisioning profile: $NAME" - echo "XCODE_XCCONFIG_FILE=$CFG" >> "$GITHUB_ENV" + KEY_PATH="$RUNNER_TEMP/AuthKey.p8" + printf '%s' "$APPSTORE_API_KEY_P8" > "$KEY_PATH" + echo "APPLE_API_KEY_PATH=$KEY_PATH" >> "$GITHUB_ENV" - name: Setup build toolchain uses: ./.github/actions/setup-desktop-build @@ -152,7 +140,9 @@ jobs: - name: Build signed .ipa with Tauri run: npm run build:ios env: - APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} + APPLE_API_ISSUER: ${{ secrets.APPSTORE_ISSUER_ID }} + APPLE_API_KEY: ${{ secrets.APPSTORE_KEY_ID }} + APPLE_DEVELOPMENT_TEAM: G93CJ6PWZH NEXT_PUBLIC_API_URL: https://scriptio.app NEXT_PUBLIC_CLOUD_URL: https://cloud.scriptio.app NEXT_PUBLIC_APP_VERSION: ${{ needs.prepare.outputs.version }} diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml index 8380c93..afe866e 100644 --- a/.github/workflows/deploy-staging.yaml +++ b/.github/workflows/deploy-staging.yaml @@ -113,30 +113,18 @@ jobs: api-key-id: ${{ secrets.APPSTORE_KEY_ID }} api-private-key: ${{ secrets.APPSTORE_API_KEY_P8 }} - # The generated Xcode project defaults to automatic signing, which on - # CI has no Apple account to auto-create a Development profile. Force - # manual signing with the App Store distribution profile we just - # installed via an xcconfig override — xcodebuild honours - # XCODE_XCCONFIG_FILE regardless of how Tauri invokes it, so we don't - # have to edit the generated project. - - name: Configure manual code signing + # Give xcodebuild an App Store Connect API key so its automatic + # signing (-allowProvisioningUpdates, which Tauri passes) can + # authenticate non-interactively. Without it, CI has no Apple account + # and fails with "No Accounts". Tauri forwards APPLE_API_* to + # xcodebuild as -authenticationKey{ID,IssuerID,Path}. + - name: Prepare App Store Connect API key + env: + APPSTORE_API_KEY_P8: ${{ secrets.APPSTORE_API_KEY_P8 }} run: | - PROFILE=$(ls "$HOME/Library/MobileDevice/Provisioning Profiles/"*.mobileprovision 2>/dev/null | head -n 1) - if [[ -z "$PROFILE" ]]; then - echo "No iOS provisioning profile was installed" >&2 - exit 1 - fi - security cms -D -i "$PROFILE" -o "$RUNNER_TEMP/pp.plist" - NAME=$(/usr/libexec/PlistBuddy -c "Print :Name" "$RUNNER_TEMP/pp.plist") - CFG="$RUNNER_TEMP/signing.xcconfig" - { - echo "CODE_SIGN_STYLE = Manual" - echo "CODE_SIGN_IDENTITY = Apple Distribution" - echo "DEVELOPMENT_TEAM = G93CJ6PWZH" - echo "PROVISIONING_PROFILE_SPECIFIER = $NAME" - } > "$CFG" - echo "Using provisioning profile: $NAME" - echo "XCODE_XCCONFIG_FILE=$CFG" >> "$GITHUB_ENV" + KEY_PATH="$RUNNER_TEMP/AuthKey.p8" + printf '%s' "$APPSTORE_API_KEY_P8" > "$KEY_PATH" + echo "APPLE_API_KEY_PATH=$KEY_PATH" >> "$GITHUB_ENV" - name: Setup build toolchain uses: ./.github/actions/setup-desktop-build @@ -153,7 +141,9 @@ jobs: - name: Build signed .ipa with Tauri run: npm run build:ios env: - APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} + APPLE_API_ISSUER: ${{ secrets.APPSTORE_ISSUER_ID }} + APPLE_API_KEY: ${{ secrets.APPSTORE_KEY_ID }} + APPLE_DEVELOPMENT_TEAM: G93CJ6PWZH NEXT_PUBLIC_API_URL: https://staging.scriptio.app NEXT_PUBLIC_CLOUD_URL: https://cloud.staging.scriptio.app NEXT_PUBLIC_APP_VERSION: ${{ needs.prepare.outputs.version }}