name: CI on: push: branches: [ master ] workflow_dispatch: jobs: build: runs-on: macos-12 steps: - uses: actions/checkout@v2 with: submodules: 'recursive' fetch-depth: '0' - name: Set active Xcode path run: | XCODE_VERSION=$(cat versions.json | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["xcode"]);') sudo xcode-select -s /Applications/Xcode_$XCODE_VERSION.app/Contents/Developer - name: Create canonical source directory run: | set -x sudo mkdir /Users/telegram sudo chown -R $(whoami) /Users/telegram cp -R $GITHUB_WORKSPACE /Users/telegram/ mv /Users/telegram/$(basename $GITHUB_WORKSPACE) /Users/telegram/telegram-ios - name: Build the App run: | set -x # source code paths are included in the final binary, so we need to make them stable across builds SOURCE_DIR=/Users/telegram/telegram-ios # use canonical bazel root BAZEL_USER_ROOT="/private/var/tmp/_bazel_telegram" cd $SOURCE_DIR BUILD_NUMBER_OFFSET="$(cat build_number_offset)" export APP_VERSION=$(cat versions.json | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["app"]);') export COMMIT_COUNT=$(git rev-list --count HEAD) export COMMIT_COUNT="$(($COMMIT_COUNT+$BUILD_NUMBER_OFFSET))" export BUILD_NUMBER="$COMMIT_COUNT" echo "BUILD_NUMBER=$(echo $BUILD_NUMBER)" >> $GITHUB_ENV echo "APP_VERSION=$(echo $APP_VERSION)" >> $GITHUB_ENV # prepare temporary keychain export MY_KEYCHAIN="temp.keychain" export MY_KEYCHAIN_PASSWORD="secret" security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g) security set-keychain-settings "$MY_KEYCHAIN" security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # install fake certificates export CERTS_PATH="build-system/fake-codesigning/certs/distribution" for f in "$CERTS_PATH"/*.p12; do security import "$f" -k "$MY_KEYCHAIN" -P "" -T /usr/bin/codesign -T /usr/bin/security || true done for f in "$CERTS_PATH"/*.cer; do security import "$f" -k "$MY_KEYCHAIN" -P "" -T /usr/bin/codesign -T /usr/bin/security || true done security set-key-partition-list -S apple-tool:,apple: -k "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # use the official release configuration rm -rf $HOME/telegram-configuration mkdir -p $HOME/telegram-configuration cp -R build-system/example-configuration/* $HOME/telegram-configuration/ # build the app python3 build-system/Make/Make.py \ --bazelUserRoot="$BAZEL_USER_ROOT" \ build \ --disableParallelSwiftmoduleGeneration \ --configurationPath="$HOME/telegram-configuration" \ --buildNumber=$BUILD_NUMBER \ --configuration=release_universal # collect ipa OUTPUT_PATH="build/artifacts" rm -rf "$OUTPUT_PATH" mkdir -p "$OUTPUT_PATH" for f in bazel-out/applebin_ios-ios_arm*-opt-ST-*/bin/Telegram/Telegram.ipa; do cp "$f" $OUTPUT_PATH/ done # collect dsym mkdir -p build/DSYMs for f in bazel-out/applebin_ios-ios_arm*-opt-ST-*/bin/Telegram/*.dSYM; do cp -R "$f" build/DSYMs/ done zip -r "./$OUTPUT_PATH/Telegram.DSYMs.zip" build/DSYMs 1>/dev/null - name: Create Release id: create_release uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: build-${{ env.BUILD_NUMBER }} release_name: Telegram ${{ env.APP_VERSION }} (${{ env.BUILD_NUMBER }}) body: | An unsigned build of Telegram for iOS ${{ env.APP_VERSION }} (${{ env.BUILD_NUMBER }}) draft: false prerelease: false - name: Upload Release IPA id: upload-release-ipa uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: /Users/telegram/telegram-ios/build/artifacts/Telegram.ipa asset_name: Telegram.ipa asset_content_type: application/zip - name: Upload Release DSYM id: upload-release-dsym uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: /Users/telegram/telegram-ios/build/artifacts/Telegram.DSYMs.zip asset_name: Telegram.DSYMs.zip asset_content_type: application/zip