diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..359a6adf9 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,23 @@ +name: CI + +on: [push] + +jobs: + build: + + runs-on: macOS-latest + + steps: + - name: Checkout Project + uses: actions/checkout@v1 + with: + submodules: recursive + + - name: Switch to Xcode 11 + run: sudo xcode-select -s /Applications/Xcode_11.app + + - name: Run Build + env: + ENCRYPTION_SECRET: ${{ secrets.ENCRYPTION_SECRET }} + KEY_SECRET: ${{ secrets.KEY_SECRET }} + run: buildscripts/ci-build.sh \ No newline at end of file diff --git a/buildscripts/certs/apple.cer b/buildscripts/certs/apple.cer new file mode 100644 index 000000000..d2bb1da64 Binary files /dev/null and b/buildscripts/certs/apple.cer differ diff --git a/buildscripts/ci-build.sh b/buildscripts/ci-build.sh new file mode 100755 index 000000000..5f44bd72c --- /dev/null +++ b/buildscripts/ci-build.sh @@ -0,0 +1,20 @@ +#!/bin/sh +set -v +set -e + +openssl aes-256-cbc -k "$ENCRYPTION_SECRET" -in buildscripts/certs/dev.cer.enc -d -a -out buildscripts/certs/dev.cer +openssl aes-256-cbc -k "$ENCRYPTION_SECRET" -in buildscripts/certs/dev.p12.enc -d -a -out buildscripts/certs/dev.p12 + +security create-keychain -p github-actions github-build.keychain +security import buildscripts/certs/apple.cer -k ~/Library/Keychains/github-build.keychain -A +security import buildscripts/certs/dev.cer -k ~/Library/Keychains/github-build.keychain -A +security import buildscripts/certs/dev.p12 -k ~/Library/Keychains/github-build.keychain -P $KEY_SECRET -A +security set-key-partition-list -S apple-tool:,apple: -s -k github-actions github-build.keychain +security default-keychain -s github-build.keychain + +rm -f ./buildscripts/certs/dev.cer +rm -f ./buildscripts/certs/dev.p12 + +xcodebuild -scheme 'NetNewsWire' -configuration Release -allowProvisioningUpdates -showBuildTimingSummary + +security delete-keychain github-build.keychain \ No newline at end of file