From 0c3840958820e9b801b17aae53edd4fe889dd4d0 Mon Sep 17 00:00:00 2001 From: Jamil Date: Sat, 28 Dec 2024 16:28:09 -0600 Subject: [PATCH] ci: Add standalone macOS build support (#7581) The CI swift workflow needs to be updated to accommodate the macOS standalone build. This required a decent amount of refactoring to make the Apple build process more maintainable. Unfortunately this PR ended up being a giant ball of yarn where pulling on one thread tended to unravel things elsewhere, since building the Apple artifacts involve multiple interconnected systems. Combined with the slow iteration of running in CI, I wasn't able to split this PR into easier to digest commits, so I've annotated the PR as much as I can to explain what's changed. The good news is that Apple release artifacts can now be easily built from a developer's machine with simply `scripts/build/macos-standalone.sh`. The only thing needed is the proper provisioning profiles and signing certs installed. Since this PR is so big already, I'll save the swift/apple/README.md updates for another PR. --- .github/workflows/_swift.yml | 203 +++++------------- scripts/build/dmg_background.png | Bin 0 -> 11869 bytes scripts/build/ios-appstore.sh | 82 +++++++ scripts/build/lib.sh | 95 ++++++++ scripts/build/macos-appstore.sh | 59 +++++ scripts/build/macos-standalone.sh | 127 +++++++++++ scripts/upload/app-store-connect.sh | 31 +++ scripts/upload/github-release.sh | 21 ++ swift/apple/.gitignore | 1 - .../apple/Firezone.xcodeproj/project.pbxproj | 19 +- swift/apple/Firezone/ExportOptions.plist | 16 -- .../Firezone/xcconfig/app_store.xcconfig | 13 -- .../{debug.xcconfig => config.xcconfig} | 0 .../Firezone/xcconfig/standalone.xcconfig | 12 -- 14 files changed, 477 insertions(+), 202 deletions(-) create mode 100644 scripts/build/dmg_background.png create mode 100755 scripts/build/ios-appstore.sh create mode 100755 scripts/build/lib.sh create mode 100755 scripts/build/macos-appstore.sh create mode 100755 scripts/build/macos-standalone.sh create mode 100755 scripts/upload/app-store-connect.sh create mode 100755 scripts/upload/github-release.sh delete mode 100644 swift/apple/Firezone/ExportOptions.plist delete mode 100644 swift/apple/Firezone/xcconfig/app_store.xcconfig rename swift/apple/Firezone/xcconfig/{debug.xcconfig => config.xcconfig} (100%) delete mode 100644 swift/apple/Firezone/xcconfig/standalone.xcconfig diff --git a/.github/workflows/_swift.yml b/.github/workflows/_swift.yml index cb33b431f..4e952179d 100644 --- a/.github/workflows/_swift.yml +++ b/.github/workflows/_swift.yml @@ -5,172 +5,81 @@ on: jobs: build: - name: build-${{ matrix.sdk }} - runs-on: ${{ matrix.runs-on }} + name: ${{ matrix.job_name }} + runs-on: macos-15 + permissions: + contents: read + id-token: "write" + env: + XCODE_VERSION: "16.2" strategy: fail-fast: false matrix: include: - - sdk: macosx - runs-on: macos-14 - platform: macOS - xcode: "15.2" - destination: platform=macOS - - sdk: iphoneos - runs-on: macos-14 + - job_name: build-ios + rust-targets: aarch64-apple-ios + build-script: scripts/build/ios-appstore.sh + upload-script: scripts/upload/app-store-connect.sh + artifact-file: "Firezone.ipa" platform: iOS - xcode: "15.2" - destination: generic/platform=iOS - permissions: - contents: read - id-token: "write" - defaults: - run: - working-directory: ./swift/apple + + - job_name: build-macos-appstore + rust-targets: aarch64-apple-darwin x86_64-apple-darwin + build-script: scripts/build/macos-appstore.sh + upload-script: scripts/upload/app-store-connect.sh + artifact-file: "Firezone.pkg" + platform: macOS + + - job_name: build-macos-standalone + rust-targets: aarch64-apple-darwin x86_64-apple-darwin + build-script: scripts/build/macos-standalone.sh + upload-script: scripts/upload/github-release.sh + # mark:next-apple-version + artifact-file: "firezone-macos-client-1.4.0.dmg" + # mark:next-apple-version + release-name: macos-client-1.4.0 steps: - uses: actions/checkout@v4 with: fetch-tags: true # Otherwise we cannot embed the correct version into the build. - uses: ./.github/actions/setup-rust with: - targets: aarch64-apple-darwin aarch64-apple-ios x86_64-apple-darwin + targets: ${{ matrix.rust-targets }} - uses: actions/cache/restore@v4 name: Restore Swift DerivedData Cache id: cache with: path: ~/Library/Developer/Xcode/DerivedData - key: ${{ matrix.runs-on }}-${{ hashFiles('swift/*', 'rust/**/*.rs', 'rust/**/*.toml', 'rust/**/*.lock}') }} - - name: Install the Apple build certificate and provisioning profile + key: ${{ runner.os }}-${{ hashFiles('swift/*', 'rust/**/*.rs', 'rust/**/*.toml', 'rust/**/*.lock}') }} + - run: ${{ matrix.build-script }} env: - BUILD_CERT: ${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }} - BUILD_CERT_PASS: ${{ secrets.APPLE_BUILD_CERTIFICATE_P12_PASSWORD }} - INSTALLER_CERT: ${{ secrets.APPLE_MAC_INSTALLER_CERTIFICATE_BASE64 }} - INSTALLER_CERT_PASS: ${{ secrets.APPLE_MAC_INSTALLER_CERTIFICATE_P12_PASSWORD }} - KEYCHAIN_PASS: ${{ secrets.APPLE_RUNNER_KEYCHAIN_PASSWORD }} - IOS_APP_PP: ${{ secrets.APPLE_IOS_APP_PROVISIONING_PROFILE }} - IOS_NE_PP: ${{ secrets.APPLE_IOS_NE_PROVISIONING_PROFILE }} - MACOS_APP_PP: ${{ secrets.APPLE_MACOS_APP_PROVISIONING_PROFILE }} - MACOS_NE_PP: ${{ secrets.APPLE_MACOS_NE_PROVISIONING_PROFILE }} - run: | - BUILD_CERT_PATH=$RUNNER_TEMP/build_certificate.p12 - INSTALLER_CERT_PATH=$RUNNER_TEMP/installer_certificate.cer - - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - PP_PATH=~/Library/MobileDevice/Provisioning\ Profiles - mkdir -p "$PP_PATH" - - # import certificate and provisioning profiles from secrets - echo -n "$BUILD_CERT" | base64 --decode -o $BUILD_CERT_PATH - - # Matrix won't let us access secrets (for good reason), so use an explicit conditional here instead - if [ "${{ matrix.platform }}" = "iOS" ]; then - echo -n "$IOS_APP_PP" | base64 --decode -o "$PP_PATH"/app.mobileprovision - echo -n "$IOS_NE_PP" | base64 --decode -o "$PP_PATH"/ne.mobileprovision - elif [ "${{ matrix.platform }}" = "macOS" ]; then - echo -n "$MACOS_APP_PP" | base64 --decode -o "$PP_PATH"/app.provisionprofile - echo -n "$MACOS_NE_PP" | base64 --decode -o "$PP_PATH"/ne.provisionprofile - - # Submission to the macOS app store requires an installer package - # which must be signed separately. - echo -n "$INSTALLER_CERT" | base64 --decode -o $INSTALLER_CERT_PATH - else - echo "Platform not supported" - exit 1 - fi - - # create temporary keychain - security create-keychain -p "$KEYCHAIN_PASS" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASS" $KEYCHAIN_PATH - - # import certificate to keychain - security import $BUILD_CERT_PATH -P "$BUILD_CERT_PASS" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - - if [ "${{ matrix.platform }}" = "macOS" ]; then - security import $INSTALLER_CERT_PATH -P "$INSTALLER_CERT_PASS" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - fi - security list-keychain -d user -s $KEYCHAIN_PATH - - name: Build and sign app - id: build - env: - # Build universal binary - ONLY_ACTIVE_ARCH: no - # Needed because `productbuild` doesn't support picking this up automatically like Xcode does - INSTALLER_CODE_SIGN_IDENTITY: "3rd Party Mac Developer Installer: Firezone, Inc. (47R2M6779T)" - run: | - # Use the same Xcode version as development - sudo xcode-select -s /Applications/Xcode_${{ matrix.xcode }}.app - - # Copy xcconfig - cp Firezone/xcconfig/app_store.xcconfig Firezone/xcconfig/config.xcconfig - - # App Store Connect requires a new build version on each upload and it must be an integer. - # See https://developer.apple.com/documentation/xcode/build-settings-reference#Current-Project-Version - seconds_since_epoch=$(date +%s) - sed -i '' "s/CURRENT_PROJECT_VERSION = [0-9]/CURRENT_PROJECT_VERSION = $seconds_since_epoch/" \ - Firezone.xcodeproj/project.pbxproj - - # Unfortunately the macOS app requires an installer package to make it into the App Store, - # while iOS requires an ipa. The process for building each of these is slightly different. - if [ "${{ matrix.platform }}" = "iOS" ]; then - # Build archive - xcodebuild archive \ - GIT_SHA=${GITHUB_SHA} \ - -skipMacroValidation \ - -archivePath $RUNNER_TEMP/Firezone.xcarchive \ - -configuration Release \ - -scheme Firezone \ - -sdk ${{ matrix.sdk }} \ - -destination '${{ matrix.destination }}' - # Export IPA - xcodebuild \ - -exportArchive \ - -archivePath $RUNNER_TEMP/Firezone.xcarchive \ - -exportPath $RUNNER_TEMP/ \ - -exportOptionsPlist Firezone/ExportOptions.plist - - # Save resulting file to use for upload - echo "app_bundle=$RUNNER_TEMP/Firezone.ipa" >> "$GITHUB_OUTPUT" - elif [ "${{ matrix.platform }}" = "macOS" ]; then - # Build app bundle - xcodebuild build \ - GIT_SHA=${GITHUB_SHA} \ - -skipMacroValidation \ - -configuration Release \ - -scheme Firezone \ - -sdk ${{ matrix.sdk }} \ - -destination '${{ matrix.destination }}' - # Move it from randomized build output dir to somewhere we can find it - mv ~/Library/Developer/Xcode/DerivedData/Firezone-*/Build/Products/Release/Firezone.app $RUNNER_TEMP/. - # Create signed installer pkg - productbuild \ - --sign "${{ env.INSTALLER_CODE_SIGN_IDENTITY }}" \ - --component $RUNNER_TEMP/Firezone.app /Applications $RUNNER_TEMP/Firezone.pkg - - # Save resulting file to use for upload - echo "app_bundle=$RUNNER_TEMP/Firezone.pkg" >> "$GITHUB_OUTPUT" - else - echo "Unsupported platform" - exit 1 - fi - - name: Upload build to App Store Connect + IOS_APP_PROVISIONING_PROFILE: "${{ secrets.APPLE_IOS_APP_PROVISIONING_PROFILE }}" + IOS_NE_PROVISIONING_PROFILE: "${{ secrets.APPLE_IOS_NE_PROVISIONING_PROFILE }}" + MACOS_APP_PROVISIONING_PROFILE: "${{ secrets.APPLE_MACOS_APP_PROVISIONING_PROFILE }}" + MACOS_NE_PROVISIONING_PROFILE: "${{ secrets.APPLE_MACOS_NE_PROVISIONING_PROFILE }}" + STANDALONE_MACOS_APP_PROVISIONING_PROFILE: "${{ secrets.APPLE_STANDALONE_MACOS_APP_PROVISIONING_PROFILE }}" + STANDALONE_MACOS_NE_PROVISIONING_PROFILE: "${{ secrets.APPLE_STANDALONE_MACOS_NE_PROVISIONING_PROFILE }}" + BUILD_CERT: "${{ secrets.APPLE_BUILD_CERTIFICATE_BASE64 }}" + BUILD_CERT_PASS: "${{ secrets.APPLE_BUILD_CERTIFICATE_P12_PASSWORD }}" + INSTALLER_CERT: "${{ secrets.APPLE_MAC_INSTALLER_CERTIFICATE_BASE64 }}" + INSTALLER_CERT_PASS: "${{ secrets.APPLE_MAC_INSTALLER_CERTIFICATE_P12_PASSWORD }}" + STANDALONE_BUILD_CERT: "${{ secrets.APPLE_STANDALONE_BUILD_CERTIFICATE_BASE64 }}" + STANDALONE_BUILD_CERT_PASS: "${{ secrets.APPLE_STANDALONE_BUILD_CERTIFICATE_P12_PASSWORD }}" + ARTIFACT_PATH: "${{ runner.temp }}/${{ matrix.artifact-file }}" + NOTARIZE: "${{ (github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main') }}" + ISSUER_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_ISSUER_ID }}" + API_KEY_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_ID }}" + API_KEY: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY }}" + - run: ${{ matrix.upload-script }} if: ${{ github.event_name == 'workflow_dispatch' || (github.ref == 'refs/heads/main' && contains(github.event.head_commit.modified, 'elixir/VERSION')) }} env: - ISSUER_ID: ${{ secrets.APPLE_APP_STORE_CONNECT_ISSUER_ID }} - API_KEY_ID: ${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_ID }} - API_KEY: ${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY }} - run: | - # set up private key from env - mkdir -p ~/private_keys - echo "$API_KEY" > ~/private_keys/AuthKey_$API_KEY_ID.p8 - - # Submit app to App Store Connect - xcrun altool \ - --upload-app \ - -f ${{ steps.build.outputs.app_bundle }} \ - -t ${{ matrix.platform }} \ - --apiKey $API_KEY_ID \ - --apiIssuer $ISSUER_ID + ARTIFACT_PATH: "${{ runner.temp }}/${{ matrix.artifact-file }}" + ISSUER_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_ISSUER_ID }}" + API_KEY_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_ID }}" + API_KEY: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY }}" + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + RELEASE_NAME: "${{ matrix.release-name }}" + PLATFORM: "${{ matrix.platform }}" - uses: actions/cache/save@v4 if: ${{ steps.cache.outputs.cache-hit != 'true'}} name: Save Swift DerivedData Cache diff --git a/scripts/build/dmg_background.png b/scripts/build/dmg_background.png new file mode 100644 index 0000000000000000000000000000000000000000..d792aa07c7052ed4866715b766e35b13c84d1226 GIT binary patch literal 11869 zcmeHtiCdECyFYEyG)+2<`PDMDX-d;d)5<-qX*DG(BQ+PM$Q(<=9T$XZW-|9ubIGm6 zWt5a$0u=?z1-G=^PzfzuFdTL2o@ zg4dL?HDaNqUg(<)(-Z@O2<Qbn<*GfIqN?Sio0^?iSVNUPIkvh{Q@$P)9I`QL9cZ$bp>$~? ztB@zsZ|kWJk}*Oo)suP4`@=zu2ID~&*)`(g>P-pn<3{d;T5 zH-D@H)$8&nH-YXSjgT5uO$ny5bEpMPAdpU*KJXe$uDa!j60HY$|FF&%1d76Jj9v#a z`@{VhzqK&%?1nSGTSM$kler$NlR&A4StG2Q6$0nh+pJzNc*a^_; z_=gq{rXh31Cv$gG8tC!d^Wwu9TQoVpR978ge0di#kec zHM6K$HGJP1{2q1hQg!e9u(cj*+$XW$s(b6GdrxjxI~D(=cDh@wfsLjb@T9rAxeTJ_ zrK|S2P^S(9^m1v9D`_z^@wgZ+?F>8))sUw1@g=u-pzaFBk+RmIP@*I}F zjsWdfTVFZ}fKGmkQtg5&*q>2HKZNa9vn*zA1c7?C@IP2!lnVE`$72})WWL^?BDFOs~`&do>7xRgB>N0-W zZe#S#avsKTJwQcg9jN6qf7SN69N$MtAw}&xnE?BpB!y)LZUEhH|0n#l!2G{_QF*q9 zJ|uxa#(V!!=*#~qTP`@QyaP&Db!pu-J>@B@0;gaH5>N%HJJNq81Y(4`Cn4Ak*Srre>9Sq zh+D=A!_?j#Tqr;mOrn+No3^P<{nr@ujU`2C1L^a>_qrPjiD?caCiM0fsUTx-U#gQ`Jw+AHI_00oXOkT+M+yrd}6?oSIvu9Q)&i+5geV z{V(jl3jC|U|3eBa*fxC&8ZBQs&23dKSb%JvWlLLeearGu$-7F^!t+jOZBpZJ2$C)Rjq1+#2cD9}F{HfQF($-xOaZ#I9!sh#gqYF?R0of-e4i9M9VzKYgTa>aI$ zN(YGBIEu_mR>A8@3p=jDF1JV9&nl)}=DvAtZNbnydZ+-0W$sj!jWV3Kwrm0B=yaz8Vb$E=@-i=FWRbsU?*)~gmLU6m5 z^JI&fprQvL^My>r)De%^;hnyB1}jDxyuF?FNF_a~O*)3AgO<^Ax*EmBj!ukCgw!5F zDplanJhW%R$bh-MVM{3UHj86Y0$uPfA-^E?1Jk(O#;6Bn^AHP+1+1N~kxd-)=fokg zkJ$+4C-T!##s66j_4Q|&ypUMskpZ*>_DwzC28;cao)B#Zf0GuH21s`y4`c(QkNPZ3 z3(m&wH2VY82WH6ZHyyn$T-F#_I=&59UB%l+J#cxO$|xW)?3)MDn%~&5Opbh7-Q)G0 zZWGrP#|oL8^l{KI_2!9j(w_3ABBbGnaQp$GnGrM@;9=A787uoI@=_72ZP{^8eCnBxqkw9_k=c$sGq)M zHoN${7d&Eu;Yg3F$Caisd>%zOG+n$+?+VlRdo;&wb)?uvgUjL41HsL(zTsrQ2r2Hi zwx%Bvd+6XcgdQY1RjGSRI}Q7_k)cCZh#GUc&80>LBj%brG~z6VXoVSe8bk>->I;T& zr8FU4(%l2ymU&N$g^FF0cp+pHf}Z*m%ZS~Crvr!^6{%Fb|8G*twZ5gkiFDeraAF9F zH#hoB1?^>;lVpgc(~Jz57tsw;=*n3-+(pvGfKPiF%E;9z(bQ5h!SWg8;$V0OrCSsz zP5E+Hg`Gfs&-1Uedqkf!GDs~ry+VM`_bk}0$g>Pz&6j7{J(7Pqrm*d%w^fKy$1M*# zb5&;Y`B6CC8!n*{@@y-jezTX^4qPjw7M2~eP$cFo$|~4m@M3mZ>Q~2C2rqh$F^obm zM;;eO=`{&5_d8wx$T$};VawhU?TIa#v0j8f=l+d7?xhvaKFwHBxJ9ks2AXvCWN4xa zUYZn1Xj(0>8X325u~Zx_@9E^65gO$gZ-e@ik+G$k+mP@t+(Ju@nOc4_j9Mq@w9CBF z9;}3(7`$4b(v6=%)}RMB^&wpGQp6%s41M1OKW*KAZC0?AO-lJ12!k+bxIdzPC(DECb zK6ZyD!o3Pge6|(i`0+(svmzK7RsH!QO$6K2#a$q7=6Aj3>S6aDw6Mcuy?;<;0aYRbRBU@*ilSDC(Z4i3%vtjyT!p!9- zC}+bP)cOYQu4={Tb?G5W-#}%|Kyrc8$AAr=O;o&x5%?HU7k%h584R%vx|8)2zG%N> zfM{^KB5;EHRK#p+vTHW*xWm!WWqgguH)@gJeXk&XR`KVm5m+r2PirzT>g#vs<$GbB!~6h3bdE$3nsQeklXg?rkh^TUqejtWvhH^(5-Fq;jN`5i^8eynIWc76AFJ?+6f+3Sb z9fHERhj`RWg)XTG1lG1J?)qo!YF$En=enx|N@{C{h<=Dc z`dhQ{dPo$zmz2=d!5{TFFDuZ7i=h@w(?^2hzg|&RF$wX~s&iT7It_VNoSt~52WL0< z+~$z{a`aqbQ&7z@u5OS^LxnL#Vb%t`LcjL{XChsX!#$ypF=lwF^=FtSH1nA~(qD2C zW3Dr6U78pz_he$c&qp^r_qbkFj_^9KB9GC?_@yFt0P{9y;+zcN<6#Z%4Lf0h)t{l8 zn)i6fF*^t4EBT6whl=OAFj~a-Qh40V&T-~S_W%zi3J6OLiIY$O;G0@3Nif50$$dj~ zb3&`Vv3T+_GjjJ`8W@7H_I#cfxN_MLDw&oTbx-#^eo&J&FL%}-h0mG8ctk~o*g9D@;ame&h^tCtk7j@B40J7P!d}sW#Tg!VqyA=vm9f=Tz}IU!%E+E9N#B*;C+(=7OY5VFPF zFZ3J@@~m+l%>u!w%`gAS$rIMTuqj4csRKT(^Nwch5pUN$gCF$p8$=qHvMY44Wnw!G z?(4!%a|mS?;Im`kBkjjHShF1r!6J|lLz4x*D8-<9=eZG-dOoc z5x0P{FmK80w;$HP{jGXv6gR=p#HMm0y0i1V+86Ak0k`T6DspI)rI~EvYkH153U4Hm z@9*Hg#_4@>5jQ7UT91k3y$As`nb;q*k7BC9ElvoDgB?hDMoEaCQTe?>!`UWo7v*)? z7LRq_C-3N`&u6D zO`ea_Ff>bOR%)S|MaVhgZv!w3XSY|H4AlGVNQCTx+jwEg}RZpBe+mb{fY+Kp` z5hFSCYy_q~<3~x5$wOcba}Q+|x>W+lh+d?V%z=?4HOk_} zTOaND)cyOYzldnki`~&g@CC;Jd+VPA zp64)8`^~owR^6&sd4dnw<2T%|mE?h<3au=ZeFJILqy>%(jU4+X0T>~Gm6(2fPeDz> zAUTQW=BbG;q`-sp`~=JNHkPDn>umXy@Xr-14JPM?KMR{^$qiKCp4R2%WNoghP^u!9 zqE`)C1{AXsC3PtbyP(+8ly?G){Sl;;)|HCQ16doR-155UG@MPPogTBT?pjro<0YRe z$8s}*R)AH=av$TaN^0#nUi8YfuqxFOY~@(@QQYq`7pmnaAJ80I{zUe@N_6%eK~6;l z=nZT2aKvVjf>u|#u+%@Mo7LJPsu&#>=S87WU!mw5l>QDE`Md+e`sl!t%*Dz#Vs#>N z^^)Z2!!yX&PA$hH%|epx^voIVw6SIPD@OSKbh~+OkynJ3?~PT!ape5LvGb|V%qexv zvs}5{rZPQr+V8J(r6pE{4?E%{1q89(C1!_H+d{(~ZB6B%AhvX!gFWWx$xNCyK@71qdfc=#m(tzgrhGQ>*)j`Kql=5q=SVG0r(+E%kb}b^`f1o@p(!W|C^FX{gIbaGFIX=| z7rK8JbgX**jOgxrOD~fnA+GnO+~qpsFDge%UWI>Cf?tKMZ(1b1Zonssn`73WpTtA# zUKK?Zr8^MEmZ3{n+_ty9$B8MWe#N9Bu1&!}BjXMWdb4q0rqJ?9OrV@oF*TSM<9_QP zGd_NOQ^X;$=B5DA$tj~pTw=4<+le$H%r)@V=)h7GG$+Wk-?T@Z`GD*;{j584<+HW0 z?%{qHX#>K_w>^aL^War4SL&GIYgJDQu)~4mjWWOuse>!Ksf4PM2U1=O8*1fC4JZi3 z>Rt6?(GN(=dx(cGWFT8j^PCvK9vW7aQnnhP{jdRa7TE8))GSWH58(L>+c?J#){E9K zyLI|o_d`~=%(KvWZ)hyqbi%{Ebyakw0VP^S3Z7+#S!*K96B2Q{<&(hi)Mjg!)W=u;NDH)zJ{x{f?~btICB~WD0n!d!VAJAfsrgsijlVP!gi-RQ1fl&BRg{}fk&B_du@K?V zyF{tg-VnZ3?XZUrriZ$KbTN1I8!b*r4E`z3xeEN8w%+$jr4l2B}aXTziOvCL21U$0`nF zXX6$N-ombu$%q!gP=yWu_%Ua_z|rqr&9`-CIV!K5&CRSLG3!tt4B&YwhHfa6C)fR= zA^NO}Wi(+-RN*nA8ORck^W&v*p`8IA9SE()si30@JtO+owC#8x9 z_;lVXM!Sdd_m_^r>=AC9L!EHQ;A$-Y9t(LZ*G_|S?UJAgV{O@QTXb|oelK$Uq-F7B z(C|)XhiL1ciVwz>t4LVP{ocGgKQz39w~@hM*@|F5|aZ0X~-^L`qWwm@e|x$}hH* z$-~OCa`zLm-Fn5G+B&q$Z~=vA5myG*pYhc$?V(Fck1(DnE`1u++|xdA!zCZt>ebL>+?2SBi%YP? z8;fLLtf~*nX=CiNIhK>O8WF%;0AiNu_?9S@Zd+#yDw+#hb?!IR@xl3o6kwdc7HsXg z@^dXn=PWSRY~;N9^;z6fnMc)}qB(&>G9~NhW;xweS(P@YinGjiSQiMxEtX1uC7VVH zmcVHm)*(^bvrB=B8MA|5Rcj)s6}n&f&znx-@PPe?GGK6RkI?qh=>yOEZVT0)d0%6y zk$u9i@6Q{~<3<{k+@6a6LB5v==>=`>=RBpaH^bBQ)w#q9B^h)<6@j5MU~PHPmgoV%*`BGQKN zrHBl|6@%i5jzxtU#3ot(!;WUn)Yo-09lg0-2^R>|xIml--SE#Je zk0x#zB@phh|16eIg)~bKv+QQyrB&qxPK1B9jC{Xjr9t!>&LyY%Nlpx1az8Ox@f3a4 zXO>r-5a2%MV6DZWq_oET-8Z=CinULNX~)x}hjV?U(^6%xqUyD)c03~dFYr)^A|@;A z;GIkyKCq<6le)0#NSsH)(bz7i1zvwP=vC8v0J@Ki$pZ^|@Xw#Ze06{oJdyh}nwx`i zh-PGvQ(NI*Je1c$MrmIp#lT`0!zfGm8dIMrqrNwUPedNNqM7+Jp*61V`O|)IW=ZT)1p9NL{y#gDC$p<$YD+1!4ZfSz-`eR<_sU3R$x zo#07rvMOYY!>p9UEukxKrr!4N5{K<3B;46YG0MX_H?IR7xv3p*e4n=AbgcU+%vI~~ zAIIC4xA?kaUM@%OVc;HEegRL@W<4VYym>uC*~|!6uk&MncIE(ulWXopE=?SEmsZOg%Ut)5STs@C(UEkx)F&e%lV{#w)GcQ@BF|-^^pt-1T8FD~ zOOlVW)gzg(j1m`#FwT{BR*S_YrwYj>_+Hv)CVrNK+3nGB`A9`-4ct4AfH%X}guZ*O zi;oAkl>&7wY*scyuRf!%lwXIP#N)wr(O)`hmJ0FiMQ(=lxdcueeFms5vdJxUMw@7M z={T*Rsp4sX%a^t&rvYBPd~U|bz|e49+(eEkhu_dV)JzsZZra0*EJg!0r=VLj@?fyO@J^bDR7QFkqq9)q$#jnfDLreRcGlAg9v-K`~j! zvzUxC7~%=p@y|^14X!Re59cw0pXdk%l@v^z=$Ps0q+^QGL!XVDhWTV_;2zdI`wJe$ z++|;=*xd^I1x0Ml%sX&UY?6kEaHY-Ibx85$tkLrBqO51w2S@6fvwr)o`|VsY?7U|K zRix_%Bs}AcCs6AYmmaN5D~K*xt#v(jho5o!*fSeZDd%HBoPnjx9=Iw8`G3}|$)aZzcRLzw8}@K!M? z$&Ydo_T!;@b{yORJgHi8$U@uImp3?E9mw>Y=3uo4srAKXowz!K8-hETwItXy zQ0G^;al;D0u#bo6quHP0fN`i7m+QB4+?|_K)sOp|l7SBNbmLY7Bhs#*SE>_AIQ?Ei zMDIOh*;cqoEE2IHz^j8LXt3T|)+D zFNBylDDcXQYp@Ej(~%v$t0hCS z7nCD1HDEq{o5JW~4{UuGUUrI+;s4#M;*24nnbDBS*wniJFP0ErUnXI6@IOq36}@nm z*W`!N3vcMhONO%qJ0#GvSp7Og$VII*!QP9!@MaY$m3oSZm?wy>9+fOI>>m%b(<_cv zdg%bOEn#k!X$H4XC#Uug7P5hr4^VWg44mru=4Dv9;LQ>i3D?Pg9JO2`iM+uf4}CO` z{@jK4GAx_0X8*;i$4o)<$%aj94_M%HrHN(qZ|JNTZP@Da^>#KeDFKrhHZiOi0$shz zbIf`a6uWAZPEMSm(#lF1WsrzooV|=73*0=QKS%-2(CB1bx(!k0{Dl4vob0q>Y{G{_O%{w>h?07dQ*G8~+<{pvdP78qw zkF4{(55cE0V$TjP7)9c}|B4wXktW44k0P|ztX3UC%R_TfiVgcdV$fkuiU`%1QyV`% zsH!HKCalA>0B3?gQNO6Mo1ydk?l^|*P>Qvd7$Jxk07o}KzupIqm!S>7y<10u`0@Bw z25@`?)bcHAVLjRrH`*NflM-0>lJ5Zp@%1F9KcxIn17JTi$Pl{CvNwN|%Po_CCCVvI z9l}N#5Oc=jUeNN@swts8iumtwUiIbq|M+LYS%LlWTFs9Xe&Sbk7|v%eovHfe*N6WF D;;3$% literal 0 HcmV?d00001 diff --git a/scripts/build/ios-appstore.sh b/scripts/build/ios-appstore.sh new file mode 100755 index 000000000..6d47648e6 --- /dev/null +++ b/scripts/build/ios-appstore.sh @@ -0,0 +1,82 @@ +#!/usr/bin/env bash + +# Builds the Firezone iOS client for submitting to the App Store + +set -euo pipefail + +source "./scripts/build/lib.sh" + +# Define needed variables +app_profile_id=8da59aa3-e8da-4a8c-9902-2d540324d92c +ne_profile_id=0fccb78a-97c0-41b9-8c54-9c995280ea8e +temp_dir=$(mktemp -d) +archive_path="$temp_dir/Firezone.xcarchive" +export_options_plist_path="$temp_dir/ExportOptions.plist" +git_sha=${GITHUB_SHA:-$(git rev-parse HEAD)} +project_file=swift/apple/Firezone.xcodeproj +code_sign_identity="Apple Distribution: Firezone, Inc. (47R2M6779T)" + +if [ "${CI:-}" = "true" ]; then + # Configure the environment for building, signing, and packaging in CI + setup_runner \ + "$IOS_APP_PROVISIONING_PROFILE" \ + "$app_profile_id.mobileprovision" \ + "$IOS_NE_PROVISIONING_PROFILE" \ + "$ne_profile_id.mobileprovision" +fi + +# Build and sign app +set_project_build_version "$project_file/project.pbxproj" + +echo "Building and signing app..." +xcodebuild archive \ + GIT_SHA="$git_sha" \ + CODE_SIGN_STYLE=Manual \ + CODE_SIGN_IDENTITY="$code_sign_identity" \ + APP_PROFILE_ID="$app_profile_id" \ + NE_PROFILE_ID="$ne_profile_id" \ + -project "$project_file" \ + -skipMacroValidation \ + -archivePath "$archive_path" \ + -configuration Release \ + -scheme Firezone \ + -sdk iphoneos \ + -destination 'generic/platform=iOS' + +# iOS requires a separate export step; write out the export options plist +# here so we can inject the provisioning profile IDs +cat <"$export_options_plist_path" + + + + + method + app-store + provisioningProfiles + + dev.firezone.firezone + $app_profile_id + + dev.firezone.firezone.network-extension + $ne_profile_id + + + +EOF + +# Export the archive +# -exportPath MUST be a directory; the Firezone.ipa will be written here +xcodebuild \ + -exportArchive \ + -archivePath "$archive_path" \ + -exportPath "$temp_dir" \ + -exportOptionsPlist "$export_options_plist_path" + +package_path="$temp_dir/Firezone.ipa" + +echo "Package created at $package_path" + +# Move to final location the uploader expects +if [[ -n "${ARTIFACT_PATH:-}" ]]; then + mv "$package_path" "$ARTIFACT_PATH" +fi diff --git a/scripts/build/lib.sh b/scripts/build/lib.sh new file mode 100755 index 000000000..973116c29 --- /dev/null +++ b/scripts/build/lib.sh @@ -0,0 +1,95 @@ +#!/usr/bin/env bash + +set -e + +# See https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development +function setup_runner() { + local app_profile="$1" + local app_profile_file="$2" + local ne_profile="$3" + local ne_profile_file="$4" + profiles_path="$HOME/Library/Developer/Xcode/UserData/Provisioning Profiles" + keychain_pass=$(openssl rand -base64 32) + keychain_path="$(mktemp -d)/app-signing.keychain-db" + + # Select Xcode specified by the workflow + sudo xcode-select -s "/Applications/Xcode_$XCODE_VERSION.app" + + # Install provisioning profiles + mkdir -p "$profiles_path" + base64_decode "$app_profile" "$profiles_path/$app_profile_file" + base64_decode "$ne_profile" "$profiles_path/$ne_profile_file" + + # Create a keychain to use for signing + security create-keychain -p "$keychain_pass" "$keychain_path" + + # Set it as the default keychain so Xcode can find the signing certs + security default-keychain -s "$keychain_path" + + # Ensure it stays unlocked during the build + security set-keychain-settings -lut 21600 "$keychain_path" + + # Unlock the keychain for use + security unlock-keychain -p "$keychain_pass" "$keychain_path" + + # Install signing certs + install_cert \ + "$BUILD_CERT" \ + "$BUILD_CERT_PASS" \ + "$keychain_pass" \ + "$keychain_path" + install_cert \ + "$INSTALLER_CERT" \ + "$INSTALLER_CERT_PASS" \ + "$keychain_pass" \ + "$keychain_path" + install_cert \ + "$STANDALONE_BUILD_CERT" \ + "$STANDALONE_BUILD_CERT_PASS" \ + "$keychain_pass" \ + "$keychain_path" +} + +function base64_decode() { + local input_stdin="$1" + local output_path="$2" + + echo -n "$input_stdin" | base64 --decode -o "$output_path" +} + +function install_cert() { + local cert_path + local cert="$1" + local pass="$2" + local keychain_pass="$3" + local keychain_path="$4" + + cert_path="$(mktemp -d)/cert.p12" + + base64_decode "$cert" "$cert_path" + + # Import cert into keychain + security import "$cert_path" \ + -P "$pass" \ + -A \ + -t cert \ + -f pkcs12 \ + -k "$keychain_path" + + # Prevent the keychain from asking for password to access the cert + security set-key-partition-list \ + -S apple-tool:,apple: \ + -k "$keychain_pass" \ + "$keychain_path" + + # Clean up + rm "$cert_path" +} + +function set_project_build_version() { + local project_file="$1" + + seconds_since_epoch=$(date +%s) + sed -i '' "s/CURRENT_PROJECT_VERSION = [0-9]/CURRENT_PROJECT_VERSION = $seconds_since_epoch/" \ + "$project_file" +} diff --git a/scripts/build/macos-appstore.sh b/scripts/build/macos-appstore.sh new file mode 100755 index 000000000..7b3256fd5 --- /dev/null +++ b/scripts/build/macos-appstore.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash + +# Builds the Firezone macOS client for submitting to the App Store + +set -euo pipefail + +source "./scripts/build/lib.sh" + +# Define needed variables +app_profile_id=2bf20e38-81ea-40d0-91e5-330cf58f52d9 +ne_profile_id=2c683d1a-4479-451c-9ee6-ae7d4aca5c93 +temp_dir=$(mktemp -d) +package_path="$temp_dir/Firezone.pkg" +git_sha=${GITHUB_SHA:-$(git rev-parse HEAD)} +project_file=swift/apple/Firezone.xcodeproj +code_sign_identity="Apple Distribution: Firezone, Inc. (47R2M6779T)" +installer_code_sign_identity="3rd Party Mac Developer Installer: Firezone, Inc. (47R2M6779T)" + +if [ "${CI:-}" = "true" ]; then + # Configure the environment for building, signing, and packaging in CI + setup_runner \ + "$MACOS_APP_PROVISIONING_PROFILE" \ + "$app_profile_id.provisionprofile" \ + "$MACOS_NE_PROVISIONING_PROFILE" \ + "$ne_profile_id.provisionprofile" +fi + +# Build and sign +set_project_build_version "$project_file/project.pbxproj" + +echo "Building and signing app..." +xcodebuild build \ + GIT_SHA="$git_sha" \ + CODE_SIGN_STYLE=Manual \ + CODE_SIGN_IDENTITY="$code_sign_identity" \ + CONFIGURATION_BUILD_DIR="$temp_dir" \ + APP_PROFILE_ID="$app_profile_id" \ + NE_PROFILE_ID="$ne_profile_id" \ + ONLY_ACTIVE_ARCH=NO \ + -project "$project_file" \ + -skipMacroValidation \ + -configuration Release \ + -scheme Firezone \ + -sdk macosx \ + -destination 'platform=macOS' + +# Mac App Store requires a signed installer package +productbuild \ + --sign "$installer_code_sign_identity" \ + --component "$temp_dir/Firezone.app" \ + /Applications \ + "$package_path" + +echo "Installer package created at $package_path" + +# Move to final location the uploader expects +if [[ -n "${ARTIFACT_PATH:-}" ]]; then + mv "$package_path" "$ARTIFACT_PATH" +fi diff --git a/scripts/build/macos-standalone.sh b/scripts/build/macos-standalone.sh new file mode 100755 index 000000000..1be92cbbe --- /dev/null +++ b/scripts/build/macos-standalone.sh @@ -0,0 +1,127 @@ +#!/usr/bin/env bash + +# Builds the Firezone macOS client for standalone distribution + +set -euo pipefail + +source "./scripts/build/lib.sh" + +# Define needed variables +app_profile_id=c5d97f71-de80-4dfc-80f8-d0a4393ff082 +ne_profile_id=153db941-2136-4d6c-96ef-52f748521e78 +notarize=${NOTARIZE:-"false"} +temp_dir=$(mktemp -d) +dmg_dir="$temp_dir/dmg" +dmg_path="$temp_dir/Firezone.dmg" +package_path="$temp_dir/package.dmg" +git_sha=${GITHUB_SHA:-$(git rev-parse HEAD)} +project_file=swift/apple/Firezone.xcodeproj +codesign_identity="Developer ID Application: Firezone, Inc. (47R2M6779T)" + +if [ "${CI:-}" = "true" ]; then + # Configure the environment for building, signing, and packaging in CI + setup_runner \ + "$STANDALONE_MACOS_APP_PROVISIONING_PROFILE" \ + "$app_profile_id.provisionprofile" \ + "$STANDALONE_MACOS_NE_PROVISIONING_PROFILE" \ + "$ne_profile_id.provisionprofile" +fi + +# Build and sign +set_project_build_version "$project_file/project.pbxproj" + +echo "Building and signing app..." +xcodebuild build \ + GIT_SHA="$git_sha" \ + CODE_SIGN_STYLE=Manual \ + CODE_SIGN_IDENTITY="$codesign_identity" \ + PACKET_TUNNEL_PROVIDER_SUFFIX=-systemextension \ + OTHER_CODE_SIGN_FLAGS="--timestamp" \ + CODE_SIGN_INJECT_BASE_ENTITLEMENTS=NO \ + CONFIGURATION_BUILD_DIR="$temp_dir" \ + APP_PROFILE_ID="$app_profile_id" \ + NE_PROFILE_ID="$ne_profile_id" \ + ONLY_ACTIVE_ARCH=NO \ + -project "$project_file" \ + -skipMacroValidation \ + -configuration Release \ + -scheme Firezone \ + -sdk macosx \ + -destination 'platform=macOS' + +# Notarize app before embedding within disk image +if [ "$notarize" = "true" ]; then + # Notary service expects a single file, not app bundle + ditto -c -k "$temp_dir/Firezone.app" "$temp_dir/Firezone.zip" + + private_key_path="$temp_dir/firezone-api-key.p8" + base64_decode "$API_KEY" "$private_key_path" + + # Submit app bundle to be notarized. Can take a few minutes. + # Notarizes embedded app bundle as well. + xcrun notarytool submit "$temp_dir/Firezone.zip" \ + --key "$private_key_path" \ + --key-id "$API_KEY_ID" \ + --issuer "$ISSUER_ID" \ + --wait + + # Clean up private key + rm "$private_key_path" + + # Staple notarization ticket to app bundle + xcrun stapler staple "$temp_dir/Firezone.app" +fi + +# Create disk image +mkdir -p "$dmg_dir/.background" +mv "$temp_dir/Firezone.app" "$dmg_dir/Firezone.app" +cp "scripts/build/dmg_background.png" "$dmg_dir/.background/background.png" +ln -s /Applications "$dmg_dir/Applications" +hdiutil create \ + -volname "Firezone Installer" \ + -srcfolder "$dmg_dir" \ + -ov \ + -format UDRW \ + "$package_path" + +# Mount disk image for customization +mount_dir=$(hdiutil attach "$package_path" -readwrite -noverify -noautoopen | grep -o "/Volumes/.*") + +# Embed background image to instruct user to drag app to /Applications +osascript <"$ARTIFACT_PATH.sha256sum.txt" + +gh release upload "$RELEASE_NAME" \ + "$ARTIFACT_PATH" \ + "$ARTIFACT_PATH.sha256sum.txt" \ + $clobber \ + --repo "$GITHUB_REPOSITORY" diff --git a/swift/apple/.gitignore b/swift/apple/.gitignore index 0710a291c..96e92751f 100644 --- a/swift/apple/.gitignore +++ b/swift/apple/.gitignore @@ -5,5 +5,4 @@ DerivedData/ xcuserdata/ **/*.xcuserstate -Firezone/xcconfig/config.xcconfig FirezoneNetworkExtension/Connlib diff --git a/swift/apple/Firezone.xcodeproj/project.pbxproj b/swift/apple/Firezone.xcodeproj/project.pbxproj index fdc40bbc5..6f72e9eb0 100644 --- a/swift/apple/Firezone.xcodeproj/project.pbxproj +++ b/swift/apple/Firezone.xcodeproj/project.pbxproj @@ -595,8 +595,7 @@ OTHER_LDFLAGS = "-lconnlib"; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited).network-extension"; PRODUCT_NAME = "$(PRODUCT_BUNDLE_IDENTIFIER)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "$(IOS_NE_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(NE_PROFILE_ID)"; SDKROOT = iphoneos; SKIP_INSTALL = YES; SUPPORTED_PLATFORMS = iphoneos; @@ -637,8 +636,7 @@ OTHER_LDFLAGS = "-lconnlib"; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited).network-extension"; PRODUCT_NAME = "$(PRODUCT_BUNDLE_IDENTIFIER)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "$(IOS_NE_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(NE_PROFILE_ID)"; SDKROOT = iphoneos; SKIP_INSTALL = YES; SUPPORTED_PLATFORMS = iphoneos; @@ -679,7 +677,7 @@ OTHER_LDFLAGS = "-lconnlib"; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited).network-extension"; PRODUCT_NAME = "$(PRODUCT_BUNDLE_IDENTIFIER)"; - PROVISIONING_PROFILE_SPECIFIER = ""; + PROVISIONING_PROFILE_SPECIFIER = "$(NE_PROFILE_ID)"; SDKROOT = macosx; SKIP_INSTALL = YES; SUPPORTED_PLATFORMS = macosx; @@ -717,8 +715,7 @@ OTHER_LDFLAGS = "-lconnlib"; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited).network-extension"; PRODUCT_NAME = "$(PRODUCT_BUNDLE_IDENTIFIER)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "$(MACOS_NE_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(NE_PROFILE_ID)"; SDKROOT = macosx; SKIP_INSTALL = YES; SUPPORTED_PLATFORMS = macosx; @@ -883,9 +880,7 @@ OTHER_LDFLAGS = ""; PRODUCT_BUNDLE_IDENTIFIER = "$(inherited)"; PRODUCT_NAME = "$(TARGET_NAME)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "$(IOS_APP_PROVISIONING_PROFILE_IDENTIFIER)"; - "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "$(MACOS_APP_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(APP_PROFILE_ID)"; SDKROOT = auto; SUPPORTED_PLATFORMS = "iphoneos macosx"; SWIFT_EMIT_LOC_STRINGS = YES; @@ -934,9 +929,7 @@ PRODUCT_BUNDLE_IDENTIFIER = "$(inherited)"; PRODUCT_MODULE_NAME = "$(PRODUCT_NAME:c99extidentifier)"; PRODUCT_NAME = "$(TARGET_NAME)"; - PROVISIONING_PROFILE_SPECIFIER = ""; - "PROVISIONING_PROFILE_SPECIFIER[sdk=iphoneos*]" = "$(IOS_APP_PROVISIONING_PROFILE_IDENTIFIER)"; - "PROVISIONING_PROFILE_SPECIFIER[sdk=macosx*]" = "$(MACOS_APP_PROVISIONING_PROFILE_IDENTIFIER)"; + PROVISIONING_PROFILE_SPECIFIER = "$(APP_PROFILE_ID)"; SDKROOT = auto; SUPPORTED_PLATFORMS = "iphoneos macosx"; SWIFT_EMIT_LOC_STRINGS = YES; diff --git a/swift/apple/Firezone/ExportOptions.plist b/swift/apple/Firezone/ExportOptions.plist deleted file mode 100644 index ffb295f7b..000000000 --- a/swift/apple/Firezone/ExportOptions.plist +++ /dev/null @@ -1,16 +0,0 @@ - - - - - method - app-store - provisioningProfiles - - dev.firezone.firezone - 07102026-065f-4cc0-800b-5f8595c50ce8 - - dev.firezone.firezone.network-extension - c6feb05e-063a-4429-8563-57c1d2755067 - - - diff --git a/swift/apple/Firezone/xcconfig/app_store.xcconfig b/swift/apple/Firezone/xcconfig/app_store.xcconfig deleted file mode 100644 index af03b8513..000000000 --- a/swift/apple/Firezone/xcconfig/app_store.xcconfig +++ /dev/null @@ -1,13 +0,0 @@ -// Apple Developer account-specific configuration for App Store distribution -DEVELOPMENT_TEAM = 47R2M6779T -PRODUCT_BUNDLE_IDENTIFIER = dev.firezone.firezone -APP_GROUP_ID[sdk=macosx*] = 47R2M6779T.dev.firezone.firezone -APP_GROUP_ID_PRE_1_4_0[sdk=macosx*] = 47R2M6779T.group.dev.firezone.firezone -APP_GROUP_ID[sdk=iphoneos*] = group.dev.firezone.firezone -APP_GROUP_ID_PRE_1_4_0[sdk=iphoneos*] = group.dev.firezone.firezone -CODE_SIGN_STYLE = Manual -CODE_SIGN_IDENTITY = Apple Distribution: Firezone, Inc. (47R2M6779T) -IOS_APP_PROVISIONING_PROFILE_IDENTIFIER = 07102026-065f-4cc0-800b-5f8595c50ce8 -MACOS_APP_PROVISIONING_PROFILE_IDENTIFIER = 9933ad98-3698-4782-ba8c-7e2da4c9835a -IOS_NE_PROVISIONING_PROFILE_IDENTIFIER = c6feb05e-063a-4429-8563-57c1d2755067 -MACOS_NE_PROVISIONING_PROFILE_IDENTIFIER = 789f5daf-bc9a-49fd-befd-bcfc88dd97a1 diff --git a/swift/apple/Firezone/xcconfig/debug.xcconfig b/swift/apple/Firezone/xcconfig/config.xcconfig similarity index 100% rename from swift/apple/Firezone/xcconfig/debug.xcconfig rename to swift/apple/Firezone/xcconfig/config.xcconfig diff --git a/swift/apple/Firezone/xcconfig/standalone.xcconfig b/swift/apple/Firezone/xcconfig/standalone.xcconfig deleted file mode 100644 index 8f85bf440..000000000 --- a/swift/apple/Firezone/xcconfig/standalone.xcconfig +++ /dev/null @@ -1,12 +0,0 @@ -// Apple Developer account-specific configuration for Standalone distribution -DEVELOPMENT_TEAM = 47R2M6779T -PRODUCT_BUNDLE_IDENTIFIER = dev.firezone.firezone -APP_GROUP_ID[sdk=macosx*] = 47R2M6779T.dev.firezone.firezone -APP_GROUP_ID_PRE_1_4_0[sdk=macosx*] = 47R2M6779T.group.dev.firezone.firezone -APP_GROUP_ID[sdk=iphoneos*] = group.dev.firezone.firezone -APP_GROUP_ID_PRE_1_4_0[sdk=iphoneos*] = group.dev.firezone.firezone -CODE_SIGN_STYLE = Manual -CODE_SIGN_IDENTITY = Developer ID Application: Firezone, Inc. (47R2M6779T) -MACOS_APP_PROVISIONING_PROFILE_IDENTIFIER = 734b5163-46a4-4676-9ee7-01f25ec968e7 -MACOS_NE_PROVISIONING_PROFILE_IDENTIFIER = 6c0eee5f-00fd-40ab-ba6c-6ae83c59d19d -PACKET_TUNNEL_PROVIDER_SUFFIX = -systemextension