我使用不同的方法来构建iOS应用。与其将大量代码放在.yaml文件中,我不喜欢将大多数内容放在shell脚本中,并拥有一个更简单的.yaml文件...这种方法有什么问题吗?
我的构建卡在了“构建应用”步骤中。其他步骤工作正常。间歇性地,就像每15次出现一次一样,它神奇地起作用,但是在大多数情况下,它会失败。它卡住了,我看不到日志,直到我取消作业为止,但是日志中没有任何有用的信息。在本地计算机上运行脚本的时间为100%。这似乎对GitHub动作非常特殊。
在GitHub操作中使用此方法(bash脚本)是否存在任何问题和限制?为什么这会失败?
我不使用fastlane。这是我的YAML文件:
name: Build iOS
on:
push:
branches:
- master
jobs:
build:
runs-on: macOS-latest
steps:
- uses: actions/checkout@v2
- name: Switch XCode Version
run: sudo xcode-select -s /Applications/Xcode_11.2.app
- name: Get dependencies
run: source .github/ios/build.sh && get_dependencies
- name: Decrypt secrets
run: source .github/ios/build.sh && decrypt_secrets ${{ secrets.SECRET_KEY }}
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
- name: Set up code signing
run: source .github/ios/build.sh && setup_code_signing
- name: Build app
run: source .github/ios/build.sh && build_app
- name: Upload artifacts
run: source .github/ios/build.sh && upload_artifacts
和脚本
#!/bin/bash
PROVISIONING_PROFILE="MyApp"
CODE_SIGN_IDENTITY="Apple Development: MyApp (XXXXXXXXXX)"
DOMAIN="MyApp.com"
PRODUCT_BUNDLE_IDENTIFIER="com.MyApp.app"
# Get dependencies
function get_dependencies()
{
yarn
cd ios
pod install
cd ..
}
function decrypt
{
INPUT=$1
OUTPUT="${1%.*}"
openssl aes-256-cbc -salt -a -d -in $INPUT -out $OUTPUT -pass pass:$SECRET_KEY
}
# Decrypt secrets
function decrypt_secrets
{
export SECRET_KEY=$1
decrypt .github/ios/secrets/MyApp.mobileprovision.encrypted
decrypt .github/ios/secrets/MyApp.p12.encrypted
decrypt .github/ssh/id_rsa.encrypted
}
# Set up code signing
function setup_code_signing()
{
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
# provisioning
cp .github/ios/secrets/MyApp.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/$PROVISIONING_PROFILE.mobileprovision
# keychain
security create-keychain -p "MyApp" build.keychain
security import ./.github/ios/secrets/MyApp.p12 -t agg -k ~/Library/Keychains/build.keychain -P "" -A
security list-keychains -s ~/Library/Keychains/build.keychain
security default-keychain -s ~/Library/Keychains/build.keychain
security unlock-keychain -p "MyApp" ~/Library/Keychains/build.keychain
security set-key-partition-list -S apple-tool:,apple: -s -k "MyApp" ~/Library/Keychains/build.keychain
}
# Build
function build_app()
{
# dev environment
echo "API_URL=https://backend.$DOMAIN/" > .env
# build number
BUILD_NUMBER=${GITHUB_RUN_NUMBER:-1}
# ExportOptions.plist
sed -e "s/__BUILD_NUMBER__/$BUILD_NUMBER/g" \
-e "s/__PRODUCT_BUNDLE_IDENTIFIER__/$PRODUCT_BUNDLE_IDENTIFIER/g" \
-e "s/__CODE_SIGN_IDENTITY__/$CODE_SIGN_IDENTITY/g" \
.github/ios/ExportOptions.plist > ios/ExportOptions.plist
cd ios
set -e
set -o pipefail
# archive
xcodebuild archive \
-workspace MyApp.xcworkspace \
-scheme MyApp \
-sdk iphoneos13.2 \
-configuration Release \
-archivePath "$PWD/build/MyApp.xcarchive" \
PRODUCT_BUNDLE_IDENTIFIER="$PRODUCT_BUNDLE_IDENTIFIER" \
PROVISIONING_PROFILE="$PROVISIONING_PROFILE" \
CODE_SIGN_IDENTITY="$CODE_SIGN_IDENTITY" \
CURRENT_PROJECT_VERSION="$BUILD_NUMBER"
# export
xcodebuild \
-exportArchive \
-archivePath "$PWD/build/MyApp.xcarchive" \
-exportOptionsPlist "$PWD/ExportOptions.plist" \
-exportPath "$PWD/build"
}
# Upload artifacts
function upload_artifacts()
{
chmod 600 .github/ssh/id_rsa
BUILD_PATH="www/app/builds/$GITHUB_RUN_NUMBER"
ssh -i .github/ssh/id_rsa -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' [email protected] "mkdir -p $BUILD_PATH"
scp -i .github/ssh/id_rsa -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' -r ios/build/Apps/* [email protected]:$BUILD_PATH
scp -i .github/ssh/id_rsa -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' -r ios/build/manifest.plist [email protected]:$BUILD_PATH
}
大多数时候,日志卡在此行上:
/usr/bin/codesign --force --sign F4D55F28BEBE840ADF175A67B471FFBF2E27B222 --entitlements /Users/runner/Library/Developer/Xcode/DerivedData/MyApp-fhnolcbrhrsoglcxtgrffszyvmwz/Build/Intermediates.noindex/ArchiveIntermediates/MyApp/IntermediateBuildFilesPath/MyApp.build/Release-iphoneos/MyApp.build/MyApp.app.xcent --timestamp=none /Users/runner/Library/Developer/Xcode/DerivedData/MyApp-fhnolcbrhrsoglcxtgrffszyvmwz/Build/Intermediates.noindex/ArchiveIntermediates/MyApp/InstallationBuildProductsLocation/Applications/MyApp.app
对此处的答案表示敬意:Jenkins - Xcode build works codesign fails
发生在我身上的问题是,我试图遵循杰米森(被接受的答案)的第一个答案,但也许不再是最新。
我使用了Stephen Quan的答案,效果很好!我现在最后的钥匙串部分是:
# Create temporary keychain
KEYCHAIN="MyApp$$.keychain"
KEYCHAIN_PASSWORD="MyApp"
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
# Append keychain to the search list
security list-keychains -d user -s "$KEYCHAIN" $(security list-keychains -d user | sed s/\"//g)
security list-keychains
# Unlock the keychain
security set-keychain-settings "$KEYCHAIN"
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
# Import certificate
security import .github/ios/secrets/MyApp.p12 -k "$KEYCHAIN" -P "" -T "/usr/bin/codesign"
# Detect the iOS identity
IOS_IDENTITY=$(security find-identity -v -p codesigning "$KEYCHAIN" | head -1 | grep '"' | sed -e 's/[^"]*"//' -e 's/".*//')
IOS_UUID=$(security find-identity -v -p codesigning "$KEYCHAIN" | head -1 | grep '"' | awk '{print $2}')
# New requirement for MacOS 10.12+
security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN