crossmate

publish-ios.sh (4687B)

---

 #!/bin/bash
 set -euo pipefail
 
 REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
 SECRETS="$REPO_ROOT/.asc/secrets.sh"
 
 if [[ ! -f "$SECRETS" ]]; then
     echo "Error: $SECRETS not found. See Scripts/secrets.sh.example for the required format."
     exit 1
 fi
 
 source "$SECRETS"
 
 SCHEME="Crossmate"
 # Archive into the Xcode Archives library at a unique per-build path so
 # Organizer indexes every build and TestFlight crashes symbolicate
 # automatically. A fixed/volatile path (e.g. /tmp) makes each publish
 # overwrite the previous build's dSYM, leaving superseded builds' crashes
 # permanently unsymbolicatable. One timestamp drives both the date dir
 # and the archive name so they can't disagree across a midnight boundary.
 ARCHIVE_STAMP="$(date '+%Y-%m-%d %H.%M.%S')"
 ARCHIVE_DIR="$HOME/Library/Developer/Xcode/Archives/${ARCHIVE_STAMP%% *}"
 ARCHIVE_PATH="$ARCHIVE_DIR/$SCHEME $ARCHIVE_STAMP.xcarchive"
 EXPORT_PATH="/tmp/Crossmate-export"
 EXPORT_PLIST="/tmp/Crossmate-ExportOptions.plist"
 IPA_PATH="$EXPORT_PATH/Crossmate.ipa"
 DEV_P12="$REPO_ROOT/.asc/dev.p12"
 DIST_P12="$REPO_ROOT/.asc/ios-signing/dist-headless.p12"
 TMP_KEYCHAIN="$REPO_ROOT/.asc/build.keychain-db"
 
 CHECK_ONLY=false
 if [[ "${1:-}" == "--check" ]]; then
     CHECK_ONLY=true
 fi
 
 cd "$REPO_ROOT"
 
 if ! git diff --quiet || ! git diff --cached --quiet; then
     echo "Error: Git repository is dirty. Commit or stash changes before publishing."
     exit 1
 fi
 
 echo "==> Setting up temporary keychain..."
 security delete-keychain "$TMP_KEYCHAIN" 2>/dev/null || true
 security create-keychain -p "$TMP_KEYCHAIN_PASS" "$TMP_KEYCHAIN"
 security unlock-keychain -p "$TMP_KEYCHAIN_PASS" "$TMP_KEYCHAIN"
 security set-keychain-settings -lut 21600 "$TMP_KEYCHAIN"
 security import "$DEV_P12" -k "$TMP_KEYCHAIN" -P "$DEV_P12_PASS" \
     -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
 security import "$DIST_P12" -k "$TMP_KEYCHAIN" -P "$DIST_P12_PASS" \
     -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
 security set-key-partition-list -S apple-tool:,apple:,codesign:,productbuild: \
     -s -k "$TMP_KEYCHAIN_PASS" "$TMP_KEYCHAIN"
 security list-keychains -d user -s "$TMP_KEYCHAIN" ~/Library/Keychains/login.keychain-db
 
 cleanup_keychain() {
     echo "==> Restoring keychain search list..."
     security list-keychains -d user -s ~/Library/Keychains/login.keychain-db
     security default-keychain -d user -s ~/Library/Keychains/login.keychain-db
     security delete-keychain "$TMP_KEYCHAIN" 2>/dev/null || true
     rm -f "$REPO_ROOT/private_keys/AuthKey_${KEY_ID}.p8"
     rmdir "$REPO_ROOT/private_keys" 2>/dev/null || true
 }
 trap cleanup_keychain EXIT
 
 mkdir -p "$ARCHIVE_DIR"
 echo "==> Archiving $SCHEME to $ARCHIVE_PATH..."
 xcodebuild \
     -scheme "$SCHEME" \
     -project Crossmate.xcodeproj \
     -configuration Release \
     -destination 'generic/platform=iOS' \
     -archivePath "$ARCHIVE_PATH" \
     archive
 
 echo "==> Writing export options..."
 cat > "$EXPORT_PLIST" <<PLIST
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
   "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
     <key>method</key>
     <string>app-store-connect</string>
     <key>signingStyle</key>
     <string>manual</string>
     <key>teamID</key>
     <string>$TEAM_ID</string>
     <key>signingCertificate</key>
     <string>iPhone Distribution</string>
     <key>provisioningProfiles</key>
     <dict>
         <key>net.inqk.crossmate</key>
         <string>Crossmate iOS Distribution</string>
         <key>net.inqk.crossmate.notificationservice</key>
         <string>Crossmate Notification Service iOS Distribution</string>
     </dict>
     <key>destination</key>
     <string>export</string>
     <key>stripSwiftSymbols</key>
     <true/>
     <key>manageAppVersionAndBuildNumber</key>
     <false/>
 </dict>
 </plist>
 PLIST
 
 echo "==> Exporting IPA..."
 xcodebuild \
     -exportArchive \
     -archivePath "$ARCHIVE_PATH" \
     -exportPath "$EXPORT_PATH" \
     -exportOptionsPlist "$EXPORT_PLIST"
 
 echo "==> Checking entitlements in exported IPA..."
 CHECK_DIR="/tmp/Crossmate-ipa-check"
 rm -rf "$CHECK_DIR"
 unzip -q "$IPA_PATH" -d "$CHECK_DIR"
 echo "--- iOS app entitlements ---"
 codesign -d --entitlements - "$CHECK_DIR/Payload/Crossmate.app"
 rm -rf "$CHECK_DIR"
 
 if $CHECK_ONLY; then
     echo "==> Check complete. Skipping upload."
     exit 0
 fi
 
 echo "==> Uploading to App Store Connect..."
 mkdir -p "$REPO_ROOT/private_keys"
 cp "$REPO_ROOT/.asc/AuthKey_${KEY_ID}.p8" "$REPO_ROOT/private_keys/"
 xcrun iTMSTransporter \
     -m upload \
     -assetFile "$IPA_PATH" \
     -apiKey "$KEY_ID" \
     -apiIssuer "$ISSUER_ID" \
     -v informational
 
 echo "==> Done!"