diff --git a/.github/workflows/_swift.yml b/.github/workflows/_swift.yml index cb33b431f..4e952179d 100644 --- a/.github/workflows/_swift.yml +++ b/.github/workflows/_swift.yml @@ -5,172 +5,81 @@ on: jobs: build: - name: build-${{ matrix.sdk }} - runs-on: ${{ matrix.runs-on }} + name: ${{ matrix.job_name }} + runs-on: macos-15 + permissions: + contents: read + id-token: "write" + env: + XCODE_VERSION: "16.2" strategy: fail-fast: false matrix: include: - - sdk: macosx - runs-on: macos-14 - platform: macOS - xcode: "15.2" - destination: platform=macOS - - sdk: iphoneos - runs-on: macos-14 + - job_name: build-ios + rust-targets: aarch64-apple-ios + build-script: scripts/build/ios-appstore.sh + upload-script: scripts/upload/app-store-connect.sh + artifact-file: "Firezone.ipa" platform: iOS - xcode: "15.2" - destination: generic/platform=iOS - permissions: - contents: read - id-token: "write" - defaults: - run: - working-directory: ./swift/apple + + - job_name: build-macos-appstore + rust-targets: aarch64-apple-darwin x86_64-apple-darwin + build-script: scripts/build/macos-appstore.sh + upload-script: scripts/upload/app-store-connect.sh + artifact-file: "Firezone.pkg" + platform: macOS + + - job_name: build-macos-standalone + rust-targets: aarch64-apple-darwin x86_64-apple-darwin + build-script: scripts/build/macos-standalone.sh + upload-script: scripts/upload/github-release.sh + # mark:next-apple-version + artifact-file: "firezone-macos-client-1.4.0.dmg" + # mark:next-apple-version + release-name: macos-client-1.4.0 steps: - uses: actions/checkout@v4 with: fetch-tags: true # Otherwise we cannot embed the correct version into the build. - uses: ./.github/actions/setup-rust with: - targets: aarch64-apple-darwin aarch64-apple-ios x86_64-apple-darwin + targets: ${{ matrix.rust-targets }} - uses: actions/cache/restore@v4 name: Restore Swift DerivedData Cache id: cache with: path: ~/Library/Developer/Xcode/DerivedData - key: ${{ matrix.runs-on }}-${{ hashFiles('swift/*', 'rust/**/*.rs', 'rust/**/*.toml', 'rust/**/*.lock}') }} - - name: Install the Apple build certificate and provisioning profile + key: ${{ runner.os }}-${{ hashFiles('swift/*', 'rust/**/*.rs', 'rust/**/*.toml', 'rust/**/*.lock}') }} + - run: ${{ matrix.build-script }} env: - BUILD_CERT: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }} - BUILD_CERT_PASS: ${{ secrets.APPLE_BUILD_CERTIFICATE_P12_PASSWORD }} - INSTALLER_CERT: ${{ secrets.APPLE_MAC_INSTALLER_CERTIFICATE_BASE64 }} - INSTALLER_CERT_PASS: ${{ secrets.APPLE_MAC_INSTALLER_CERTIFICATE_P12_PASSWORD }} - KEYCHAIN_PASS: ${{ secrets.APPLE_RUNNER_KEYCHAIN_PASSWORD }} - IOS_APP_PP: ${{ secrets.APPLE_IOS_APP_PROVISIONING_PROFILE }} - IOS_NE_PP: ${{ secrets.APPLE_IOS_NE_PROVISIONING_PROFILE }} - MACOS_APP_PP: ${{ secrets.APPLE_MACOS_APP_PROVISIONING_PROFILE }} - MACOS_NE_PP: ${{ secrets.APPLE_MACOS_NE_PROVISIONING_PROFILE }} - run: | - BUILD_CERT_PATH=$RUNNER_TEMP/build_certificate.p12 - INSTALLER_CERT_PATH=$RUNNER_TEMP/installer_certificate.cer - - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - PP_PATH=~/Library/MobileDevice/Provisioning\ Profiles - mkdir -p "$PP_PATH" - - # import certificate and provisioning profiles from secrets - echo -n "$BUILD_CERT" | base64 --decode -o $BUILD_CERT_PATH - - # Matrix won't let us access secrets (for good reason), so use an explicit conditional here instead - if [ "${{ matrix.platform }}" = "iOS" ]; then - echo -n "$IOS_APP_PP" | base64 --decode -o "$PP_PATH"/app.mobileprovision - echo -n "$IOS_NE_PP" | base64 --decode -o "$PP_PATH"/ne.mobileprovision - elif [ "${{ matrix.platform }}" = "macOS" ]; then - echo -n "$MACOS_APP_PP" | base64 --decode -o "$PP_PATH"/app.provisionprofile - echo -n "$MACOS_NE_PP" | base64 --decode -o "$PP_PATH"/ne.provisionprofile - - # Submission to the macOS app store requires an installer package - # which must be signed separately. - echo -n "$INSTALLER_CERT" | base64 --decode -o $INSTALLER_CERT_PATH - else - echo "Platform not supported" - exit 1 - fi - - # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASS" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASS" $KEYCHAIN_PATH - - # import certificate to keychain - security import $BUILD_CERT_PATH -P "$BUILD_CERT_PASS" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - - if [ "${{ matrix.platform }}" = "macOS" ]; then - security import $INSTALLER_CERT_PATH -P "$INSTALLER_CERT_PASS" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - fi - security list-keychain -d user -s $KEYCHAIN_PATH - - name: Build and sign app - id: build - env: - # Build universal binary - ONLY_ACTIVE_ARCH: no - # Needed because `productbuild` doesn't support picking this up automatically like Xcode does - INSTALLER_CODE_SIGN_IDENTITY: "3rd Party Mac Developer Installer: Firezone, Inc. (47R2M6779T)" - run: | - # Use the same Xcode version as development - sudo xcode-select -s /Applications/Xcode_${{ matrix.xcode }}.app - - # Copy xcconfig - cp Firezone/xcconfig/app_store.xcconfig Firezone/xcconfig/config.xcconfig - - # App Store Connect requires a new build version on each upload and it must be an integer. - # See https://developer.apple.com/documentation/xcode/build-settings-reference#Current-Project-Version - seconds_since_epoch=$(date +%s) - sed -i '' "s/CURRENT_PROJECT_VERSION = [0-9]/CURRENT_PROJECT_VERSION = $seconds_since_epoch/" \ - Firezone.xcodeproj/project.pbxproj - - # Unfortunately the macOS app requires an installer package to make it into the App Store, - # while iOS requires an ipa. The process for building each of these is slightly different. - if [ "${{ matrix.platform }}" = "iOS" ]; then - # Build archive - xcodebuild archive \ - GIT_SHA=${GITHUB_SHA} \ - -skipMacroValidation \ - -archivePath $RUNNER_TEMP/Firezone.xcarchive \ - -configuration Release \ - -scheme Firezone \ - -sdk ${{ matrix.sdk }} \ - -destination '${{ matrix.destination }}' - # Export IPA - xcodebuild \ - -exportArchive \ - -archivePath $RUNNER_TEMP/Firezone.xcarchive \ - -exportPath $RUNNER_TEMP/ \ - -exportOptionsPlist Firezone/ExportOptions.plist - - # Save resulting file to use for upload - echo "app_bundle=$RUNNER_TEMP/Firezone.ipa" >> "$GITHUB_OUTPUT" - elif [ "${{ matrix.platform }}" = "macOS" ]; then - # Build app bundle - xcodebuild build \ - GIT_SHA=${GITHUB_SHA} \ - -skipMacroValidation \ - -configuration Release \ - -scheme Firezone \ - -sdk ${{ matrix.sdk }} \ - -destination '${{ matrix.destination }}' - # Move it from randomized build output dir to somewhere we can find it - mv ~/Library/Developer/Xcode/DerivedData/Firezone-*/Build/Products/Release/Firezone.app $RUNNER_TEMP/. - # Create signed installer pkg - productbuild \ - --sign "${{ env.INSTALLER_CODE_SIGN_IDENTITY }}" \ - --component $RUNNER_TEMP/Firezone.app /Applications $RUNNER_TEMP/Firezone.pkg - - # Save resulting file to use for upload - echo "app_bundle=$RUNNER_TEMP/Firezone.pkg" >> "$GITHUB_OUTPUT" - else - echo "Unsupported platform" - exit 1 - fi - - name: Upload build to App Store Connect + IOS_APP_PROVISIONING_PROFILE: "${{ secrets.APPLE_IOS_APP_PROVISIONING_PROFILE }}" + IOS_NE_PROVISIONING_PROFILE: "${{ secrets.APPLE_IOS_NE_PROVISIONING_PROFILE }}" + MACOS_APP_PROVISIONING_PROFILE: "${{ secrets.APPLE_MACOS_APP_PROVISIONING_PROFILE }}" + MACOS_NE_PROVISIONING_PROFILE: "${{ secrets.APPLE_MACOS_NE_PROVISIONING_PROFILE }}" + STANDALONE_MACOS_APP_PROVISIONING_PROFILE: "${{ secrets.APPLE_STANDALONE_MACOS_APP_PROVISIONING_PROFILE }}" + STANDALONE_MACOS_NE_PROVISIONING_PROFILE: "${{ secrets.APPLE_STANDALONE_MACOS_NE_PROVISIONING_PROFILE }}" + BUILD_CERT: "${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}" + BUILD_CERT_PASS: "${{ secrets.APPLE_BUILD_CERTIFICATE_P12_PASSWORD }}" + INSTALLER_CERT: "${{ secrets.APPLE_MAC_INSTALLER_CERTIFICATE_BASE64 }}" + INSTALLER_CERT_PASS: "${{ secrets.APPLE_MAC_INSTALLER_CERTIFICATE_P12_PASSWORD }}" + STANDALONE_BUILD_CERT: "${{ secrets.APPLE_STANDALONE_BUILD_CERTIFICATE_BASE64 }}" + STANDALONE_BUILD_CERT_PASS: "${{ secrets.APPLE_STANDALONE_BUILD_CERTIFICATE_P12_PASSWORD }}" + ARTIFACT_PATH: "${{ runner.temp }}/${{ matrix.artifact-file }}" + NOTARIZE: "${{ (github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main') }}" + ISSUER_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_ISSUER_ID }}" + API_KEY_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_ID }}" + API_KEY: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY }}" + - run: ${{ matrix.upload-script }} if: ${{ github.event_name == 'workflow_dispatch' || (github.ref == 'refs/heads/main' && contains(github.event.head_commit.modified, 'elixir/VERSION')) }} env: - ISSUER_ID: ${{ secrets.APPLE_APP_STORE_CONNECT_ISSUER_ID }} - API_KEY_ID: ${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_ID }} - API_KEY: ${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY }} - run: | - # set up private key from env - mkdir -p ~/private_keys - echo "$API_KEY" > ~/private_keys/AuthKey_$API_KEY_ID.p8 - - # Submit app to App Store Connect - xcrun altool \ - --upload-app \ - -f ${{ steps.build.outputs.app_bundle }} \ - -t ${{ matrix.platform }} \ - --apiKey $API_KEY_ID \ - --apiIssuer $ISSUER_ID + ARTIFACT_PATH: "${{ runner.temp }}/${{ matrix.artifact-file }}" + ISSUER_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_ISSUER_ID }}" + API_KEY_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_ID }}" + API_KEY: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY }}" + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + RELEASE_NAME: "${{ matrix.release-name }}" + PLATFORM: "${{ matrix.platform }}" - uses: actions/cache/save@v4 if: ${{ steps.cache.outputs.cache-hit != 'true'}} name: Save Swift DerivedData Cache diff --git a/scripts/build/dmg_background.png b/scripts/build/dmg_background.png new file mode 100644 index 000000000..d792aa07c Binary files /dev/null and b/scripts/build/dmg_background.png differ diff --git a/scripts/build/ios-appstore.sh b/scripts/build/ios-appstore.sh new file mode 100755 index 000000000..6d47648e6 --- /dev/null +++ b/scripts/build/ios-appstore.sh @@ -0,0 +1,82 @@ +#!/usr/bin/env bash + +# Builds the Firezone iOS client for submitting to the App Store + +set -euo pipefail + +source "./scripts/build/lib.sh" + +# Define needed variables +app_profile_id=8da59aa3-e8da-4a8c-9902-2d540324d92c +ne_profile_id=0fccb78a-97c0-41b9-8c54-9c995280ea8e +temp_dir=$(mktemp -d) +archive_path="$temp_dir/Firezone.xcarchive" +export_options_plist_path="$temp_dir/ExportOptions.plist" +git_sha=${GITHUB_SHA:-$(git rev-parse HEAD)} +project_file=swift/apple/Firezone.xcodeproj +code_sign_identity="Apple Distribution: Firezone, Inc. (47R2M6779T)" + +if [ "${CI:-}" = "true" ]; then + # Configure the environment for building, signing, and packaging in CI + setup_runner \ + "$IOS_APP_PROVISIONING_PROFILE" \ + "$app_profile_id.mobileprovision" \ + "$IOS_NE_PROVISIONING_PROFILE" \ + "$ne_profile_id.mobileprovision" +fi + +# Build and sign app +set_project_build_version "$project_file/project.pbxproj" + +echo "Building and signing app..." +xcodebuild archive \ + GIT_SHA="$git_sha" \ + CODE_SIGN_STYLE=Manual \ + CODE_SIGN_IDENTITY="$code_sign_identity" \ + APP_PROFILE_ID="$app_profile_id" \ + NE_PROFILE_ID="$ne_profile_id" \ + -project "$project_file" \ + -skipMacroValidation \ + -archivePath "$archive_path" \ + -configuration Release \ + -scheme Firezone \ + -sdk iphoneos \ + -destination 'generic/platform=iOS' + +# iOS requires a separate export step; write out the export options plist +# here so we can inject the provisioning profile IDs +cat <"$export_options_plist_path" + + + + + method + app-store + provisioningProfiles + + dev.firezone.firezone + $app_profile_id + + dev.firezone.firezone.network-extension + $ne_profile_id + + + +EOF + +# Export the archive +# -exportPath MUST be a directory; the Firezone.ipa will be written here +xcodebuild \ + -exportArchive \ + -archivePath "$archive_path" \ + -exportPath "$temp_dir" \ + -exportOptionsPlist "$export_options_plist_path" + +package_path="$temp_dir/Firezone.ipa" + +echo "Package created at $package_path" + +# Move to final location the uploader expects +if [[ -n "${ARTIFACT_PATH:-}" ]]; then + mv "$package_path" "$ARTIFACT_PATH" +fi diff --git a/scripts/build/lib.sh b/scripts/build/lib.sh new file mode 100755 index 000000000..973116c29 --- /dev/null +++ b/scripts/build/lib.sh @@ -0,0 +1,95 @@ +#!/usr/bin/env bash + +set -e + +# See https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development +function setup_runner() { + local app_profile="$1" + local app_profile_file="$2" + local ne_profile="$3" + local ne_profile_file="$4" + profiles_path="$HOME/Library/Developer/Xcode/UserData/Provisioning Profiles" + keychain_pass=$(openssl rand -base64 32) + keychain_path="$(mktemp -d)/app-signing.keychain-db" + + # Select Xcode specified by the workflow + sudo xcode-select -s "/Applications/Xcode_$XCODE_VERSION.app" + + # Install provisioning profiles + mkdir -p "$profiles_path" + base64_decode "$app_profile" "$profiles_path/$app_profile_file" + base64_decode "$ne_profile" "$profiles_path/$ne_profile_file" + + # Create a keychain to use for signing + security create-keychain -p "$keychain_pass" "$keychain_path" + + # Set it as the default keychain so Xcode can find the signing certs + security default-keychain -s "$keychain_path" + + # Ensure it stays unlocked during the build + security set-keychain-settings -lut 21600 "$keychain_path" + + # Unlock the keychain for use + security unlock-keychain -p "$keychain_pass" "$keychain_path" + + # Install signing certs + install_cert \ + "$BUILD_CERT" \ + "$BUILD_CERT_PASS" \ + "$keychain_pass" \ + "$keychain_path" + install_cert \ + "$INSTALLER_CERT" \ + "$INSTALLER_CERT_PASS" \ + "$keychain_pass" \ + "$keychain_path" + install_cert \ + "$STANDALONE_BUILD_CERT" \ + "$STANDALONE_BUILD_CERT_PASS" \ + "$keychain_pass" \ + "$keychain_path" +} + +function base64_decode() { + local input_stdin="$1" + local output_path="$2" + + echo -n "$input_stdin" | base64 --decode -o "$output_path" +} + +function install_cert() { + local cert_path + local cert="$1" + local pass="$2" + local keychain_pass="$3" + local keychain_path="$4" + + cert_path="$(mktemp -d)/cert.p12" + + base64_decode "$cert" "$cert_path" + + # Import cert into keychain + security import "$cert_path" \ + -P "$pass" \ + -A \ + -t cert \ + -f pkcs12 \ + -k "$keychain_path" + + # Prevent the keychain from asking for password to access the cert + security set-key-partition-list \ + -S apple-tool:,apple: \ + -k "$keychain_pass" \ + "$keychain_path" + + # Clean up + rm "$cert_path" +} + +function set_project_build_version() { + local project_file="$1" + + seconds_since_epoch=$(date +%s) + sed -i '' "s/CURRENT_PROJECT_VERSION = [0-9]/CURRENT_PROJECT_VERSION = $seconds_since_epoch/" \ + "$project_file" +} diff --git a/scripts/build/macos-appstore.sh b/scripts/build/macos-appstore.sh new file mode 100755 index 000000000..7b3256fd5 --- /dev/null +++ b/scripts/build/macos-appstore.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash + +# Builds the Firezone macOS client for submitting to the App Store + +set -euo pipefail + +source "./scripts/build/lib.sh" + +# Define needed variables +app_profile_id=2bf20e38-81ea-40d0-91e5-330cf58f52d9 +ne_profile_id=2c683d1a-4479-451c-9ee6-ae7d4aca5c93 +temp_dir=$(mktemp -d) +package_path="$temp_dir/Firezone.pkg" +git_sha=${GITHUB_SHA:-$(git rev-parse HEAD)} +project_file=swift/apple/Firezone.xcodeproj +code_sign_identity="Apple Distribution: Firezone, Inc. (47R2M6779T)" +installer_code_sign_identity="3rd Party Mac Developer Installer: Firezone, Inc. (47R2M6779T)" + +if [ "${CI:-}" = "true" ]; then + # Configure the environment for building, signing, and packaging in CI + setup_runner \ + "$MACOS_APP_PROVISIONING_PROFILE" \ + "$app_profile_id.provisionprofile" \ + "$MACOS_NE_PROVISIONING_PROFILE" \ + "$ne_profile_id.provisionprofile" +fi + +# Build and sign +set_project_build_version "$project_file/project.pbxproj" + +echo "Building and signing app..." +xcodebuild build \ + GIT_SHA="$git_sha" \ + CODE_SIGN_STYLE=Manual \ + CODE_SIGN_IDENTITY="$code_sign_identity" \ + CONFIGURATION_BUILD_DIR="$temp_dir" \ + APP_PROFILE_ID="$app_profile_id" \ + NE_PROFILE_ID="$ne_profile_id" \ + ONLY_ACTIVE_ARCH=NO \ + -project "$project_file" \ + -skipMacroValidation \ + -configuration Release \ + -scheme Firezone \ + -sdk macosx \ + -destination 'platform=macOS' + +# Mac App Store requires a signed installer package +productbuild \ + --sign "$installer_code_sign_identity" \ + --component "$temp_dir/Firezone.app" \ + /Applications \ + "$package_path" + +echo "Installer package created at $package_path" + +# Move to final location the uploader expects +if [[ -n "${ARTIFACT_PATH:-}" ]]; then + mv "$package_path" "$ARTIFACT_PATH" +fi diff --git a/scripts/build/macos-standalone.sh b/scripts/build/macos-standalone.sh new file mode 100755 index 000000000..1be92cbbe --- /dev/null +++ b/scripts/build/macos-standalone.sh @@ -0,0 +1,127 @@ +#!/usr/bin/env bash + +# Builds the Firezone macOS client for standalone distribution + +set -euo pipefail + +source "./scripts/build/lib.sh" + +# Define needed variables +app_profile_id=c5d97f71-de80-4dfc-80f8-d0a4393ff082 +ne_profile_id=153db941-2136-4d6c-96ef-52f748521e78 +notarize=${NOTARIZE:-"false"} +temp_dir=$(mktemp -d) +dmg_dir="$temp_dir/dmg" +dmg_path="$temp_dir/Firezone.dmg" +package_path="$temp_dir/package.dmg" +git_sha=${GITHUB_SHA:-$(git rev-parse HEAD)} +project_file=swift/apple/Firezone.xcodeproj +codesign_identity="Developer ID Application: Firezone, Inc. (47R2M6779T)" + +if [ "${CI:-}" = "true" ]; then + # Configure the environment for building, signing, and packaging in CI + setup_runner \ + "$STANDALONE_MACOS_APP_PROVISIONING_PROFILE" \ + "$app_profile_id.provisionprofile" \ + "$STANDALONE_MACOS_NE_PROVISIONING_PROFILE" \ + "$ne_profile_id.provisionprofile" +fi + +# Build and sign +set_project_build_version "$project_file/project.pbxproj" + +echo "Building and signing app..." +xcodebuild build \ + GIT_SHA="$git_sha" \ + CODE_SIGN_STYLE=Manual \ + CODE_SIGN_IDENTITY="$codesign_identity" \ + PACKET_TUNNEL_PROVIDER_SUFFIX=-systemextension \ + OTHER_CODE_SIGN_FLAGS="--timestamp" \ + CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO \ + CONFIGURATION_BUILD_DIR="$temp_dir" \ + APP_PROFILE_ID="$app_profile_id" \ + NE_PROFILE_ID="$ne_profile_id" \ + ONLY_ACTIVE_ARCH=NO \ + -project "$project_file" \ + -skipMacroValidation \ + -configuration Release \ + -scheme Firezone \ + -sdk macosx \ + -destination 'platform=macOS' + +# Notarize app before embedding within disk image +if [ "$notarize" = "true" ]; then + # Notary service expects a single file, not app bundle + ditto -c -k "$temp_dir/Firezone.app" "$temp_dir/Firezone.zip" + + private_key_path="$temp_dir/firezone-api-key.p8" + base64_decode "$API_KEY" "$private_key_path" + + # Submit app bundle to be notarized. Can take a few minutes. + # Notarizes embedded app bundle as well. + xcrun notarytool submit "$temp_dir/Firezone.zip" \ + --key "$private_key_path" \ + --key-id "$API_KEY_ID" \ + --issuer "$ISSUER_ID" \ + --wait + + # Clean up private key + rm "$private_key_path" + + # Staple notarization ticket to app bundle + xcrun stapler staple "$temp_dir/Firezone.app" +fi + +# Create disk image +mkdir -p "$dmg_dir/.background" +mv "$temp_dir/Firezone.app" "$dmg_dir/Firezone.app" +cp "scripts/build/dmg_background.png" "$dmg_dir/.background/background.png" +ln -s /Applications "$dmg_dir/Applications" +hdiutil create \ + -volname "Firezone Installer" \ + -srcfolder "$dmg_dir" \ + -ov \ + -format UDRW \ + "$package_path" + +# Mount disk image for customization +mount_dir=$(hdiutil attach "$package_path" -readwrite -noverify -noautoopen | grep -o "/Volumes/.*") + +# Embed background image to instruct user to drag app to /Applications +osascript <"$ARTIFACT_PATH.sha256sum.txt" + +gh release upload "$RELEASE_NAME" \ + "$ARTIFACT_PATH" \ + "$ARTIFACT_PATH.sha256sum.txt" \ + $clobber \ + --repo "$GITHUB_REPOSITORY" diff --git a/swift/apple/.gitignore b/swift/apple/.gitignore index 0710a291c..96e92751f 100644 --- a/swift/apple/.gitignore +++ b/swift/apple/.gitignore @@ -5,5 +5,4 @@ DerivedData/ xcuserdata/ **/*.xcuserstate -Firezone/xcconfig/config.xcconfig FirezoneNetworkExtension/Connlib diff --git a/swift/apple/Firezone.xcodeproj/project.pbxproj b/swift/apple/Firezone.xcodeproj/project.pbxproj index fdc40bbc5..6f72e9eb0 100644 --- a/swift/apple/Firezone.xcodeproj/project.pbxproj +++ b/swift/apple/Firezone.xcodeproj/project.pbxproj @@ -595,8 +595,7 @@ OTHER_LDFLAGS = "-lconnlib"; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited).network-extension"; PRODUCT_NAME = "$(PRODUCT_BUNDLE_IDENTIFIER)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "$(IOS_NE_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(NE_PROFILE_ID)"; SDKROOT = iphoneos; SKIP_INSTALL = YES; SUPPORTED_PLATFORMS = iphoneos; @@ -637,8 +636,7 @@ OTHER_LDFLAGS = "-lconnlib"; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited).network-extension"; PRODUCT_NAME = "$(PRODUCT_BUNDLE_IDENTIFIER)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "$(IOS_NE_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(NE_PROFILE_ID)"; SDKROOT = iphoneos; SKIP_INSTALL = YES; SUPPORTED_PLATFORMS = iphoneos; @@ -679,7 +677,7 @@ OTHER_LDFLAGS = "-lconnlib"; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited).network-extension"; PRODUCT_NAME = "$(PRODUCT_BUNDLE_IDENTIFIER)"; - PROVISIONING_PROFILE_SPECIFIER = ""; + PROVISIONING_PROFILE_SPECIFIER = "$(NE_PROFILE_ID)"; SDKROOT = macosx; SKIP_INSTALL = YES; SUPPORTED_PLATFORMS = macosx; @@ -717,8 +715,7 @@ OTHER_LDFLAGS = "-lconnlib"; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited).network-extension"; PRODUCT_NAME = "$(PRODUCT_BUNDLE_IDENTIFIER)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "$(MACOS_NE_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(NE_PROFILE_ID)"; SDKROOT = macosx; SKIP_INSTALL = YES; SUPPORTED_PLATFORMS = macosx; @@ -883,9 +880,7 @@ OTHER_LDFLAGS = ""; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited)"; PRODUCT_NAME = "$(TARGET_NAME)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "$(IOS_APP_PROVISIONING_PROFILE_IDENTIFIER)"; - "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "$(MACOS_APP_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(APP_PROFILE_ID)"; SDKROOT = auto; SUPPORTED_PLATFORMS = "iphoneos macosx"; SWIFT_EMIT_LOC_STRINGS = YES; @@ -934,9 +929,7 @@ PRODUCT_BUNDLE_IDENTIFIER = "$(inherited)"; PRODUCT_MODULE_NAME = "$(PRODUCT_NAME:c99extidentifier)"; PRODUCT_NAME = "$(TARGET_NAME)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "$(IOS_APP_PROVISIONING_PROFILE_IDENTIFIER)"; - "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "$(MACOS_APP_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(APP_PROFILE_ID)"; SDKROOT = auto; SUPPORTED_PLATFORMS = "iphoneos macosx"; SWIFT_EMIT_LOC_STRINGS = YES; diff --git a/swift/apple/Firezone/ExportOptions.plist b/swift/apple/Firezone/ExportOptions.plist deleted file mode 100644 index ffb295f7b..000000000 --- a/swift/apple/Firezone/ExportOptions.plist +++ /dev/null @@ -1,16 +0,0 @@ - - - - - method - app-store - provisioningProfiles - - dev.firezone.firezone - 07102026-065f-4cc0-800b-5f8595c50ce8 - - dev.firezone.firezone.network-extension - c6feb05e-063a-4429-8563-57c1d2755067 - - - diff --git a/swift/apple/Firezone/xcconfig/app_store.xcconfig b/swift/apple/Firezone/xcconfig/app_store.xcconfig deleted file mode 100644 index af03b8513..000000000 --- a/swift/apple/Firezone/xcconfig/app_store.xcconfig +++ /dev/null @@ -1,13 +0,0 @@ -// Apple Developer account-specific configuration for App Store distribution -DEVELOPMENT_TEAM = 47R2M6779T -PRODUCT_BUNDLE_IDENTIFIER = dev.firezone.firezone -APP_GROUP_ID[sdk=macosx*] = 47R2M6779T.dev.firezone.firezone -APP_GROUP_ID_PRE_1_4_0[sdk=macosx*] = 47R2M6779T.group.dev.firezone.firezone -APP_GROUP_ID[sdk=iphoneos*] = group.dev.firezone.firezone -APP_GROUP_ID_PRE_1_4_0[sdk=iphoneos*] = group.dev.firezone.firezone -CODE_SIGN_STYLE = Manual -CODE_SIGN_IDENTITY = Apple Distribution: Firezone, Inc. (47R2M6779T) -IOS_APP_PROVISIONING_PROFILE_IDENTIFIER = 07102026-065f-4cc0-800b-5f8595c50ce8 -MACOS_APP_PROVISIONING_PROFILE_IDENTIFIER = 9933ad98-3698-4782-ba8c-7e2da4c9835a -IOS_NE_PROVISIONING_PROFILE_IDENTIFIER = c6feb05e-063a-4429-8563-57c1d2755067 -MACOS_NE_PROVISIONING_PROFILE_IDENTIFIER = 789f5daf-bc9a-49fd-befd-bcfc88dd97a1 diff --git a/swift/apple/Firezone/xcconfig/debug.xcconfig b/swift/apple/Firezone/xcconfig/config.xcconfig similarity index 100% rename from swift/apple/Firezone/xcconfig/debug.xcconfig rename to swift/apple/Firezone/xcconfig/config.xcconfig diff --git a/swift/apple/Firezone/xcconfig/standalone.xcconfig b/swift/apple/Firezone/xcconfig/standalone.xcconfig deleted file mode 100644 index 8f85bf440..000000000 --- a/swift/apple/Firezone/xcconfig/standalone.xcconfig +++ /dev/null @@ -1,12 +0,0 @@ -// Apple Developer account-specific configuration for Standalone distribution -DEVELOPMENT_TEAM = 47R2M6779T -PRODUCT_BUNDLE_IDENTIFIER = dev.firezone.firezone -APP_GROUP_ID[sdk=macosx*] = 47R2M6779T.dev.firezone.firezone -APP_GROUP_ID_PRE_1_4_0[sdk=macosx*] = 47R2M6779T.group.dev.firezone.firezone -APP_GROUP_ID[sdk=iphoneos*] = group.dev.firezone.firezone -APP_GROUP_ID_PRE_1_4_0[sdk=iphoneos*] = group.dev.firezone.firezone -CODE_SIGN_STYLE = Manual -CODE_SIGN_IDENTITY = Developer ID Application: Firezone, Inc. (47R2M6779T) -MACOS_APP_PROVISIONING_PROFILE_IDENTIFIER = 734b5163-46a4-4676-9ee7-01f25ec968e7 -MACOS_NE_PROVISIONING_PROFILE_IDENTIFIER = 6c0eee5f-00fd-40ab-ba6c-6ae83c59d19d -PACKET_TUNNEL_PROVIDER_SUFFIX = -systemextension