Skip to content

Commit 3cc5f89

Browse files
kangddongclaude
andcommitted
ci: refactor TestFlight deploy to workflow_dispatch with manual inputs
- replace release/* push trigger with workflow_dispatch (branch + release_notes) - restore GoogleService-Info.plist from GOOGLE_SERVICE_INFO_PLIST_B64 secret - extract provisioning profile name into PROVISIONING_PROFILE_SPECIFIER env - harden keychain password (openssl rand) and pin profile filename - expose RELEASE_NOTES to fastlane env (consumed in follow-up Fastfile PR) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent cd44e15 commit 3cc5f89

1 file changed

Lines changed: 50 additions & 19 deletions

File tree

Lines changed: 50 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,16 @@
11
name: Deploy TestFlight
22

33
on:
4-
push:
5-
branches:
6-
- "release/*" # develop -> release/* merge triggers TestFlight
4+
workflow_dispatch:
5+
inputs:
6+
branch:
7+
description: "빌드할 브랜치 이름"
8+
required: true
9+
default: "develop"
10+
release_notes:
11+
description: "테스트 노트 (선택)"
12+
required: false
13+
default: ""
714

815
jobs:
916
beta:
@@ -12,6 +19,8 @@ jobs:
1219
steps:
1320
- name: Checkout code
1421
uses: actions/checkout@v4
22+
with:
23+
ref: ${{ github.event.inputs.branch }}
1524

1625
- name: Setup Xcode
1726
uses: maxim-lobanov/setup-xcode@v1
@@ -27,36 +36,56 @@ jobs:
2736
ruby-version: "3.2"
2837
bundler-cache: true
2938

39+
- name: Prepare xcconfig
40+
run: |
41+
mkdir -p Projects/App/Resources
42+
printf "BASE_URL = ${{ vars.BASE_URL }}\nKAKAO_NATIVE_APP_KEY = ${{ secrets.KAKAO_NATIVE_APP_KEY }}\n" \
43+
> Projects/App/Resources/Common.xcconfig
44+
45+
- name: Restore GoogleService-Info.plist
46+
env:
47+
GOOGLE_SERVICE_INFO_PLIST_B64: ${{ secrets.GOOGLE_SERVICE_INFO_PLIST_B64 }}
48+
run: |
49+
set -euo pipefail
50+
test -n "$GOOGLE_SERVICE_INFO_PLIST_B64"
51+
mkdir -p Projects/App/Resources
52+
printf '%s' "$GOOGLE_SERVICE_INFO_PLIST_B64" | base64 --decode \
53+
> Projects/App/Resources/GoogleService-Info.plist || \
54+
printf '%s' "$GOOGLE_SERVICE_INFO_PLIST_B64" | base64 -D \
55+
> Projects/App/Resources/GoogleService-Info.plist
56+
3057
- name: Install certificate and provisioning profile
3158
env:
3259
CERTIFICATE_P12: ${{ secrets.CERTIFICATE_P12 }}
3360
CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
3461
PROVISIONING_PROFILE: ${{ secrets.PROVISIONING_PROFILE }}
3562
run: |
63+
set -euo pipefail
3664
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
37-
KEYCHAIN_PASSWORD=temp-keychain-password
65+
KEYCHAIN_PASSWORD=$(openssl rand -base64 20)
3866
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
3967
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
4068
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
4169
42-
echo "$CERTIFICATE_P12" | base64 --decode > $RUNNER_TEMP/certificate.p12
43-
security import "$RUNNER_TEMP/certificate.p12" \
44-
-k "$KEYCHAIN_PATH" \
45-
-P "$CERTIFICATE_PASSWORD" \
46-
-A -t cert -f pkcs12
70+
P12_PATH=$RUNNER_TEMP/certificate.p12
71+
printf '%s' "$CERTIFICATE_P12" | base64 --decode > "$P12_PATH" || \
72+
printf '%s' "$CERTIFICATE_P12" | base64 -D > "$P12_PATH"
73+
security import "$P12_PATH" -P "$CERTIFICATE_PASSWORD" -A \
74+
-t cert -f pkcs12 -k "$KEYCHAIN_PATH"
4775
security list-keychain -d user -s "$KEYCHAIN_PATH"
4876
49-
PP_PATH=$RUNNER_TEMP/profile.mobileprovision
50-
echo "$PROVISIONING_PROFILE" | base64 --decode > "$PP_PATH"
51-
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
52-
UUID=$(security cms -D -i "$PP_PATH" | plutil -extract UUID raw -)
53-
cp "$PP_PATH" ~/Library/MobileDevice/Provisioning\ Profiles/"$UUID".mobileprovision
77+
PP_DIR="$HOME/Library/MobileDevice/Provisioning Profiles"
78+
mkdir -p "$PP_DIR"
79+
printf '%s' "$PROVISIONING_PROFILE" | base64 --decode \
80+
> "$PP_DIR/distribution.mobileprovision" || \
81+
printf '%s' "$PROVISIONING_PROFILE" | base64 -D \
82+
> "$PP_DIR/distribution.mobileprovision"
5483
55-
- name: Prepare xcconfig
84+
- name: Extract provisioning profile name
5685
run: |
57-
mkdir -p Projects/App/Resources
58-
printf "BASE_URL = ${{ vars.BASE_URL }}\nKAKAO_NATIVE_APP_KEY = ${{ secrets.KAKAO_NATIVE_APP_KEY }}\n" \
59-
> Projects/App/Resources/Common.xcconfig
86+
PP_PATH="$HOME/Library/MobileDevice/Provisioning Profiles/distribution.mobileprovision"
87+
PROFILE_NAME=$(security cms -D -i "$PP_PATH" | plutil -extract Name raw -)
88+
echo "PROVISIONING_PROFILE_SPECIFIER=$PROFILE_NAME" >> $GITHUB_ENV
6089
6190
- name: Install Tuist dependencies
6291
run: tuist install
@@ -65,9 +94,11 @@ jobs:
6594
run: tuist generate --no-open
6695

6796
- name: Deploy to TestFlight
68-
run: bundle exec fastlane beta
6997
env:
7098
ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }}
7199
ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }}
72100
ASC_KEY_CONTENT: ${{ secrets.ASC_KEY_CONTENT }}
73101
DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
102+
PROVISIONING_PROFILE_SPECIFIER: ${{ env.PROVISIONING_PROFILE_SPECIFIER }}
103+
RELEASE_NOTES: ${{ github.event.inputs.release_notes }}
104+
run: bundle exec fastlane beta

0 commit comments

Comments
 (0)