fix: work on dev and dist build

Signed-off-by: Jason C. Leach <jason.leach@fullboar.ca>

.github/workflows/actions/export-ios-archive/action.yml

@@ -0,0 +1,77 @@
+name: Export Signed iOS Archive
+description: Export a signed iOS Archive
+
+inputs:
+  artifact_ref:
+    description: |
+      The referene ID / name of the uploaded GitHub artifact
+      stored in GitHub by the upload action. This should
+      be an xcarchive file compressed with ZIP.
+    requred: true
+  certificate:
+    description: |
+      The Base64 encoded certificate to use for 
+      signing the archive. This should be in p12 format.
+    required: true
+  certificate_password:
+    description: |
+      The password for importing the certificate.
+    requred: true
+  provisioning_profile:
+    description: |
+      The Base64 encoded provisioning profile to use for 
+      signing the archive. This should be in mobileprovision format.
+    requred: true
+  ouput_artifacet_ref:
+    description: |
+      The reference ID / name of the uploaded GitHub artifact
+      stored in GitHub by the upload action.
+    requred: true
+
+runs:
+  using: composite
+  steps:
+    # - uses: actions/checkout@v2
+
+    - name: Build Keychain
+      shell: bash
+      env:
+        CERTIFICATE: ${{ inputs.certificate }}
+      run: |
+        scripts/makekc.sh ${{ inputs.certificate_password }}
+
+      # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
+    - name: Create Provisioning Profile
+      shell: bash
+      env:
+        PROVISIONING_PROFILE: ${{ inputs.provisioning_profile }}
+      run: |
+        scripts/makepp.sh
+
+    - name: Download artifact
+      uses: actions/download-artifact@v3
+      with:
+        name: ${{ inputs.artifact_ref }}
+
+    - name: Unzip artifact
+      shell: bash
+      run: |
+        unzip ${{ inputs.artifact_ref }}.zip
+
+    - name: Sign & Export
+      shell: bash
+      run: |
+        xcodebuild \
+        -exportArchive \
+        -archivePath AriesBifold.xcarchive \
+        -exportPath export \
+        -exportOptionsPlist ../../options.plist \
+        -verbose
+
+    - name: Upload signed artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: ${{ inputs.output_artifact_ref }}
+        path: export/BCWallet.ipa
+        if-no-files-found: error
+        retention-days: 1

.github/workflows/main.yaml

@@ -1,7 +1,6 @@
 name: Native Build & Test
 
 env:
-  cacheId: "11" # increment to expire the cache
   appBuildNumber: ${{ github.run_number }}
   appBuildVersion: "1.0.10"
 
@@ -57,21 +56,6 @@ jobs:
         run: |
           git submodule update --init --recursive
 
-      # # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
-      # - name: Build Produciton Keychain
-      #   if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
-      #   env:
-      #     CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
-      #   run: |
-      #     scripts/makekc.sh ${{ secrets.KEYCHIAN_PASSWD }}
-
-      - name: Build Developer Keychain
-        if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
-        env:
-          CERTIFICATE: ${{ secrets.BUILD_CERTIFICATE_DEV_BASE64 }}
-        run: |
-          scripts/makekc.sh ${{ secrets.KEYCHIAN_PASSWD_DEV }}
-
       - name: Setup NodeJS
         uses: ./.github/workflows/actions/setup-node
 
@@ -84,35 +68,33 @@ jobs:
         run: |
           xcode-select -p
 
-      # Watch for changes to the HEAD ref, use
-      # git for cache keys.
-      - name: Generate cache key
-        run: |
-          echo $(git rev-parse HEAD:app/ios) > ./dd-cache-key.txt
-
-      - uses: actions/cache@v2
+      - name: Cached pip dependencies
+        uses: actions/cache@v3
+        id: pip-cache
         with:
           path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ env.cacheId }}-${{ hashFiles('**/dd-cache-key.txt') }}
+          key: ${{ runner.os }}-pip
           restore-keys: |
             ${{ runner.os }}-pip-
 
       - name: Cache pod dependencies
         id: pod-cache
-        uses: actions/cache@v1
+        uses: actions/cache@v3
         with:
-          path: app/ios/Pods
-          key: ${{ runner.os }}-pods-${{ env.cacheId }}-${{ hashFiles('**/Podfile.lock ') }}
+          path: |
+            app/ios/Pods
+            ~/Library/Caches/CocoaPods
+            ~/.cocoapods
+          key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock ') }}
           restore-keys: |
-            ${{ runner.os }}-pods-${{ env.cacheId }}-
+            ${{ runner.os }}-pods-
 
-      - name: Cache derived data
-        uses: actions/cache@v1
+      - name: Restore cached derived data
+        id: cache-dd-restore
+        uses: actions/cache/restore@v3
         with:
           path: app/ios/xbuild/Build
-          key: ${{ runner.os }}-dd-xcode-${{ env.cacheId }}-${{ hashFiles('**/dd-cache-key.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-dd-xcode-${{ env.cacheId }}-
+          key: ${{ runner.os }}-dd-xcode
 
       - name: Install dependencies
         working-directory: ./
@@ -121,7 +103,7 @@ jobs:
           git status
 
       # Ledgers are missing namespace, not compatible.
-      # - name: Updaet ledgers
+      # - name: Update ledgers
       #   uses: ./.github/workflows/actions/update-ledgers
 
       - name: Install iOS dependencies
@@ -156,26 +138,7 @@ jobs:
           echo "IAS_PORTAL_URL=${IAS_PORTAL_URL}" >>.env
           echo "IAS_AGENT_INVITE_URL=${IAS_AGENT_INVITE_URL}" >>.env
 
-      # # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
-      # - name: Create Distribution Provisioning Profile
-      #   if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
-      #   env:
-      #     PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
-      #   run: |
-      #     scripts/makepp.sh
-
-      # https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
-      - name: Create Develop Provisioning Profile
-        if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
-        env:
-          PROVISIONING_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE_DEV_BASE64 }}
-        run: |
-          scripts/makepp.sh
-
-      # here
-
-      - name: Release build
-        if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
+      - name: Archive build
         working-directory: app/ios
         run: |
           xcodebuild \
@@ -189,59 +152,61 @@ jobs:
           -verbose \
           archive
 
-      - name: Debug build
-        if: github.ref_name != 'main' || needs.check-ios-secrets.outputs.isReleaseBuild != 'true'
-        working-directory: app/ios
-        run: |
-          xcodebuild \
-          -workspace AriesBifold.xcworkspace \
-          -scheme AriesBifold \
-          -configuration Debug \
-          -derivedDataPath xbuild \
-          build \
-          CODE_SIGNING_ALLOWED=NO \
-          CODE_SIGNING_REQUIRED=NO
+      - name: Save cache for derived data
+        id: cache-dd-save
+        uses: actions/cache/save@v3
+        with:
+          path: app/ios/xbuild/Build
+          key: ${{ steps.cache-dd-restore.outputs.cache-primary-key }}
 
-      # - name: Distribution Archive & Sign
-      #   if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
-      #   working-directory: app/ios
-      #   run: |
-      #     xcodebuild \
-      #     -exportArchive \
-      #     -archivePath AriesBifold.xcarchive \
-      #     -exportPath export \
-      #     -exportOptionsPlist ../../options.plist \
-      #     -verbose
-
-      # - name: Upload iOS artifact
-      #   if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
-      #   uses: actions/upload-artifact@v3
-      #   with:
-      #     name: ios-artifact
-      #     path: app/ios/export/BCWallet.ipa
-      #     if-no-files-found: error
-      #     retention-days: 7
-
-      - name: Develop Archive & Sign
+      - name: Compress xcarchive
         if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
         working-directory: app/ios
         run: |
-          xcodebuild \
-          -exportArchive \
-          -archivePath AriesBifold.xcarchive \
-          -exportPath export \
-          -exportOptionsPlist ../../options-dev.plist \
-          -verbose
+          zip -r AriesBifold.xcarchive.zip AriesBifold.xcarchive
 
-      - name: Upload iOS artifact
+      - name: Upload xcarchive artifact
         if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
         uses: actions/upload-artifact@v3
         with:
-          name: ios-artifact-dev
-          path: app/ios/export/BCWallet.ipa
+          name: ios-xcarchive.zip
+          path: app/ios/AriesBifold.xcarchive.zip
           if-no-files-found: error
           retention-days: 7
 
+      - name: Export distribution archive
+        if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
+        uses: ./.github/workflows/actions/export-ios-archive
+        with:
+          artifact_ref: ios-xcarchive.zip
+          certificate: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          certificate_password: ${{ secrets.KEYCHIAN_PASSWD }}
+          provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
+          ouput_artifacet_ref: ios-artifact
+
+      - name: Export development archive
+        if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'
+        uses: ./.github/workflows/actions/export-ios-archive
+        with:
+          artifact_ref: ios-xcarchive.zip
+          certificate: ${{ secrets.BUILD_CERTIFICATE_DEV_BASE64 }}
+          certificate_password: ${{ secrets.KEYCHIAN_PASSWD_DEV }}
+          provisioning_profile: ${{ secrets.BUILD_PROVISION_PROFILE_DEV_BASE64 }}
+          ouput_artifacet_ref: ios-artifact-dev
+
+      # - name: Debug build
+      #   if: github.ref_name != 'main' || needs.check-ios-secrets.outputs.isReleaseBuild != 'true'
+      #   working-directory: app/ios
+      #   run: |
+      #     xcodebuild \
+      #     -workspace AriesBifold.xcworkspace \
+      #     -scheme AriesBifold \
+      #     -configuration Debug \
+      #     -derivedDataPath xbuild \
+      #     build \
+      #     CODE_SIGNING_ALLOWED=NO \
+      #     CODE_SIGNING_REQUIRED=NO
+
       # https://blog.codemagic.io/app-store-connect-api-codemagic-cli-tools/
       - name: Install Codemagic CLI Tools
         if: github.ref_name == 'main' && needs.check-ios-secrets.outputs.isReleaseBuild == 'true'

scripts/makekc.sh

@@ -12,16 +12,17 @@ echo ">> Extracting Artifats"
 echo "${CERTIFICATE}" | base64 -d >"${CERT_PATH}"
 md5 "$CERT_PATH"
 
-if [[ $KC_FILE_COUNT -eq 0 ]]; then
-  echo ">> Create keychain $KC_NAME"
-  /usr/bin/security create-keychain -p $1 $KC_NAME
-  /usr/bin/security default-keychain -s $KC_NAME
-  /usr/bin/security unlock-keychain -p $1 $KC_NAME
-  /usr/bin/security list-keychains -d user -s $KC_NAME
-else
-  echo ">> Keychain $KC_NAME exists. Skipping create..."
+if [[ $KC_FILE_COUNT -gt 0 ]]; then
+  echo ">> Keychain $KC_NAME exists. Removing."
+  /usr/bin/security delete-keychain /Users/runner/Library/Keychains/$KC_NAME-db
 fi
 
+echo ">> Create keychain $KC_NAME"
+/usr/bin/security create-keychain -p $1 $KC_NAME
+/usr/bin/security default-keychain -s $KC_NAME
+/usr/bin/security unlock-keychain -p $1 $KC_NAME
+/usr/bin/security list-keychains -d user -s $KC_NAME
+
 echo ">> Importing Certificate"
 /usr/bin/security import $CERT_PATH -P "$1" -t cert -f pkcs12 -k $KC_NAME -T /usr/bin/codesign -T /usr/bin/security