Revert "re-use the IPA from the first step"

Wavesonics · Wavesonics · commit 470087e61beb · 2025-10-17T00:38:29.000-07:00
This reverts commit 4d29cfe.
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -80,15 +80,8 @@ jobs:
             build/SnapSafe.ipa
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Upload IPA artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: SnapSafe-IPA
-          path: build/SnapSafe.ipa
-          retention-days: 1
-
   build-and-publish-app-store:
-    name: Upload to App Store
+    name: Build and publish to App Store
     runs-on: macos-latest
     needs: build-and-publish-github-release
     timeout-minutes: 30
@@ -97,6 +90,12 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
 
+      - name: Set Xcode version
+        run: sudo xcode-select -s /Applications/Xcode_26.0.1.app
+
+      - name: Show Xcode version
+        run: xcodebuild -version
+
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
@@ -106,15 +105,45 @@ jobs:
       - name: Install dependencies
         run: bundle install
 
-      - name: Download IPA artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: SnapSafe-IPA
-          path: build
+      - name: Disable macro validation
+        run: |
+          defaults write com.apple.dt.Xcode IDESkipMacroFingerprintValidation -bool YES
+
+      - name: Import certificates
+        env:
+          CERTIFICATE_BASE64: ${{ secrets.IOS_DISTRIBUTION_CERTIFICATE_BASE64 }}
+          CERTIFICATE_PASSWORD: ${{ secrets.IOS_DISTRIBUTION_CERTIFICATE_PASSWORD }}
+          PROVISIONING_PROFILE_BASE64: ${{ secrets.IOS_PROVISIONING_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          # Create keychain
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # Import certificate
+          CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12
+          echo "$CERTIFICATE_BASE64" | base64 --decode > $CERTIFICATE_PATH
+          security import $CERTIFICATE_PATH -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # Import provisioning profile
+          PROVISION_PATH=$RUNNER_TEMP/provision.mobileprovision
+          echo "$PROVISIONING_PROFILE_BASE64" | base64 --decode > $PROVISION_PATH
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PROVISION_PATH ~/Library/MobileDevice/Provisioning\ Profiles/
+
+      - name: Set up App Store Connect API Key
+        env:
+          API_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_API_KEY_CONTENT }}
+          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+        run: |
+          mkdir -p ~/private_keys
+          echo "$API_KEY_CONTENT" | base64 --decode > ~/private_keys/AuthKey_${API_KEY_ID}.p8
 
-      - name: Upload to App Store
+      - name: Deploy to App Store
         env:
           APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
           APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
-          APP_STORE_CONNECT_API_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_API_KEY_CONTENT }}
         run: bundle exec fastlane deploy
diff --git a/fastlane/Fastfile b/fastlane/Fastfile
@@ -96,22 +96,16 @@ platform :ios do
 
   desc "Build and upload to App Store Connect"
   lane :deploy do
-    # Check if IPA already exists (e.g., from CI artifact)
-    ipa_path = "./build/SnapSafe.ipa"
-
-    unless File.exist?(ipa_path)
-      # Build IPA if it doesn't exist
-      gym(
-        project: "SnapSafe.xcodeproj",
-        scheme: "SnapSafe",
-        export_method: "app-store",
-        export_options: {
-          provisioningProfiles: {
-            "com.darkrockstudios.apps.snapsafe" => "SnapSafe Distribution"
-          }
+    gym(
+      project: "SnapSafe.xcodeproj",
+      scheme: "SnapSafe",
+      export_method: "app-store",
+      export_options: {
+        provisioningProfiles: {
+          "com.darkrockstudios.apps.snapsafe" => "SnapSafe Distribution"
         }
-      )
-    end
+      }
+    )
 
     app_store_connect_api_key(
       key_id: ENV["APP_STORE_CONNECT_API_KEY_ID"],
@@ -121,7 +115,6 @@ platform :ios do
     )
 
     upload_to_app_store(
-      ipa: ipa_path,
       skip_screenshots: true,
       skip_metadata: true,
       submit_for_review: false,
