diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index f698f8db70..ab9a97624d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,5 +1,10 @@ name: Check links and Publish Docs +permissions: + contents: write + pages: write + id-token: write + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/testflight-prod.yml b/.github/workflows/testflight-prod.yml index 008d8aa034..da3a0eec86 100644 --- a/.github/workflows/testflight-prod.yml +++ b/.github/workflows/testflight-prod.yml @@ -5,7 +5,7 @@ concurrency: cancel-in-progress: false on: - workflow_dispatch: + workflow_dispatch: jobs: distribute_testflight: @@ -60,38 +60,15 @@ jobs: with: workspaces: rust -> rust/target - - name: Install the Apple certificate and provisioning profile - env: - IOS_CERT_BASE64: ${{ secrets.IOS_CERT_BASE64 }} - IOS_CERT_PASSWORD: ${{ secrets.IOS_CERT_PASSWORD }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - run: | - # create variables - CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - - # import certificate and provisioning profile from secrets - echo -n "$IOS_CERT_BASE64" | base64 --decode -o $CERTIFICATE_PATH - - # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - # import certificate to keychain - security import $CERTIFICATE_PATH -P "$IOS_CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security list-keychain -d user -s $KEYCHAIN_PATH - - echo "KEYCHAIN_PATH_ENV=$(echo $KEYCHAIN_PATH)" >> $GITHUB_ENV - - name: Distribute TestFlight build env: ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }} ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }} ASC_KEY_BASE64: ${{ secrets.ASC_KEY_BASE64 }} BUILD_NUMBER: $GITHUB_RUN_ID - KEYCHAIN_PATH: ${{ env.KEYCHAIN_PATH_ENV }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + MATCH_GIT_BASIC_AUTHORIZATION: ${{ secrets.MATCH_GIT_BASIC_AUTHORIZATION }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} run: | cd ios bundle exec fastlane distribute_production_testflight diff --git a/.github/workflows/testflight-qa.yml b/.github/workflows/testflight-qa.yml index b2e5917dd8..3ea5abd4f6 100644 --- a/.github/workflows/testflight-qa.yml +++ b/.github/workflows/testflight-qa.yml @@ -60,38 +60,15 @@ jobs: with: workspaces: rust -> rust/target - - name: Install the Apple certificate and provisioning profile - env: - IOS_CERT_BASE64: ${{ secrets.IOS_CERT_BASE64 }} - IOS_CERT_PASSWORD: ${{ secrets.IOS_CERT_PASSWORD }} - KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} - run: | - # create variables - CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - - # import certificate and provisioning profile from secrets - echo -n "$IOS_CERT_BASE64" | base64 --decode -o $CERTIFICATE_PATH - - # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - # import certificate to keychain - security import $CERTIFICATE_PATH -P "$IOS_CERT_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security list-keychain -d user -s $KEYCHAIN_PATH - - echo "KEYCHAIN_PATH_ENV=$(echo $KEYCHAIN_PATH)" >> $GITHUB_ENV - - name: Distribute TestFlight build env: ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }} ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }} ASC_KEY_BASE64: ${{ secrets.ASC_KEY_BASE64 }} BUILD_NUMBER: $GITHUB_RUN_ID - KEYCHAIN_PATH: ${{ env.KEYCHAIN_PATH_ENV }} KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} + MATCH_GIT_BASIC_AUTHORIZATION: ${{ secrets.MATCH_GIT_BASIC_AUTHORIZATION }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} run: | cd ios bundle exec fastlane distribute_qa_testflight diff --git a/ios/fastlane/Matchfile b/ios/fastlane/Matchfile new file mode 100644 index 0000000000..310a62fbe2 --- /dev/null +++ b/ios/fastlane/Matchfile @@ -0,0 +1,4 @@ +git_url("https://github.com/novasamatech/match_security_management_gmbh") +storage_mode("git") +type("appstore") +app_identifier("io.parity.NativeSigner") diff --git a/ios/fastlane/lanes/lane_build.rb b/ios/fastlane/lanes/lane_build.rb index 5a63133e22..50c0f4d47d 100644 --- a/ios/fastlane/lanes/lane_build.rb +++ b/ios/fastlane/lanes/lane_build.rb @@ -11,7 +11,7 @@ configuration = options[:configuration] app_identifier = CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier) - profile_name = "Polkadot Vault Distribution" + profile_name = "match AppStore io.parity.NativeSigner" output_name = scheme # just in case we need to customise it for other GAs export_method = "app-store" compile_bitcode = false @@ -48,19 +48,26 @@ desc "Prepares certificate and provisioning profile" lane :prepare_code_signing do |options| - api_key = lane_context[SharedValues::APP_STORE_CONNECT_API_KEY] app_identifier = CredentialsManager::AppfileConfig.try_fetch_value(:app_identifier) - profile_name = "Polkadot Vault Distribution" - cert( - api_key: api_key, - keychain_path: ENV["KEYCHAIN_PATH"], + if is_ci? + create_keychain( + name: "github_actions_keychain", + password: ENV["KEYCHAIN_PASSWORD"], + default_keychain: true, + unlock: true, + timeout: 3600, + add_to_search_list: true, + lock_when_sleeps: false + ) + end + + match( + type: "appstore", + app_identifier: app_identifier, + readonly: is_ci?, + keychain_name: "github_actions_keychain", keychain_password: ENV["KEYCHAIN_PASSWORD"] ) - sigh( - api_key: api_key, - app_identifier: app_identifier, - provisioning_name: profile_name, - force: false - ) + end