Skip to content
Build

Build #46

Sign in to view logs

Build

Build #46

Workflow file for this run

.github/workflows/build.yml at d87ff65
---
name: Build
on:
workflow_dispatch:
inputs:
build-variant:
description: "Which variant of the app to build"
required: true
type: choice
options:
- Production
build-version:
description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project."
required: false
type: string
build-number:
description: "Optional. Build number to use. Overrides default of GitHub run number."
required: false
type: number
env:
build-variant: ${{ inputs.build-variant || 'Production' }}
jobs:
build:
name: Build
runs-on: macos-14
env:
MINT_PATH: .mint/lib
MINT_LINK_PATH: .mint/bin
steps:
- name: Check out repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Cache Mint packages
id: mint-cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: .mint
key: ${{ runner.os }}-mint-${{ hashFiles('**/Mintfile') }}
restore-keys: |
${{ runner.os }}-mint-
- name: Install yeetd
run: |
wget https://github.com/biscuitehh/yeetd/releases/download/1.0/yeetd-normal.pkg
sudo installer -pkg yeetd-normal.pkg -target /
yeetd &
- name: Log in to Azure
uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "appcenter-ios-token"
- name: Retrieve production provisioning profiles
if: env.build-variant == 'Production'
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: profiles
run: |
mkdir -p $HOME/secrets
profiles=(
"dist_authenticator.mobileprovision"
)
for FILE in "${profiles[@]}"
do
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
--file $HOME/secrets/$FILE --output none
done
- name: Retrieve Google Services secret
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
FILE: GoogleService-Info.plist
run: |
mkdir -p $HOME/secrets
az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
--file Authenticator/Application/Support/$FILE --output none
- name: Retrieve certificates
run: |
mkdir -p $HOME/certificates
az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution |
jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12
- name: Configure Keychain Access
env:
KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
run: |
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security set-keychain-settings -lut 1200 build.keychain
security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \
-T /usr/bin/security
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
- name: Configure production provisioning profiles
if: env.build-variant == 'Production'
run: |
AUTHENTICATOR_PROFILE_PATH=$HOME/secrets/dist_authenticator.mobileprovision
PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles
mkdir -p "$PROFILES_DIR_PATH"
AUTHENTICATOR_UUID=$(grep UUID -A1 -a $AUTHENTICATOR_PROFILE_PATH | grep -io "[-A-F0-9]\{36\}")
cp $AUTHENTICATOR_PROFILE_PATH "$PROFILES_DIR_PATH/$AUTHENTICATOR_UUID.mobileprovision"
- name: Configure Ruby
uses: ruby/setup-ruby@3a77c29278ae80936b4cb030fefc7d21c96c786f # v1.185.0
with:
bundler-cache: true
- name: Install Mint, protobuf, xcbeautify, and yq
run: |
brew install mint swift-protobuf xcbeautify yq
- name: Install Mint packages
if: steps.mint-cache.outputs.cache-hit != 'true'
run: |
mint bootstrap
- name: Select variant
run: |
./Scripts/select_variant.sh ${{ env.build-variant }}
- name: Update build version
if: ${{ inputs.build-version }}
run: |
yq -i '.settings.MARKETING_VERSION = "${{ inputs.build-version }}"' 'project.yml'
- name: Update build number
run: |
BUILD_NUMBER=$(($GITHUB_RUN_NUMBER))
yq -i ".settings.CURRENT_PROJECT_VERSION = ${{ inputs.build-number || '$BUILD_NUMBER' }}" 'project.yml'
- name: Build iOS app
run: |
BUILD_NUMBER=$(($GITHUB_RUN_NUMBER))
./Scripts/build.sh
- name: Upload IPA
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: Authenticator iOS
path: build/Authenticator/Authenticator.ipa
- name: Validate app with App Store Connect
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
xcrun altool --validate-app \
--type ios \
--file "build/Authenticator/Authenticator.ipa" \
--username "$APPLE_ID_USERNAME" \
--password @env:APPLE_ID_PASSWORD
- name: Upload app to TestFlight
env:
APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
run: |
xcrun altool --upload-app \
--type ios \
--file "build/Authenticator/Authenticator.ipa" \
--username "$APPLE_ID_USERNAME" \
--password @env:APPLE_ID_PASSWORD
crowdin-push:
name: Crowdin Push
if: github.ref == 'refs/heads/main'
needs:
- build
runs-on: ubuntu-22.04
env:
_CROWDIN_PROJECT_ID: "673718"
steps:
- name: Check out repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Log in to Azure - CI Subscription
uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
with:
creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
- name: Retrieve secrets
id: retrieve-secrets
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with:
keyvault: "bitwarden-ci"
secrets: "crowdin-api-token"
- name: Upload sources
uses: crowdin/github-action@61ac8b980551f674046220c3e104bddae2916ac5 # v2.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
with:
config: crowdin.yml
crowdin_branch_name: main
upload_sources: true
upload_translations: false