github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e1c13d448ac1b6bee1d9ccb8453c80d3a6b1fc2f
firezone/scripts/build/lib.sh
Thomas Eizinger a1b2ca195c ci(apple): explicitly select Xcode 26.0 (#10511) 
In order to build the iOS app with the Xcode version that is installed
on the GitHub runners, we need to select the Xcode version by major and
minor version. Currently, the iOS builds are failing because Xcode 26.1
also exists but iOS 26.1 isn't supported (or released?).

See
https://github.com/firezone/firezone/actions/runs/18239282351/job/51938727311.
2025-10-06 16:07:34 +00:00

100 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -e
# See https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development
function setup_runner() {
local app_profile="$1"
local app_profile_file="$2"
local ne_profile="$3"
local ne_profile_file="$4"
# Use the latest version of Xcode - matches what we typically use for development
sudo xcode-select --switch "$(ls -d /Applications/Xcode*${XCODE_VERSION}*.app | sort -V | tail -n 1)"
profiles_path="$HOME/Library/Developer/Xcode/UserData/Provisioning Profiles"
keychain_pass=$(openssl rand -base64 32)
keychain_path="$(mktemp -d)/app-signing.keychain-db"
# Install provisioning profiles
mkdir -p "$profiles_path"
base64_decode "$app_profile" "$profiles_path/$app_profile_file"
base64_decode "$ne_profile" "$profiles_path/$ne_profile_file"
# Create a keychain to use for signing
security create-keychain -p "$keychain_pass" "$keychain_path"
# Set it as the default keychain so Xcode can find the signing certs
security default-keychain -s "$keychain_path"
# Ensure it stays unlocked during the build
security set-keychain-settings -lut 21600 "$keychain_path"
# Unlock the keychain for use
security unlock-keychain -p "$keychain_pass" "$keychain_path"
# Install signing certs
install_cert \
"$BUILD_CERT" \
"$BUILD_CERT_PASS" \
"$keychain_pass" \
"$keychain_path"
install_cert \
"$INSTALLER_CERT" \
"$INSTALLER_CERT_PASS" \
"$keychain_pass" \
"$keychain_path"
install_cert \
"$STANDALONE_BUILD_CERT" \
"$STANDALONE_BUILD_CERT_PASS" \
"$keychain_pass" \
"$keychain_path"
install_cert \
"$STANDALONE_INSTALLER_CERT" \
"$STANDALONE_INSTALLER_CERT_PASS" \
"$keychain_pass" \
"$keychain_path"
}
function extract_uuid() {
local b64_profile="$1"
echo "$b64_profile" | base64 --decode | security cms -D | plutil -extract UUID raw -o - -
}
function base64_decode() {
local input_stdin="$1"
local output_path="$2"
echo -n "$input_stdin" | base64 --decode -o "$output_path"
}
function install_cert() {
local cert_path
local cert="$1"
local pass="$2"
local keychain_pass="$3"
local keychain_path="$4"
cert_path="$(mktemp -d)/cert.p12"
base64_decode "$cert" "$cert_path"
# Import cert into keychain
security import "$cert_path" \
-P "$pass" \
-A \
-t cert \
-f pkcs12 \
-k "$keychain_path"
# Prevent the keychain from asking for password to access the cert
security set-key-partition-list \
-S apple-tool:,apple: \
-k "$keychain_pass" \
"$keychain_path"
# Clean up
rm "$cert_path"
}
Reference in New Issue View Git Blame Copy Permalink